Flag: Tornado!
Hurricane!
|
|
| crcVert.zip |
845 KB |
Nov 17 2006 |
This is based on Shadow Walker/"inverse-Pax" applied to user-space executables instead. Idea can be used to reverse ring3 executables that have self-checksums in place for tamper resistance. Basically, user-space exes can be code-patched arbitrarily - the exe's self-checksums do not fail; however, the exe executes the patched-code instead. Pretty handy in reversing armoured malware and "DRM protections".
Tested only on Windows XP SP2, non-PAE, uniprocessor system.. doesN't work under VMWare etc. |
| RE_DLLCodeInj.zip |
6 KB |
Mar 2 2006 |
Thought I'd share this RevEngg tool I have been using for a while. It's essentially "Hot Code Patching" via "AppInit_DLLs" DLL injection trick. I have found it useful where MS Detours can't be used (explained in the Readme). I have provided a sample application on Skype 2.0 .
Skype left at least two logging functions in their 2.0 release. These are called from all over the binary with low level debugging info. These logs can be used to study Skype's behavior (local logging, logging into the Skype cloud, interaction with supernodes, searches, NAT holepunching, STUN/TURN variants used etc etc). Due to certain global variables, these are never really written to an external file, but the RE_DLLCodeInj tool can be used to extract these logs easily.
It's fairly reliable, customizable, relocatable.. Questions, suggestions are welcome.. email me directly. |
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}