www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.announce - Kong - hooking package.

reply Neal Alexander <wqeqweuqy hotmail.com> writes:
provides:

     * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
     * ELF/PE (32/64bit) parser/utility stuff
     * IA32 disassembler
     * Memory analysis

Platforms:
GNU/Linux 2.6
Windows XP SP2

Version: Alpha (still rough)
Stdlib: Phobos 1 / 2
License: Public Domain

http://destroy.selfip.org/kong/
Dec 26 2007
next sibling parent "Vladimir Panteleev" <thecybershadow gmail.com> writes:
On Wed, 26 Dec 2007 11:48:27 +0200, Neal Alexander <wqeqweuqy hotmail.com>
wrote:

 provides:

      * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
      * ELF/PE (32/64bit) parser/utility stuff
      * IA32 disassembler
      * Memory analysis

 Platforms:
 GNU/Linux 2.6
 Windows XP SP2

 Version: Alpha (still rough)
 Stdlib: Phobos 1 / 2
 License: Public Domain

 http://destroy.selfip.org/kong/

That looks really sweet! I've written something a lot smaller (need-driven) in this area: http://privatepaste.com/6e1afLxV7c -- Best regards, Vladimir mailto:thecybershadow gmail.com
Dec 26 2007
prev sibling next sibling parent reply Walter Bright <newshound1 digitalmars.com> writes:
Neal Alexander wrote:
 provides:
 
     * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
     * ELF/PE (32/64bit) parser/utility stuff
     * IA32 disassembler
     * Memory analysis
 
 Platforms:
 GNU/Linux 2.6
 Windows XP SP2
 
 Version: Alpha (still rough)
 Stdlib: Phobos 1 / 2
 License: Public Domain
 
 http://destroy.selfip.org/kong/

I have a couple suggestions: 1) Please include the phrase "D programming language" rather than "D language". 2) It needs more explanation of what code hooking is and what you can do with it. Thanks!
Dec 26 2007
next sibling parent "Saaa" <empty needmail.com> writes:
 2) It needs more explanation of what code hooking is and what you can do
 with it.

 Thanks!

Agreed :)
Dec 27 2007
prev sibling parent reply "Vladimir Panteleev" <thecybershadow gmail.com> writes:
On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1 digitalmars.com>
wrote:

 2) It needs more explanation of what code hooking is and what you can do
 with it.

IMO if you don't know what it is, you probably don't need it ;) it's like having to explain what programming or a compiler is on the DMD homepage. There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking -- Best regards, Vladimir mailto:thecybershadow gmail.com
Dec 27 2007
parent reply Bill Baxter <dnewsgroup billbaxter.com> writes:
Vladimir Panteleev wrote:
 On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1 digitalmars.com>
wrote:
 
 2) It needs more explanation of what code hooking is and what you can do
 with it.

IMO if you don't know what it is, you probably don't need it ;) it's like having to explain what programming or a compiler is on the DMD homepage. There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

I disagree. I didn't know what the announcement was talking about from the original announcement, but after reading more, I think it sounds like something that could be useful to me. It sounds like it could be used to do what I've heard called "interception" or "wrapping" of dlls. Like here: http://glintercept.nutty.org/index.html --bb
Dec 27 2007
parent Neal Alexander <wqeqweuqy hotmail.com> writes:
Bill Baxter wrote:
 Vladimir Panteleev wrote:
 On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright 
 <newshound1 digitalmars.com> wrote:

 2) It needs more explanation of what code hooking is and what you can do
 with it.

IMO if you don't know what it is, you probably don't need it ;) it's like having to explain what programming or a compiler is on the DMD homepage. There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

I disagree. I didn't know what the announcement was talking about from the original announcement, but after reading more, I think it sounds like something that could be useful to me. It sounds like it could be used to do what I've heard called "interception" or "wrapping" of dlls. Like here: http://glintercept.nutty.org/index.html --bb

proxy object. I have some old directx8 wrapping code that i can strip and turn into a demo of this. Anyway, i added an intro to the site: """Hooking represents a useful method of modifying the runtime behavior of an application. This is achieved through rerouting API/function calls to alternate code locations while still allowing the original code to be called from other contexts (ie. from the replacement function). Hooking, combined with class wrapping, such as the case with COM objects, can completely alter the behavior of the target application without having access to its source code. Executable image parsing allows this to be extended further. Instead of globally hooking a procedure we can now modify behavior privately, within the context of each DLL or shared object (IAT/PLT:GOT hooking method). """ I'm gonna try to get the project setup on dsource.org for SVN / forums. The code and documentation need polishing and whatever feedback is appreciated.
Dec 27 2007
prev sibling next sibling parent reply bobef <bobef nospan_abv.bg> writes:
I am not really sure what this is, but can it be used to make an executable
delete/replace itself :) ?
Dec 28 2007
parent Neal Alexander <wqeqweuqy hotmail.com> writes:
bobef wrote:
 I am not really sure what this is, but can it be used to make an executable
delete/replace itself :) ?

No, but the TODO list has a "from-memory executable loader" on it thats half done (see http://www.joachim-bauch.de/tutorials/load_dll_memory.html/en). Ive used something similar in an older project to allow the software to hot-swap its core (no file backing/locking and everything was stored in a zip archive). The main issue is when/where/how to unload the old core. You can pass a context onto the next dll and let it unload/modify the old, or you can create a loader stub inside its own memory region and let it handle all the loading / unloading. In any case, i'll see if i can come up with something interesting. BTW: Delinking a DLL from the process environment block module list lets you delete the file on disk IIRC (example at the bottom here http://destroy.selfip.org/svn/kong/win32/DSO.d). Dunno how useful that is, aside from hiding the dll or letting you delete it off disk.
Dec 28 2007
prev sibling parent Neal Alexander <wqeqweuqy hotmail.com> writes:
Added support for Tango for those interested.


Also the new project site is: http://www.dsource.org/projects/kong/wiki


The HDD on the old site died like a week after i finished setting up the 
pos haha.
Jan 08 2008