Updated IDA Pro plugins
I updated my IDA Pro plugins back in March here IDA Plugins. I made a post on the IDA forum IDA Pro fourm but forgot to note it here until now. Added a few new features to some like code and or data segment selectors, etc. The best thing I’ve removed most if not all […]
Getting the C++ “this” pointer from function hooks solution.
(Note: This is Windows-centric and 32bit only.) In a previous entry I talked about a problem getting the C++ “this” (ECX) pointer from sub-class type function hooks. Problem solved (credits to “Casual_Hacker”). One can simply use the seldom used __fastcall calling convention.
API hook systems that change DLL load order.
All Windows API/code hook systems (out of the many I’ve studied) force map DLLs when hooking them except for my favorite madCodeHook. An application will have a native way DLLs are loaded. Some might be delayed and some might loaded dynamically at various times. Loading them in to hook before the application it’s self does […]
Knowing if and when you can fit a JMP5 binary hook.
First an interesting read on API hooking methods: http://help.madshi.net/ApiHookingMethods.htm Traditionally and perhaps the most logical way to do a function hook is to overwrite the code entry point with a 5 byte 32bit relative offset JMP instruction. IMHO sort of the “bread and butter” of binary hooking . madCodeHook actually uses a 6 byte 32bit […]
Windows binary hook engine design
I’m revisiting my unfinished binary hook engine that I started back in 2007 to hopefully complete it and use it in some current projects. For people new to such things. It’s a programming mechanism that allows you to inject/load a DLL (usually) into a target process at the same time, or after it’s loaded to […]