Program-Transformation.Org. The Program Transformation Wiki Program transformation techniques are used in a many areas of software engineering ranging from program synthesis, via program optimization and program refactoring, to reverse engineering and documentation generation. Many theories, tools and applications have been developed over the last 30 years. Often the results of these efforts are used only in the community that developed them. Program-transformation.org is dedicated to collecting, organizing and disseminating information about all aspects of program transformation in order to share results across communities. Such an effort cannot possibly be achieved by a static web site. Entry Points There are a number of EntryPoints that focus on specific aspects of program transformation.
Categories Another way to browse the pages is by considering the various categories. CategoryCategory: full list of all categories Collections Tools History ProgramTransformationOrg was founded in April 2000 by EelcoVisser. Www.agner.org/optimize/objconv-instructions.pdf.
KPNC. Simple, but effective system independent anti-debug trick based on well-documented APIs and does not involve assembly inline (means: it could be implemented in pure C). also it works as anti-dump sensor. caution: I would recommend do _not_ use this thick in production code, because it’s based on the bug (two bugs actually: one in Windows, another in OllyDbg), which could be fixed at any moment. however, noting terrible happens if the bug would be fixed - the application just could not detect debugger/dumper. in passing: I found this bug working on the project for a spectrography cherry group, well, not a cherry actually, but I prefer to keep the real name if it under the mat, anyway it’s all about Ciscar Fon - my first love, a gothic type, very kinky and yet creative. in a nutshell: the whole idea based on PAGE_GUARD attribute.
ReadProcessMemory: normally, /* I mean _normally_ */ ReadProcessMemory() returns error if it meet a page with PAGE_GUARD attribute. does it make sense?
EM_386. Hardware Download. How main() is executed on Linux LG #84. Starting The question is simple: how does linux execute my main()? Through this document, I'll use the following simple C program to illustrate how it works. It's called "simple.c" main(){ return(0);} Build gcc -o simple simple.c What's in the executable? To see what's in the executable, let's use a tool "objdump" objdump -f simple simple: file format elf32-i386architecture: i386, flags 0x00000112:EXEC_P, HAS_SYMS, D_PAGEDstart address 0x080482d0 The output gives us some critical information about the executable.
What's ELF? ELF is acronym for Executable and Linking Format. In the above structure, there is "e_entry" field, which is starting address of an executable. What's at address "0x080482d0", that is, starting address? For this question, let's disassemble "simple". Objdump --disassemble simple The output is a little bit long so I'll not paste all the output from objdump. Looks like some kind of starting routine called "_start" is at the starting address. What are those hex values about? PLT and GOT - the key to code sharing and dynamic libraries : technovelty. (this post was going to be about something else, but after getting this far, I think it stands on its own as an introduction to dynamic linking) The shared library is an integral part of a modern system, but often the mechanisms behind the implementation are less well understood.
There are, of course, many guides to this sort of thing. Hopefully this adds another perspective that resonates with someone. Let's start at the beginning — - relocations are entries in binaries that are left to be filled in later -- at link time by the toolchain linker or at runtime by the dynamic linker. Here's the simplest example: $ cat a.c extern int foo; int function(void) { return foo; } $ gcc -c a.c $ readelf --relocs . The value of foo is not known at the time you make a.o, so the compiler leaves behind a relocation (of type R_386_32) which is saying "in the final binary, patch the value at offset 0x4 in this object file with the address of symbol foo" . $ objdump --disassemble . What's going on here? Dynamic Linking in Linux and Windows, part one. By Reji Thomas and Bhasker Reddy This article discusses the shared libraries concept in both Windows and Linux, and offers a walk-through through various data structures to explain how dynamic linking is done in these operating systems.
The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior cursory knowledge with dynamic linking. Part one introduces the concepts for both Linux and Windows, but will focus primarily on Linux. Next time in part two, we'll discuss how it works in Windows and then continue to compare the two environments. Static Libraries vs. Shared Libraries A library is a collection of sub-programs which allow code to be shared and changed in a modular fashion.
In the most basic sense, libraries can be divided into two categories: static libraries and shared libraries. In contrast to static libraries, with shared libraries the library code is not bound to the executable at link time. Do{ Dynamic Linking in Linux and Windows, part two. By Reji Thomas and Bhasker Reddy This article discusses the shared libraries concept in both Windows and Linux, and offers a walk through various data structures to explain how dynamic linking is done in these operating systems. The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior cursory knowledge with dynamic linking. Part one introduced the concepts for both Linux and Windows and focused primarily on Linux. Now in part two, we'll discuss how it works in Windows and then continue compare the two environments.
Readers are encouraged to review part one again before continuing with this article. Windows Portable Executable File Format (PE) data structures We know that a section is a chunk of code or data that logically belongs together, and that the data for an executable's import tables are in a section. Exports section (.edata) Imports Section(.idata) How things work Delay loading in Windows Comments? ARTeam ezine 4th. How to Disassemble DLL on Linux.