Skip To Content

Kevin Weatherman's Blog

Software Internals, Thoughts on Security, and Reverse Engineering

Menu
Uncategorized
May 23, 2011December 30, 2014admin

Updated IDA Pro plugins

I updated my IDA Pro plugins back in March here IDA Plugins. I made a post on the IDA forum IDA Pro fourm but forgot to note it here until now. Added a few new features to some like code and or data segment selectors, etc. The best thing I’ve removed most if not all […]

Read More
Uncategorized
February 5, 2011admin

Getting the C++ “this” pointer from function hooks solution.

(Note: This is Windows-centric and 32bit only.) In a previous entry I talked about a problem getting the C++ “this” (ECX) pointer from sub-class type function hooks. Problem solved (credits to “Casual_Hacker”). One can simply use the seldom used __fastcall calling convention.

Read More
Binary hook engine design
November 12, 2010February 3, 2022admin

API hook systems that change DLL load order.

All Windows API/code hook systems (out of the many I’ve studied) force map DLLs when hooking them except for my favorite madCodeHook. An application will have a native way DLLs are loaded. Some might be delayed and some might loaded dynamically at various times.  Loading them in to hook before the application it’s self does […]

Read More
Binary hook engine design
November 7, 2010December 30, 2014admin

Knowing if and when you can fit a JMP5 binary hook.

First an interesting read on API hooking methods: http://help.madshi.net/ApiHookingMethods.htm Traditionally and perhaps the most logical way to do a function hook is to overwrite the code entry point with a 5 byte 32bit relative offset JMP instruction. IMHO sort of the “bread and butter” of binary hooking . madCodeHook actually uses a 6 byte 32bit […]

Read More
Binary hook engine design
November 7, 2010December 16, 2014admin

Windows binary hook engine design

I’m revisiting my unfinished binary hook engine that I started back in 2007 to hopefully complete it and use it in some current projects. For people new to such things.  It’s a programming mechanism that allows you to inject/load a DLL (usually) into a target process at the same time, or after it’s loaded to […]

Read More

Posts navigation

Previous 1 2 3
© 2010-2022 Kevin Weatherman