System Programming Blog
2023-02-07 09:31:00
This blog is dedicated to low level programming in Assembler and C/C++ (although, C++ is unwelcome) in either *Nix or Windows based operating systems.
February 27, 2012
In this article, I would like to cover the basics of executable code obfuscation - a relatively simple technique, which is, unfortunately, rarely utilized by software vendors as they mostly rely on out of the box solutions.
December 22, 2011
In computing, Virtual Machine (VM) is a software
implementation
of either existing or a fictional hardware platform. VM's are generally divided into two classes -
system VM (VM which is capable of running an operating system) and process VM (the one that only can run one
executable, roughly saying).
December 9, 2011
I have recently come across the need to build dynamic link libraries with custom ordinal base (different from 1). After searching the net and seeing lots of people writing their own export macros, I came to a conclusion that Occam's Razor principle still works here and decided to make simple modifications to the original export macro provided with FASM package. The modifications are marked with red.
December 8, 2011
In this article I will cover the easiest way to hide your injected library from the "victim"
process. Intentionally or not, but we will have to dive a bit into Windows internals starting with the TIB (Thread
Information Block) and ending with good old UNICODE_STRING data structure.
November 26, 2011
In this article I am going to cover such a trivial (as it may seem) subject as DLL
injection. For some reason, most of the tutorials on the web only give us a brief coverage of the topic,
mostly limited to invocation of LoadLibraryA/W Windows API function in the address space of another
process. While this is not bad at all, it gives us the least flexible solution. Meaning that all the logic
MUST be hardcoded in the DLL we want to inject. On the other hand, we may incorporate all the configuration
management (loading config files, parsing thereof, etc) into our DLL. This is better, but still fills it
with code which is only going to run once.