| |
| |
|
| - Page 1 - |
|
 | hello everyone together...
within windows are some bewitchments possible, The usually none functions should. an of it is the DLL Einschleusung in stranger processes. i think, that I a further Possibility the DLL-Injektion too with Profan hinbekomme. ought to to the here post??? |
|
| |
| |
| |
|
|
| |
| |
| - Page 3 - |
|
Sebastian
König | Hello Andreas,
[quote:e603eb83d3]As I said, if Subclassing of Windows stranger processes without DLL Injektion on neueren NT-based Systemen really functions would, would me the very frighten, because it would for me with safety no trouble within less minutes one Program To write, what any actually Windowsversionen sicherheitstechnisch aushebelt (How with Shatter).[/quote:e603eb83d3]
foreseen of it, that the GetWindowLong()-appeal [and so sure too SetWindowLong()] for the stranger Window erfreulicherweise fails, there Yes to that Happiness too yet the prinzipielle obstacle the separated Adressräume for different processes (not only under WinNT/2000/XP separate fundamentally since Win95).
but because You so betonst, that it you circa NT-based systems goes: functions the Reading with GetWindowLong() under Win9x/ME objectively?
MfG
Sebastian |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...]  Alte Profan²-Seite: [...] | 09/02/06 ▲ |
|
| |
|
|
| [quote:8a5d6faacd=Sebastian king]Hello Andreas,
foreseen of it, that the GetWindowLong()-appeal [and so sure too SetWindowLong()] for the stranger Window erfreulicherweise fails,
[/quote:8a5d6faacd]
Yes, this is really gratifying. SetWindowLong proposes naturally (to that Happiness) too fehl.
[quote:8a5d6faacd=Sebastian king]
there Yes to that Happiness too yet the prinzipielle obstacle the separated Adressräume for different processes (not only under WinNT/2000/XP separate fundamentally since Win95).
[/quote:8a5d6faacd]
If it therefore goes, windows To creak, can itself the without Problems bypass - accurate said, one can the disregard. the having the author the Shatter Attacke then neither seen - MS shining the but to that Happiness yet recognized to have. 
[quote:8a5d6faacd=Sebastian king]
but because You so betonst, that it you circa NT-based systems goes: functions the Reading with GetWindowLong() under Win9x/ME objectively?
MfG
Sebastian[/quote:8a5d6faacd]
Definitiv Yes! there here anyhow no unterschiedlichen rights present are, watts the well except eight let. |
|
| |
| |
| |
|
|
| alas Yes - apopo disregard:
as my great brother his ABI nachgemacht has, has it itself virtual, it can german disregard - and is then partly none to the tests showed up  . today has it a Doktortitel in a Informatikbereich.
Fazit: If one with everything, what does consider, what quiet under whom table sweep can, comes one in the life integral moreover  ...
best Gruße
Andreas (the now its Katzen feed goes) |
|
| |
| |
| |
|
|
| is now still in [...] drin => Exportfunktionen in can now in strangers Prozessen addressed go, d.h. I can quasi from the outside to determine, what in a Process happens.
some Einschränkung:
The function must only a Parameter having.
enough rights must on the jeweiligen Process present his.
How are the?
we started first Wordpad and thereafter [...] . as nächstes look becomes us in the first Thread of Wordpad The Window on, un remember us the Hauptfensterhandle.
thereafter clicking we again aud whom Wordpad Process and clicking with the rechten Mouse button in that Treeview.
[...]
After the Click aud DLL einschleusen see we that here...
[...]
...and dial time again Franks ProSpeed.DLL from , The thereafter under the Process of Wordpad wiederzufinden is.
[...]
now dial we in the list view the Registrierkarte Objekt-Info The function Version from and clicking thereafter with the rechten Mouse button in that List view.
[...]
now function in fremdem Process perform You can.
in the then erscheinenden dialog in that Edit the lever the Wordpad Fensters prompt.
[...]
thereafter function perform You can. the Gibts as Result:
[...] |
 |
| |
| |
| |
|
|
 | | not uninteressant about: [...] |
|
| |
| |
| |
|
|
| Hello IF...
well found, still It's all right plainer and safer (in the function) - one operates Yes not any more with windows98 ...
to Speicheraufteilung corresponds to the the, what with [...] understand can. Insgesammt The best Statement to the Topic, The I bislang seen have. |
|
| |
| |
| |
|
|
| I habs in the moment only quick überflogen, but with IFs Link is me one distribution still something mad aufgestoßen:
[quote:196bfa3cd0]
the same thing take action, means code in several virtual Adressräume at the same time einzublenden, contact windows with DLLs on, The Yes on several processes at the same time tied his can.
because this is Yes straight of/ one the amenities of/ one DLL: one can whom of several Applications required code in DLLs truss and then even this code only once into physischen Memory Load, though it of several independent Prozessen is used. therefore can immens memory gespart go. these well of/ one the Reasons Why one Großteil the Windowsbetriebssystems on the DLL-engineering basiert.
[/quote:196bfa3cd0]
 the means for me: windows loading z.B. The NTDLL.DLL, and if another Process these ditto loading,, shows the virtual Prozessspeicher on The same reale RAM-address. but is the wirlich so? too the can with TNT very simply to check on:
1.) WORDPAD started.
2.) with TNT one byte in the virtual Prozessspeicher of WORDPAD Change, the inside the loaded Moduls NTDLL.DLL lying. is these Änderung too in andern Prozessen To see? If the so would, would the The catastrophe NT - and the becomes well (hopefully) not so his. |
|
| |
| |
| |
|
| |
| |
| - Page 4 - |
|
|
Michael
Wodrich | DLLs:
the same Codesegment, Own Datensegmente.
You get means whom Text the others Prozesses not To see.
an DLL can also one Datensegment include, but: these default-data go copies and the variables Datenbereiche, there has eachone Process its own pot.
or attempt You into code-area To write???
The ought to really ReadOnly his, otherwise ists vinegar with the safety. |
|
| |
| Programmieren, das spannendste Detektivspiel der Welt. | 09/08/06 ▲ |
|
| |
|
|
| | Yes, into Codebereich my I. Readonely can with [...] Change (already done). is the byte in each Process present? |
|
| |
| |
| |
|
|
| | DLLs To patchen, after tappt im dunkeln loaded get, is no trouble. would be I a DLL in my area patchen and a Zeiger one others Prozesses would on the equal Codebereich show, would too the code in the others Process changed go. is the really so? i think not. |
|
| |
| |
| |
|
|
| | ...How said, its no trouble, with the [...] To testing - very for watts the program written. Since I in the moment on one others OS festsitze Gibts The Testergebnisse first tommorrow. |
|
| |
| |
| |
|
|
| Hello Michael...
too here counts naturally: windows isn't same windows, and the what here standing, is NT-based Systemen so:
so, then time go.
first thing started we time WordPad and then [...] . After the select the WordPad Prozesses clicking we then on The of WordPad loaded NTDLL.DLL. The function CsrAllocateCaptureBuffer has by me The address 2005459760 (hexadezimal $7788E330). on this address should means In any drop code stand and no Datensegment his.
[...]
who doubt has, can with DASM32 disassemblen and sustain then the:
[...]
Through Recchtsklick on WordPad.exe in [...] can we now WinXP? on this place Show let.
[...]
we dial as hexadezimale Bytefolge and reading one byte from.
[...]
by me comes there 8B out.
now again Rechtsklick on WordPad.exe and this time Speicherbereich Change dial.
at that new Content give we now to that Fun time AB one and clicking then on Speicherbereich Change.
reading we now The besagte address from, see we, the there also really AB drin standing.
now clicking we on a others Process and let us there The same address read:
there standing still 8B, but not AB.
Fazit => no Pointer on a joint reale address in memory, what To prove was.
too whom protection the Pages in them code standing can with [...] very simply detect. simply to the Rechtsklick Info over address read You can and in the Edit The Codeadresse prompt.
As I said: Schreibschutz can (in bestimmtem welt) by API Change .
there not everything in a pot geschmissen and is in the RAM on the same address alights, is it neither vinegar with the safety. of course can Source of DLLs without Problems Change, but only for own Process. Microsoft respect (in the rule) very well hereon, the Sicherheitsabfragen always Empfängerseitig resolved go - if I ausgeschlafen have, comes an example with View source to that Shatter Bugfix - but in another Thread.
so, well then were I on somebody, the with own Test my testify widerlegt. |
|
| |
| |
| |
|
(1.145)
Deutsch
English
Français
Español
Italia
