About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Store
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
Other
: Tron
File Information
Category
Open Source
# Downloads
Version
Other
Yes
2,496
0.0.8
Download from OpenRCE
MD5 Sum: 7D3383A8AB6BC47B88BE50CD0E6CBBF8
Last updated on Oct 5, 2006.
Author Information
Username
Name
E-Mail
URL
AlanBradley
Alan Bradley
abradley
fastmail
fm
http://
Description
Tron is a kernel driver that you can load into a non-SMP x86-32 WinXP system in order to create hidden views of arbitrary userland memory.
Tron provides the following APIs:
1. ADD_CLOAK(pid, cloak_start, cloak_end, fake_start, fake_end)
2. REMOVE_CLOAK(pid, cloak_start, cloak_end)
3. ADD_ALLOWED(pid, code_start, code_end, cloak_start, cloak_end)
4. REMOVE_ALLOWED(pid, code_start, code_end)
5. HIDE_DLL_BY_NAME(pid, wchar_name, fake_start, fake_end)
6. HIDE_DLL_BY_HANDLE(pid, dll_handle, fake_start, fake_end)
7. WRITE_HIDDEN(pid, dest, src, write_len)
8. READ_HIDDEN(pid, read, outbuf, len)
9. CHANGE_TRUST(pid)
10. PATCH_SCHEDULER(IDASwapContextAddress)
Uses for Tron include:
- Setting invisible breakpoints with CLU
- Injecting invisible DLLs
- Concealing patches created with MS Detours
- Concealing IAT modifications
Please see the README.txt file for more information. Further information about this tool is also available from my ToorCon slides
http://www.openrce.org/repositories/users/AlanBradley/Tron-TC8.pdf
There are
21,677
total registered users.
Recently Created Topics
PyEmu error when cal...
Sep/02
Restore Themida/Winl...
Sep/02
Anti-olly technique
Aug/30
RAR Password
Aug/29
Heap protection on W...
Aug/23
Why Inline asm in C+...
Aug/20
Bypassing OllyAdvance
Aug/17
Error in logic for g...
Aug/17
Has anyone seen this...
Aug/17
ARM Executable - Pat...
Aug/16
Recent Forum Posts
reverse engineering ...
raiden56
pydbg, memory breakp...
Researc...
RAR Password
Ineedhelp
RAR Password
cod
Heap protection on W...
voila
Heap protection on W...
j00ru
Heap protection on W...
voila
Heap protection on W...
j00ru
Heap protection on W...
psylocn
Why Inline asm in C+...
ronnie2...
Recent Blog Entries
meshmesh
Sep/01
Is it legal??
waleedassar
Aug/30
Anti-olly technique
QvasiModo
Aug/24
WinAppDbg 1.4 is out!
artemblagodarenko
Aug/18
Dataflow-0.2.0 released. Ne...
grzonu
Aug/17
Bypassing OllyAdvanced
More ...
Recent Blog Comments
tosanjay
on:
Sep/02
PyEmu 0.0.2
GynvaelColdwind
on:
Sep/01
Is it legal??
PeterFerrie
on:
Aug/31
Anti-olly technique
dennis
on:
Aug/26
Dr. Gadget IDAPython plugin
halsten
on:
Aug/19
Dataflow-0.2.0 released. Ne...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit