Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: .NET Internals and Code Injection

  1. #1
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19

    .NET Internals and Code Injection

    http://ntcore.com/Files/netint_injection.htm

    The first article of the two is out. The next will be about .NET native compiling.

    If you notice typos in the text, please do tell me. I'm a bit wasted, as you can see it's a long article.

    The content should be quite a new thing. I hope you enjoy the journey into the .NET internals from the perspective of a reverser.

    Also the applications of this can be many.

  2. #2
    Registered User
    Join Date
    Aug 2005
    Location
    Italy
    Posts
    133
    Blog Entries
    31
    What to say? =)

    The first real big analysis of .NET Internals, full of starting points for other great ideas!

    Big Work, big Congratz Daniel

    http://evilcry.netsons.org (Repository)
    http://evilcodecave.blogspot.com
    http://evilcodecave.wordpress.com

  3. #3
    Very interesting and illuminating information, as usual, Daniel. Keep them coming.

    Regards,
    JMI

  4. #4
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks evilcry and JMI. I'll do the best to continue writing useful things. I hope the next article will be even more useful.

    Let's wait for rendari's comment on this. After all, the article contains his crackme among other things.

  5. #5
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Extremely solid stuff Daniel, as usual.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  6. #6
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Haha, awesome

  7. #7
    Tremendous.
    It's reassuring to know that somebody so capable is paving the way for the inevitable future of .NET reversing .

  8. #8
    To crash or not to crash
    Join Date
    Dec 2001
    Posts
    120
    It's a very interesting read Daniel. As you requested to be notified of typos:

    And this is about all that code injectors ought to now to do their job.
    And this is about all that code injectors ought to know to do their job.

    Thanks for the read.

  9. #9
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks dELTA and rendari. Many thanks Admiral! And many thanks also to Iwarez, I just fixed the typo!

  10. #10
    Excellent fantastic
    Great work Daniel

    your article was really worth the curiosity generated.

    GEEK
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  11. #11
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Again, excellent work Daniel. Just reread the article a couple of times til I understood everything I see you also noticed GetCLRFunction. I do believe that is one of the lamest/most useless functions I've ever seen

    Now that I see how you're "ejecting" my code, I have a bunch of ideas kicking around inside my head about how to thrawt you. Now all I have to do is find the time to put those ideas down in code. I'll be sure to start on it as soon as I find the time

  12. #12

    hm

    That was nice. I tend to steer away from .NET but I did think this was time well spent. Conclusion dead on. Thank you for the contribution was fun, look forward to other ideas.

  13. #13
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Many thanks GEEK. I'm glad you weren't disappointed. Thanks Sab.

    rendari:thanks. The getclrfunc is very lame indeed, but getrealproc wins in lameness, imho. If I was you, I'd wait the next article before writing a new crackme. I'll show how to "native compile" and I think one can't go further in .NET protections (using a VM is the same procedure).

  14. #14
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Alright, waiting for it. Gonna be a lot of fun I suppose

  15. #15
    soft123123
    Guest
    the best paper i'v ever read. thanks Daniel
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Code Injection Errors
    By mark_E in forum OllyDbg Support Forums
    Replies: 35
    Last Post: December 14th, 2004, 07:27
  2. Code Injection Error!
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 21st, 2003, 00:01
  3. Code Injection (plz help)
    By Nick in forum The Newbie Forum
    Replies: 17
    Last Post: November 15th, 2002, 19:15
  4. Replies: 10
    Last Post: November 9th, 2002, 04:50
  5. Code Injection
    By Hoof Arted in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: June 18th, 2002, 06:35

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •