Using EasyHook I have successfully hooked both exported functions and known vtable functions for various C++ classes. In all these cases target programs have used DLLs. Provided I know the address of a function's entry point, is it possible to do the same when a library has been linked into the target program as opposed to being a separ...
I am creating a program that interacts with another program and I would like to "inject" my program into this program as an MDI Child window. Is this even possible, and if so can it be done in VB.NET? What kind of pitfalls are associated with doing this? ...
Hi there, I'm using Ollydbg to disasemble a program. What I need to do is inject code into the program and save an EDX value at a certain point. I'm guessing the easiest way would be for me to create a dll with a single function like so... function WriteEAXValue(EAX: PChar): LongBool and then inject code into the program so it calls t...
I have a third party application - lets call it ManageUsers.exe, which simply creates users and assign permissions. I would like to write a dll or exe which will go into ManageUsers.exe and create the users that I want. I am fairly new to injecting dll etc.. so I have almost no background on this at all. I have read the following article...
Hi, I have a web service(Netbeans 6.9.1,Glassfish 3.0.1) with webservicecontext injection. I want to know if this class is thread-safe if I use @Singleton annotation. @WebService() @Singleton() public class Proves { @Resource WebServiceContext wsContext; @WebMethod(operationName = "feralgo") public String feralgo(@WebParam...
I use Netbeans 6.9.1 and Glassfish 3.0.1. I have this model: EnterpriseApplicationA contains EJBmoduleA and the BeanA that exposes a remote interface. EnterpriseApplicationB contains EJBmoduleB and the BeanB. The BeanB calls the BeanA using @EJB injection. All is working, but if I made a trivial change in a business method of BeanA (...
I tried to combine the examples at coding the wheel and profiler attach. Everything seems to go fine, except, when I try to enumerate running assemblies in the remote processes' default appdomain, I don't get the right list. public class remoteFoo { public static int sTest(String message) { AppDomain currentDomain = AppDomai...
Given an object A, which contains a callable object B, is there a way to determine "A" from inside B.__call__()? This is for use in test injection, where A.B is originally a method. The code is something like this: # Class to be tested. class Outer(object): def __init__(self, arg): self.arg = arg def func(self, *args, **kwargs...
I wrote a custom annotation containing metadata for a property and an AnnotationProcessor: @SupportedAnnotationTypes({"<package>.Property"}) public class PropertyProcessor extends AbstractProcessor { @Override public boolean process(Set<? extends TypeElement> annotations, RoundEnvironment roundEnv) { // Get messager object Mes...
Hello ;-) I have a newbie but really important question for me: I have a Mac Os X application that uses carbon api, but it is still a C++ application. I need to debug which functions are called at execution time and then make a C++ patch to replace one of those functions. The real goal: I need to log all text printed into a chat window...
I want to use the parameter place holder - e.g. ?1 - with the % wild cards. that is, something like: "u.name LIKE %?1%" (though this throws an error). The docs have the following two examples: 1. // Example - $qb->expr()->like('u.firstname', $qb->expr()->literal('Gui%')) public function like($x, $y); // Returns Expr\Comparison instance ...
Hi ;-) I have build a little patch to append to a certain application and trace the invocations of some functions. Among them, malloc() and open(). I am using dlsym to store the pointer to the original symbol and replace the function name with my own. It compiles -and works- perfectly under linux. Here's the code: #define _GNU_SOURCE #...
Hi ;) I have succesfully using dyld -macosx- to interpose standard C functions to a third party application, getting important information about the workarounds it does. But what I really need is to replace a certain function of a certain class. The function I want to override is QString::append(..., ..., ...), so each time a string is...
Hello :) I am interposing the memcpy() function in C because the target application uses it to concatenate strings and I want to find out which strings are being created. The code is: void * my_memcpy ( void * destination, const void * source, size_t num ) { void *ret = memcpy(destination, source, num); // printf ("[MEMCPY] = %...
My company has partners that embed a few of our web pages into their site by way of a dynamically generated iframe. The source URL for the iframe comes from the query string on the partner's site so I want to make sure there is no risk of a cross site scripting attack since we are using untrusted input as the iframe's source. The sou...
I'm writing a JavaScript to inject a new CSS rule into pages in Android browser in order to display some text in a custom CSS font (after some replacement). Here is how I tried to inject the CSS rule: var css = '@font-face {font-family:"font"; src:url(http://www.example.com/font.ttf);} si{font-family:"font"}'; if(document.getElementsBy...
Let's presuppose that you have R running with root/admin privileges. What R calls do you consider harmful, apart from system() and file.*()? This is a platform-specific question, I'm running Linux, so I'm interested in Linux-specific security leaks. I will understand if you block discussions about R, since this post can easily emerge in...
For example if I am colecting a [URL value] in a form, saving that [URL value] in a database, and then using it in a page like this: <a href="[URL value]" > The Link </a> How do I protect against this [URL value]: http://www.somelink.com"> Evil text or can be empty </a> ALL THE EVIL HTML I WANT <a href=" How can I protect agai...