• Neal Alexander (12/12) Dec 26 2007 provides:
• Vladimir Panteleev (7/19) Dec 26 2007 That looks really sweet!
• Walter Bright (7/23) Dec 26 2007 I have a couple suggestions:
• Saaa (1/4) Dec 27 2007 Agreed :)
• Vladimir Panteleev (6/8) Dec 27 2007 IMO if you don't know what it is, you probably don't need it ;) it's lik...
• Bill Baxter (7/15) Dec 27 2007 I disagree. I didn't know what the announcement was talking about from
• Neal Alexander (19/39) Dec 27 2007 Yea you just hook the allocator for an interface and have it return a
• bobef (1/1) Dec 28 2007 I am not really sure what this is, but can it be used to make an executa...
• Neal Alexander (18/19) Dec 28 2007 No, but the TODO list has a "from-memory executable loader" on it thats
• Neal Alexander (4/4) Jan 08 2008 Added support for Tango for those interested.

Neal Alexander <wqeqweuqy hotmail.com> writes:

provides:

     * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
     * ELF/PE (32/64bit) parser/utility stuff
     * IA32 disassembler
     * Memory analysis

Platforms:
GNU/Linux 2.6
Windows XP SP2

Version: Alpha (still rough)
Stdlib: Phobos 1 / 2
License: Public Domain

http://destroy.selfip.org/kong/

"Vladimir Panteleev" <thecybershadow gmail.com> writes:

On Wed, 26 Dec 2007 11:48:27 +0200, Neal Alexander <wqeqweuqy hotmail.com>
wrote:

 provides:

      * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
      * ELF/PE (32/64bit) parser/utility stuff
      * IA32 disassembler
      * Memory analysis

 Platforms:
 GNU/Linux 2.6
 Windows XP SP2

 Version: Alpha (still rough)
 Stdlib: Phobos 1 / 2
 License: Public Domain

 http://destroy.selfip.org/kong/

That looks really sweet!

I've written something a lot smaller (need-driven) in this area:
http://privatepaste.com/6e1afLxV7c

-- 
Best regards,
 Vladimir                          mailto:thecybershadow gmail.com

Walter Bright <newshound1 digitalmars.com> writes:

Neal Alexander wrote:
 provides:
 
     * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
     * ELF/PE (32/64bit) parser/utility stuff
     * IA32 disassembler
     * Memory analysis
 
 Platforms:
 GNU/Linux 2.6
 Windows XP SP2
 
 Version: Alpha (still rough)
 Stdlib: Phobos 1 / 2
 License: Public Domain
 
 http://destroy.selfip.org/kong/

I have a couple suggestions:

1) Please include the phrase "D programming language" rather than "D 
language".
2) It needs more explanation of what code hooking is and what you can do 
with it.

Thanks!

"Saaa" <empty needmail.com> writes:

 2) It needs more explanation of what code hooking is and what you can do
 with it.

 Thanks!

Agreed :)

"Vladimir Panteleev" <thecybershadow gmail.com> writes:

On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1 digitalmars.com>
wrote:

 2) It needs more explanation of what code hooking is and what you can do
 with it.

IMO if you don't know what it is, you probably don't need it ;) it's like
having to explain what programming or a compiler is on the DMD homepage.

There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

-- 
Best regards,
 Vladimir                          mailto:thecybershadow gmail.com

Bill Baxter <dnewsgroup billbaxter.com> writes:

Vladimir Panteleev wrote:
 On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1 digitalmars.com>
wrote:
 
 2) It needs more explanation of what code hooking is and what you can do
 with it.

 
 IMO if you don't know what it is, you probably don't need it ;) it's like
having to explain what programming or a compiler is on the DMD homepage.
 
 There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

I disagree.  I didn't know what the announcement was talking about from 
the original announcement, but after reading more, I think it sounds 
like something that could be useful to me.  It sounds like it could be 
used to do what I've heard called "interception" or "wrapping" of dlls. 
  Like here: http://glintercept.nutty.org/index.html

--bb

Neal Alexander <wqeqweuqy hotmail.com> writes:

Bill Baxter wrote:
 Vladimir Panteleev wrote:
 On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright 
 <newshound1 digitalmars.com> wrote:

 2) It needs more explanation of what code hooking is and what you can do
 with it.

 IMO if you don't know what it is, you probably don't need it ;) it's 
 like having to explain what programming or a compiler is on the DMD 
 homepage.

 There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

 
 I disagree.  I didn't know what the announcement was talking about from 
 the original announcement, but after reading more, I think it sounds 
 like something that could be useful to me.  It sounds like it could be 
 used to do what I've heard called "interception" or "wrapping" of dlls. 
  Like here: http://glintercept.nutty.org/index.html
 
 --bb

Yea you just hook the allocator for an interface and have it return a 
proxy object. I have some old directx8 wrapping code that i can strip 
and turn into a demo of this.


Anyway, i added an intro to the site:

"""Hooking represents a useful method of modifying the runtime behavior 
of an application. This is achieved through rerouting API/function calls 
to alternate code locations while still allowing the original code to be 
called from other contexts (ie. from the replacement function). Hooking, 
combined with class wrapping, such as the case with COM objects, can 
completely alter the behavior of the target application without having 
access to its source code.

Executable image parsing allows this to be extended further. Instead of 
globally hooking a procedure we can now modify behavior privately, 
within the context of each DLL or shared object (IAT/PLT:GOT hooking 
method). """


I'm gonna try to get the project setup on dsource.org for SVN / forums. 
  The code and documentation need polishing and whatever feedback is 
appreciated.

bobef <bobef nospan_abv.bg> writes:

I am not really sure what this is, but can it be used to make an executable
delete/replace itself :) ?

Neal Alexander <wqeqweuqy hotmail.com> writes:

bobef wrote:
 I am not really sure what this is, but can it be used to make an executable
delete/replace itself :) ?

No, but the TODO list has a "from-memory executable loader" on it thats 
half done (see 
http://www.joachim-bauch.de/tutorials/load_dll_memory.html/en).

Ive used something similar in an older project to allow the software to 
hot-swap its core (no file backing/locking and everything was stored in 
a zip archive).

The main issue is when/where/how to unload the old core. You can pass a 
context onto the next dll and let it unload/modify the old, or you can 
create a loader stub inside its own memory region and let it handle all 
the loading / unloading.


In any case, i'll see if i can come up with something interesting.


BTW:
Delinking a DLL from the process environment block module list lets you 
delete the file on disk IIRC (example at the bottom here 
http://destroy.selfip.org/svn/kong/win32/DSO.d).

Dunno how useful that is, aside from hiding the dll or letting you 
delete it off disk.

Neal Alexander <wqeqweuqy hotmail.com> writes:

Added support for Tango for those interested.


Also the new project site is: http://www.dsource.org/projects/kong/wiki


The HDD on the old site died like a week after i finished setting up the 
pos haha.