|
IAT Hooking Example
|
|
Hits: 22 |
|
Date added: 09/30/2006 |
|
This is a quick paper on the age old technique of hooking by way of replacing function addresses in the binaries Import Address Table.
This is a simple, powerful technique which opens up allot of possibilities when you realize the capabilities it gives you. |
|
|
|
|
|
|
Understanding how the Import table works
|
|
Hits: 14 |
|
Date added: 09/19/2006 |
|
This paper will give you a graphic representation of the binary structure used for the PE import table and explains why this design mechanism was required.
A download package is also available which shows a very simple exe in packed and unpacked states. This package also includes a memory dump with broken imports to give you a simple trainer to try to restore to apply the knowledge gained in the paper.
A small beta quality open source utility is also available which lets you rewrite the import table of an exe as you desire. |
|
|
|
|
|
|
Application Assessment Questioning
|
|
Hits: 4 |
|
Date added: 09/13/2006 |
|
What should a consultant be looking for when conducting an application assessment? |
|
|
|
|
|
|
|
|
Debugging P-Code Apps (VB6)
|
|
Hits: 14 |
|
Date added: 09/01/2006 |
|
Allot of people give the advice to compile your apps to P-Code to help ward off would be crackers. This paper is a introduction to the WKTVBDB P-Code debugger and its capabilities.
With this great tool, you will see that cracking P-Code compiled apps is actually easier than if they had been compiled to native code!
If you are a shareware author, knowing the tools of the trade and techniques crackers use is your only defense. |
|
|
|
