Blog Archive
2013
Tags
API import, Assembly Language, blog, exception handling, export table, Linux, low level development, Low level programming, obfuscation, sigaction, signal, software protection, structured exception handling, system programming, vectored exception handling, windows internals
System Programming Blog
2023-02-07 09:31:00
This blog is dedicated to low level programming in Assembler and C/C++ (although, C++ is unwelcome) in either *Nix or Windows based operating systems.
Showing 10 posts for tag 'windows internals'
CreateRemoteThread. Bypass Windows 7 Session Separation
May 30, 2012
Internet is full of programmers forums and those forums are full with questions about CreateRemoteThread Windows API function not working on Windows 7 (when trying to inject a DLL). Those posts made by lucky people, somehow, redirect you to the MSDN page dedicated to this API, which says: "Terminal Services isolates each terminal session by design. Therefore, CreateRemoteThread fails if the target process is in a different session than the calling process." and, basically, means - start the process from your injector as suspended, inject your DLL and then resume the process' main thread.
Tags: Assembly Language, code injection, CreateRemoteThread, dll injection, enumerate threads, suspend thread, windows internals
Faking KERNEL32.DLL - an Amateur Sandbox
March 6, 2012
A couple of days ago, I saw that someone was looking for a way to load and use fake KERNEL32.dll and I realized that this information has not yet been covered here. There is no source code for this article as I am a bit short on time to write it, but I will do my best to provide as much information as possible so, those who would want to try it would have no problem doing that.
Tags: advanced programming technique, API export, API import, Assembly Language, dll injection, export table, fake dll, programming, system internals, system programming, windows internals
Defeating Packers for Static Analysis of Malicious Code
March 2, 2012
I doubt whether there is anybody in either AV industry or among reverse engineers who does not know what a software packer is. Malware research and reverse engineering forums are full of packers' related questions, descriptions thereof, unpacking suggestions and links to both packers and unpackers. In short - people have been doing a lot of precious work on defeating packers and protectors.
Tags: advanced programming technique, code injection, dump, enumerate threads, information, memory dump, packers, programming, protectors, reverse, suspend thread, windows internals
Vectored Exception Handling for Linux
February 29, 2012
Many programmers, who started their career with Windows programming, are getting a bit frustrated when it comes to exception (signal) handling in Linux and keep asking about Linux analogs of Structured or Vectored Exception Handling.
Tags: advanced programming technique, exception handling, Linux, programming, sigaction, signal, system internals, system programming, vectored exception handling, windows internals
Executable Code Injection the Interesting Way
December 16, 2011
So. Executable code injection. In general, this term is associated with malicious intent. It is true in many cases, but in, at least, as many, it is not. Being malware researcher for the most of my career, I can assure you, that this technique appears to be very useful when researching malicious software, as it allows (in most cases) to defeat its protection and gather much of the needed information. Although, it is highly recommended not to use such approach, sometimes it is simply unavoidable.
Tags: advanced programming technique, code injection, dll injection, information, low level development, obfuscation, programming, software protection, system programming, windows internals

This site uses cookie files for our mutual comfort.

OK

BitMazing.tech
Services
Projects
About
Contact

Services
Reverse engineering
Software development
Database programming

Publications
Mastering Assembly Programming
Practical Assembly Programming
Copyright © 2023 Alexey Lyashko