#1
|
||||
|
||||
Windows 7 basing problem
I am having a problem with a target I am attempting to reverse. I have added a new section to the file to use to modify some data that is calculated and stored into the program.This code works correctly on XP. However, the feature of random basing that is present in the windows 7 operating system is causing my address references to point to invalid data due to their base not being altered with the rest of the program. Here is my current code:
Code:
01515234 803D 6A525101 0>CMP BYTE PTR DS:[151526A],1 0151523B 0F8D 37010000 JGE Houdini_.01515378 01515241 > B9 30515101 MOV ECX,Houdini_.01515130 01515246 8B0C08 MOV ECX,DWORD PTR DS:[EAX+ECX] 01515249 3E:894C04 18 MOV DWORD PTR DS:[ESP+EAX+18],ECX 0151524E 66:83C0 04 ADD AX,4 01515252 66:3D 0001 CMP AX,100 01515256 ^ 75 E9 JNZ SHORT <Houdini_.myloop> 01515258 C605 6A525101 0>MOV BYTE PTR DS:[151526A],1
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler |
#2
|
|||
|
|||
you have three options - first is obviously to disable ASLR (clear bit 6 (value 0x40) in the DLL Characteristics field in the PE header); second is to add relocations to the relocation table, so that your addresses will be updated automatically with the rest of the code; third is to use dynamic offsets (call $+5; pop ecx; add ecx, relative offset).
|
The Following User Gave Reputation+1 to qkumba For This Useful Post: | ||
chessgod101 (10-23-2012) |
#3
|
||||
|
||||
Thank you very much, qkumba. You have helped me solve the problem. However, can you recommend a tool that helps a person add new relocations to a exe? Most of the tools I have only allows you to edit existing ones.
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler |
#4
|
|||
|
|||
Sorry, I don't know of any tools to do it. I add mine manually when I need to (which is fortunately not often).
|
The Following User Gave Reputation+1 to qkumba For This Useful Post: | ||
chessgod101 (10-23-2012) |
#5
|
||||
|
||||
without a tool writing position independent code is a lot easier. (and there is no such tool atm).
I´d generally prefer pid-code, easier to write, easier to maintain, no real disadvantages. |
The Following User Gave Reputation+1 to deepzero For This Useful Post: | ||
chessgod101 (10-24-2012) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
C# (Classic .exe, Windows 10, Windows Phone etc.) Protection | delidolunet | General Discussion | 7 | 10-11-2016 01:10 |
(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8) | delidolunet | General Discussion | 7 | 08-02-2013 10:33 |
Windows 2000 and Windows nt 4 sources, question | shady | General Discussion | 2 | 04-15-2004 04:17 |