Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   How you inject codes? (https://forum.exetools.com/showthread.php?t=8229)

Hero 09-28-2005 20:05
How you inject codes?
 
Hi all
I write a small program that inject codes in other programs.Normally I have no
problem with small codes(I will make a routine and write my codes in it in asm
then inject it with coping routine codes in my target address).
But what can I do if my injecting code is too big? :confused:
For example,I want to inject an encryption algorithm into my target program,
and I can't find its asm implementation...
Is there any simpler way for this,except writing all of it in asm myself???

sincerely yours

xixiaolou 09-28-2005 20:26
I do it.
Write encryption algorithm with high level language, such as delphi, c++. Mark at the begining and end of algorithm. Compile the source. User TMG code rip to extract the asm code of algorithm with the help of your marker.
With this technique, I get the asm source of AES 128bit.

pluscontrol 09-28-2005 23:02
you can make a dll with the algorithm then use your program to load it into the exe you are injecting, is an elegant way.

Hero 09-28-2005 23:23
Quote:
Originally Posted by xixiaolou
I do it.
Write encryption algorithm with high level language, such as delphi, c++. Mark at the begining and end of algorithm. Compile the source. User TMG code rip to extract the asm code of algorithm with the help of your marker.
With this technique, I get the asm source of AES 128bit.
Hi
I myself want to work on AES-128! :D
But the problem is that you can't do it always,because of relative address of
S-Boxes and vaiables that used in that algorithm and rebuilding them is really awfull.
Are you sure you done all of this for AES? ;)
AES has complicated implementation because of its references to S_Boxes...

In addition,using dll is not suitable in most cases,because it can simulated easily
if your states are limited.

sincerely yours

xixiaolou 09-29-2005 07:37
Quote:
Originally Posted by Hero
Hi
I myself want to work on AES-128! :D
But the problem is that you can't do it always,because of relative address of
S-Boxes and vaiables that used in that algorithm and rebuilding them is really awfull.
Are you sure you done all of this for AES? ;)
AES has complicated implementation because of its references to S_Boxes...
I use delphi. The origin delphi source of AES is from http://www.secureblackbox.com, named elaes.pas. You can google it.

With the techniqe described above, I get the 128bit AES in asm.
Now the limit is length of the crypt key you input and crypt data must <= 16 byte.(due to my lazy)

You know, Cpu not know function, procedure, S_Boxes..., it just know dword, address. So S_Boxes is a relative address map of dword data for Cpu view and asm.

shoooo 09-29-2005 12:22
MS detours
 
the microsoft's tools maybe help you.

eugene_i 10-10-2005 18:01
The position independent code is the general solution. Your code shouldn't contain any relocations and imported function calls, such as OS API. Organizing code in the single section and avoiding global variables resolves the problem with relocations. If you need to make a call to OS API function you should allocate a structure in the target process and fill it in with pointers to API required or patch your code with these addresses.

Hero 10-10-2005 19:52
I know this.I always inject codes myself...
But my main reson was that is there any tool that for example can automatically
abstract an exported function from a dll and completely correct its relocations to
an brusted code or not?

sincerely yours

Lunar_Dust 10-10-2005 20:11
I dont think a tool exists publicly but TMGRipper does do a nice job handling local vars and global vars, last time I used it.

-Lunar


All times are GMT +8. The time now is 14:38.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX