- Posts: 259
- Thank you received: 0
Step Through DLL's & Portable Executables
- FallenZer0
- Topic Author
- Offline
- Premium Member
-
20 years 2 weeks ago #5781
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Step Through DLL's & Portable Executables
User credentials where ? At login time ?
I'm not sure how you want to accomplish this.. though softice would be the best way to go..
You do realise that you will not be dropped into the 'code'... you'll be put smack bang into the ASM......
You will not see 'variables'.. you will be able to see unnamed memory locations, and named memory locations such as the stack & the heap depending on your debugger / disassembler.
You will also be able to see the registers
Take my advice...
Do this on something real small first..... like
void main ()
{
exit();
}
You'll need to be familiar with x86 assembly.. function prologue / epilogue, calls, as well as Windows' quirky way of launching PE files and the internal structures that control process execution, function address lookups (import / export tables), maybe naughty things that reside with the kernel at ring 0, and a whole load more.
In other words we're not swimming in the paddling pool anymore....
Anyone want to write a device driver after lunch ?
Good luck,
I'm not sure how you want to accomplish this.. though softice would be the best way to go..
You do realise that you will not be dropped into the 'code'... you'll be put smack bang into the ASM......
You will not see 'variables'.. you will be able to see unnamed memory locations, and named memory locations such as the stack & the heap depending on your debugger / disassembler.
You will also be able to see the registers
Take my advice...
Do this on something real small first..... like
void main ()
{
exit();
}
You'll need to be familiar with x86 assembly.. function prologue / epilogue, calls, as well as Windows' quirky way of launching PE files and the internal structures that control process execution, function address lookups (import / export tables), maybe naughty things that reside with the kernel at ring 0, and a whole load more.
In other words we're not swimming in the paddling pool anymore....
Anyone want to write a device driver after lunch ?
Good luck,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
- FallenZer0
- Topic Author
- Offline
- Premium Member
-
20 years 2 weeks ago #5786
by FallenZer0
--Sahirh,
Everything aside, where in my post did I mention I did this kind of work before? And even if I didn't do it, does it mean that it is something impossible? Might take years for me to do, but it's alright.
If I did, why would I ask? It was just an idea that I was thinking about.
There are a lot of things You probably *Do Not Know* and *Did Not Do*. Does it mean anything. .. . . . . . . . .mate.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
Replied by FallenZer0 on topic Re: Step Through DLL's & Portable Executables
Something tells me you haven't done this before mate
Cheers,
--Sahirh,
Everything aside, where in my post did I mention I did this kind of work before? And even if I didn't do it, does it mean that it is something impossible? Might take years for me to do, but it's alright.
If I did, why would I ask? It was just an idea that I was thinking about.
There are a lot of things You probably *Do Not Know* and *Did Not Do*. Does it mean anything. .. . . . . . . . .mate.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
Time to create page: 0.116 seconds