10-11-16

Dylans says

Still trying to write up fully on what I've been doing -- but to keep you all in the loop I've been working on three things simultaneously.

1. assembly functions

2. crackmes

3. reading/writing process memory

Assembly functions require us to under stand stack and frames. (Chapter 4 in Programming from the Ground Up) https://en.wikibooks.org/wiki/X86_Disassembly/Functions_and_Stack_Frames

I wrote my own minimal crack me -- cm_dylan_1.c -- try to compile it and reverse without looking at the source. I will write a step through shortly. Attached is also a pdf of the main routine produced from Hopper.

Reading and writing to process memory on windows is very easy. loop.c and hack.c are my attempts at changing the memory of a running program on linux. Loop.c, prints an integer variable and its address, along with its process ID. Hack.c, when filled in with the correct addresses, will change the integer it is printing to screen. Why must I use the physical address when writing to memory is my big question of the week.

http://stackoverflow.com/questions/35642346/can-i-modify-a-programs-memory-when-its-runtime-on-linux

http://cs.marlboro.edu/ courses/ fall2016/jims_tutorials/ malware/ 10-11-16
last modified Wednesday October 12 2016 2:09 pm EDT