lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <004501c41767$a9f9d790$6401a8c0@Oliver>
Date: Wed, 31 Mar 2004 16:32:27 -0500
From: "Oliver Lavery" <oliver.lavery@...patico.ca>
To: <bugtraq@...urityfocus.com>
Subject: TOOL: Adder - runtime patching in python


Today marks another solar cycle I've spent on this planet. To celebrate I'd
like to share one of my toys with all of you.

Adder is a tool I wrote for myself, so that I could experiment with runtime
modification of binary applications. I've found it really useful for
prototyping run-time patches, understanding the effects and possibilities of
call-hooking and other run-time program tweaks; that sort of thing. I hope
you might find it useful too...


Binary:
http://www.rootkit.com/vault/x3nophi1e/adder-0.3.3-win32.zip
( NT 4 / 2000 / XP / 2003 )

Source:
http://www.rootkit.com/vault/x3nophi1e/adder-0.3.3-src.zip

Documentation:
http://www.rootkit.com/vault/x3nophi1e/adder-manual.zip
( please read the installation instructions in here. )


The way it works is fairly simple. Adder allows you to inject a python
interpreter into any win32 process. That interpreter then runs a script
within the context of your target process which is able to instrument and
modify the target in any way it sees fit. Included are a extensions to the
python language that provide:

- safe pointer support
- execution path hooking in python and C++. Hooks can be installed at
something close to instruction granularity.
- x86 instruction manipulation. (based on z0mbie's ADE32 engine)
- programmable x86 instruction disassembler. (a win32 port of libdisasm from
The Bastard)
- x86 assembler. (Dave Aitel's Mosdef 1.1)

These features make it easy to play with the deep majik of really low-level
code hacking in an efficient, sophisticated, high-level language. So adder
is a sort of meta-tool which you might use to script things like:

- dynamic analysis. Hook every function in jscript.dll and graph which ones
execute when a HTML page's script runs.
- API interception. Should IE really be allowed to open an .exe straight of
the web?
- run-time patching. Get rid of those pesky bugs.
- binary forensics. Packers aren't so hard to crack when they run.

Performance and stability are pretty good at this point. Since it's a tool I
wrote for my own use, there are lots of rough edges that need to be cleaned
up. I've been waiting to find the time to fix these for ages and never seem
to. So you'll excuse the occasional glitch. Please tell me if you find
something really horrid.

Hope you all find this interesting, and maybe even useful.

~x

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.605 / Virus Database: 385 - Release Date: 01/03/2004
 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ