Update: It has been pointed out to me that strong naming serves a somewhat more noble purpose than to act as a simple anti-patch mechanism (you can read about it here) and so the tone of this post is perhaps a little inappropriate. However, considering that it is so widely used for exactly this purpose, [...]
The first time I saw a .NET application, I was scared. I was scared of the unknown and this fear was only heightened after looking closer with OllyDbg, IDA and LordPE. I imagine that every seasoned reverser out there felt the same way. Well if that’s you, and you’re anything like me, then you’ll have [...]
Update: Like all the other Direct3D hooks on the site, this doesn’t actually work anymore. Feel free to use it for reference or kindling or whatever, but don’t expect it to have any practical use. As soon as I get ’round to bring it up to scratch I’ll put out another post. Sorry about that. [...]
Things have been quiet over here since installing Life 2.0, so to start warming things up again I present a simple trick to counter a frustrating problem. This isn’t particularly clever, but it didn’t occur to me first few times ’round so maybe it will save some newbies a little time. How many times have [...]
The stack overflow has been discussed to death. If you don’t know the basic principle, then you should check out some of the the sixty-eight thousand hits on Google. Many of these descriptions would have you believe that any overflowable stack buffer will immediately allow the attacker to get root (or whatever the Windows equivalent [...]
I wrote about this tricky little problem a while ago and wasn’t too happy with the desperate methods that seemed necessary. Since then, I’ve been shown a much cleaner way to do the same thing, by manipulating the vTable manually. It seems that Microsoft haven’t changed their vTable implementation since Visual Studio 6 (at least) [...]
Update: Since new DLLs were pushed out a while back, this doesn’t work any longer. The function offsets are wrong, and the hook injection method is a little too flaky to be relied upon. Feel free to use this code as a basis, but I’d recommend the use of Microsoft Detours for the hook injection. [...]
If you were wondering why things have been so quiet for the past month, it’s because I’ve been spending my every waking hour learning to hack. This explains the presence of a new category here on the site, and the motivation behind some of the upcoming topics. It would be a shame to let January [...]
I had decided to unofficially shut up shop for what remains of the year, but I just can’t keep quiet about this. For those of you who don’t already know, dELTA over at Woodmann’s RCE forums has created what I’ll describe as the most important RCE development since IDA 4.9. It’s not a tool, but [...]
Update: I’ve left this up for posterity, but unless you have a good reason not to, you should be using Microsoft Detours for this stuff. It’s just as easy to use and far more mature. I know I’ve been banging on about injection a lot recently, but I figured a good way to pinch off [...]