Differences
This shows you the differences between two versions of the page.
|
so:laboratoare:resurse:injections [2013/02/19 09:06] larisa.grigore |
so:laboratoare:resurse:injections [2016/03/09 12:34] (current) dennis.plosceanu [Function Hooking and Windows Dll Injection] Ordinea cuvintelor in engleza |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Function Hooking and Windows Dll Injection ====== | ====== Function Hooking and Windows Dll Injection ====== | ||
| - | In this tutorial I'll show you how to modify at runtime the behavior of Windows programs. | + | In this tutorial I'll show you how to modify the behavior of Windows programs at runtime. |
| ===== Function Hot Patching ===== | ===== Function Hot Patching ===== | ||
| Line 12: | Line 12: | ||
| Here's a better solution: modify ''foo()'' at runtime by writing your code inside it! | Here's a better solution: modify ''foo()'' at runtime by writing your code inside it! | ||
| - | <spoiler|asm break> | + | <spoiler> |
| Strictly speaking, you call a function by ''push''-ing some stuff like the arguments into the stack and then by executing ''call //function address//''. Since we're discussing C, when the function returns, you ''pop'' those arguments from the stack to keep it from thrashing. For example (this is debug code, notice the sanity check at ''00F9145E''): | Strictly speaking, you call a function by ''push''-ing some stuff like the arguments into the stack and then by executing ''call //function address//''. Since we're discussing C, when the function returns, you ''pop'' those arguments from the stack to keep it from thrashing. For example (this is debug code, notice the sanity check at ''00F9145E''): | ||
