codecave

VirtualAlloc C++ , injected dll, asm

南笙酒味 提交于 2020-01-24 12:18:29
问题 I want to reserve space for my codecave in application. I use VirtualAlloc function to reserve this space. I have X questions. What parameters (sllocation type and protection) should I use to allocate memory for code-cave? As return value I get address of my codecave. In other part of the program I want to JMP to that codecave. How to do it? I know (correct me if I'm wrong) that JMP takes as agument nuber that is offset from current location. But I want to JMP to ma codecave. How to calculate

What is a code cave, and is there any legitimate use for one?

試著忘記壹切 提交于 2019-12-20 09:23:11
问题 I encountered this word for the first time in the StackOverflow question "C# Theoretical: Write a JMP to a codecave in asm." I see that according to Wiktionary, a code cave is: an unused block of memory that someone, typically a software cracker, can use to inject custom programming code to modify the behavior of a program. Did I find the correct definition? If so, is there any legitimate use for a code cave? 回答1: I've used them, although I'd never heard the term code cave until today. The

How to hook MANAGED(.NET) Processes and collect information inside that process?

拜拜、爱过 提交于 2019-12-10 23:15:19
问题 I need to hook managed (C#,C++/CLI) processes, I need to find and send information about how many windows it has(its associated controls and their properties)to the target application which is written in C# managed code. For that What I need to do? Do I need to explore IAT (Import Address Table) & EAT(Export address Table) of that managed process? Do I need to write injector DLL in C++? What else apart from changing IAT and EAT , do I need? [EDIT] I need to attach managed running processes to

What is a code cave, and is there any legitimate use for one?

心不动则不痛 提交于 2019-12-02 18:06:28
I encountered this word for the first time in the StackOverflow question " C# Theoretical: Write a JMP to a codecave in asm ." I see that according to Wiktionary , a code cave is: an unused block of memory that someone, typically a software cracker, can use to inject custom programming code to modify the behavior of a program. Did I find the correct definition? If so, is there any legitimate use for a code cave? I've used them, although I'd never heard the term code cave until today. The Wiktionary definition suggests that a code cave is something the cracker finds in the executable he or she

C# Theoretical: Write a JMP to a codecave in asm

拜拜、爱过 提交于 2019-12-01 16:32:19
问题 Lets assume I've allocated the address where my codecave is placed using VirtualAllocEx (it returns the address) and I write my code into that address using WriteProcessMemory() . Here's the question: How do I write a jump to my codecave? I know that jumps start with " E9 ", but how do I convert the address returned by VirtualAllocEx into a correct UInt32 (dword) so the debugger/compiler will understand the instruction? For example: I'm at address 00402020 (OEP of the native app). I write a
订阅 codecave