Vulnerability Development mailing list archives
Re: searching through the address space of a process
From: "John Hillman" <phsion11 () hotmail com>
Date: Sun, 14 Oct 2001 23:44:28 +0000
IM not sure if this is what you mean, but try www.gamehacking.com and look throu the totorials on trainer making. It will have all the WIN API calls to change and search for a value somewhere in a app's memory
From: Franklin DeMatto <franklin.lists () qdefense com> To: vuln-dev () securityfocus com Subject: searching through the address space of a process Date: Sun, 14 Oct 2001 00:32:10 -0400 MIME-Version: 1.0Received: from [66.38.151.26] by hotmail.com (3.2) with ESMTP id MHotMailBD930D2B00664136E8194226971AE9B50; Sun, 14 Oct 2001 09:49:52 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])by outgoing.securityfocus.com (Postfix) with QMQPid EFF8A8F2A5; Sun, 14 Oct 2001 10:46:34 -0600 (MDT)Received: (qmail 1039 invoked from network); 14 Oct 2001 04:32:23 -0000 From vuln-dev-return-1324-phsion11 Sun, 14 Oct 2001 09:50:17 -0700 Mailing-List: contact vuln-dev-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <vuln-dev.list-id.securityfocus.com> List-Post: <mailto:vuln-dev () securityfocus com> List-Help: <mailto:vuln-dev-help () securityfocus com> List-Unsubscribe: <mailto:vuln-dev-unsubscribe () securityfocus com> List-Subscribe: <mailto:vuln-dev-subscribe () securityfocus com> Delivered-To: mailing list vuln-dev () securityfocus com Delivered-To: moderator for vuln-dev () securityfocus com Message-Id: <4.2.2.20011014002808.00ad76e8 () compumodel com> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Is there a way for a process (i.e., shellcode) to search through its address space (looking for a particular string, etc.)? I'm interested particularly in doing this under Windows, although Unix would be nicealso. Can this be done without using any API/syscalls, just in assembly alone?I can see to basic ways of doing it: 1) Determining the address space, and then searching it 2) Trying every block, but catching the gpf/segfault exceptions However, I do not know how to implement either one Franklin Franklin DeMatto Senior Analyst, qDefense Penetration Testing http://qDefense.com qDefense: Making Security Accessible
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Current thread:
- searching through the address space of a process Franklin DeMatto (Oct 14)
- Re: searching through the address space of a process dullien (Oct 14)
- Re: searching through the address space of a process Gigi Sullivan (Oct 15)
- Re: searching through the address space of a process Gigi Sullivan (Oct 15)
- Re: searching through the address space of a process Enrique A. CompaƱ Gzz. (Oct 15)
- <Possible follow-ups>
- Re: searching through the address space of a process John Hillman (Oct 14)