6 Takeaways from Apple WWDC 2017
7 DLL injection techniques in Microsoft Windows
In this article, I am going to list half a dozen DLL injection techniques that can be used by a user mode process running on MS Windows. There could be more techniques but I am sharing with you the techniques that I had first hand experience with.
1. AppInit_DLLs
People used to rely on the AppInit_DLLs registry key. The OS loader queries this value and loads the DLLs specified there when a process is created. I have not used this technique in a long while (last time I used it was on Windows XP) and I heard it is now restricted or discontinued because it was widely used by malware.
2. SetWindowsHookEx API
The SetWindowsHookEx API installs an application-defined hook procedure into a given hook chain. There are various supported hook chains (CBT, Journal, Window messages, keyboard, mouse, etc).
When using the SetWindowsHookEx API, you are instructing the operating system to inject your custom hook DLL into other process where it is relevant. The Windows hooks work when the other processes import / use functionality from USER32.dll.
Continue reading “7 DLL injection techniques in Microsoft Windows”
LICEcap – Record your desktop and create animated GIFs
LICEcap, from Cockos Incorporated, is a nice and free tool that allows you to record your desktop screen activity and later save the activity as an animated GIF. This comes in handy when you are creating a small tutorial of some sort.
The nice thing about LICEcap is that it is not only free but also supports Windows and macOS.
Features and options:
- Record directly to .GIF or .LCF.
- Move the screen capture frame while recording.
- Pause and restart recording, with optional inserted text messages.
- Global hotkey (shift+space) to toggle pausing while recording
- Adjustable maximum recording framerate, to allow throttling CPU usage.
- Basic title frame, with or without text.
- Record mouse button presses.
- Display elapsed time in the recording.
You might also like:
3 Easy steps to getting free pictures to use in your blog
Uber – Self driving car concept
Batchography: Reading a text file line by line in Batch files
This is yet another article about Batch files. In this article, I am going to show you how to read a text file line by line using the Batch files scripting language.
For more advanced Batch scripting topics, please grab a copy of the Batchography book.
Let’s get started! Continue reading “Batchography: Reading a text file line by line in Batch files”
Batchography: Number counting in Batch files
This is yet another article about Batch files. In this article, I am going to show you how to do number counting loops in Batch files.
For more advanced Batch scripting topics, please grab a copy of the Batchography book.
Continue reading “Batchography: Number counting in Batch files”
Hiew+ – Editing process memory with Hiew hex editor
What’s is Hiew+
Hiew+ is based on the FsPlus project. FsPlus is an implementation of an idea that allows you to access non disk files as if they were disk files. Hiew+ is a real life example of FsPlus where we take Hiew (an excellent hex editor) and turn it into an excellent process editor. Each process will be viewed as a file with a size as much as SYSTEM_INFO.lpMaximumApplicationAddress returns. In theory FsPlus should work with any hex editor to provide process memory editing, but this release is just Hiew ready.
Usage
To use FsPlus, you need to inject FsPlus.dll into Hiew’s process memory so that the APIs are hooked. After APIs are hooked, FsPlus will recognize and treat in a different manner any file name that has the following form: “pid|1234” where 1234 is a given PID. To make the usage even simpler, I provid a small GUI (FsPlusGui) to allow you launch Hiew conveniently.
In fact, Hiew+ can be considered as a nice addition to your reverse engineering tools arsenal (IDA Pro‘s debugger or any other debugger, etc.).
Here’s a screenshot of the FsPlusGui:
You will need to double click on a process to have Hiew or the desired process launched with FsPlus support.
Make sure you specify the settings correctly in FsPlus.ini:
[settings]
title=Hiew+ (c) lallous <lallousz-x86@yahoo.com>
hookdll=.\fsPlus.dll
launch=c:\hiew\hiew32.exe
Features
After you run it successfully, you will be able to start editing processes as if you were editing files. The catch is every process virtual address is now a physical offset in Hiew.
Modules as IMAGE_SECTION_HEADERs
For your convenience we have created additional IMAGE_SECTION_HEADER structures in the PE header of the main process, so that each loaded module is view as a PE section:
Textual information about process’ modules
In addition to viewing modules as PE sections, you will have an actual representation of all loaded modules just after the end of the PE header:
Do you want to master Batch Files programming? Look no further, the Batchography is the right book for you.
Available in print or e-book editions from Amazon.
No Read Errors
To avoid reading errors and such, any unreadable memory page is filled with “BAD!” pattern.
Physical and Logical disk editing
This is not something added by FsPlus, rather it is a undocumented feature of Hiew32 where you can use Hiew to edit/view logical and physical disk sectors:
Conclusion
This tool has been tested with Windows Vista (32) and Windows XP SP2 and with Hiew 7.29.
Hope you find this tool useful as Hiew itself.
Note: Please don’t contact me if you run into trouble. This tool is no longer supported.
You might also like:
Take aways from the Defensive Driving Course
Recently, I took the 6 session defensive driving course. The following are some of the notes I extracted from the course that I would like to share with my you:
- The defensive driving formula
- The Ten Habits of Defensive Driving
- The “What If?” Strategy
- The Three Second Rule and stopping distance facts
- Safe and unsafe passing
- Road Sign colors and shapes
There were lots of information in the course, I highly recommend taking it! You can download the notes as a single PDF file from here:
(The PDF was created using the free Pic2Pdf tool)
The defensive driving formula
Continue reading “Take aways from the Defensive Driving Course”
Batchography: Converting numbers to characters (or the CHR() function)
In various programming languages, you might sometimes need to convert numbers to characters. In simple terms, each character you see has a numerical representation. The ASCII table shows the numbers of each character and its corresponding glyph.
Converting numbers to their corresponding characters would be useful to generate a random string for instance. The first step to generating a random string is to generate random numbers between 65 and 90 (upper case ‘A’ to upper case ‘Z’) or between 97 and 122 (lower case ‘a’ to lower case ‘z’).
While the Batch language is pretty primitive, you would be surprised how many things you can do with it. In the Batchography book, I cover various topics that would bring your Batch programming skills to the next level.
Get the book from Amazon:
- Paperback edition
- E-book edition
Continue reading “Batchography: Converting numbers to characters (or the CHR() function)”
Batchography: How to do a “switch/case” in Batch files
You have found this blog post because you are wondering if there is a way to express a “switch/case” logic in Batch files.
The short answer is: “no, not exactly”. However, there are ways to achieve the same in Batch files.
In the Batchography book, I explain in details the “switch/case” construct, but in this blog post I will illustrate this mechanism briefly. For more advanced Batch scripting topics, please grab a copy of the Batchography book.
Get the book from Amazon:
- Paperback edition
- E-book edition
Continue reading “Batchography: How to do a “switch/case” in Batch files”
MacBook keyboard keys
In this blog post, I am going to share with you how to get the lacking keyboard keys on a MacBook’s keyboard.
Essentially, you are missing the following keys:
- HOME / END.
- DEL key. This is different from the MacBook’s “Delete” key (which is equivalent to the “Backspace” key).
- Page Up / Page Down.
Batchography: How to do string substitution in the Batch scripting language?
There are so many undocumented or obscure features in the Batch scripting language and in this article I am going to illustrate how to do string substitution.
For more advanced Batch scripting topics, please grab a copy of the Batchography book.
Let’s get started! Continue reading “Batchography: How to do string substitution in the Batch scripting language?”
Batchography – Programming the “Hangman game” using the Batch scripting language!
In this blog post, I am going to share with you the high level steps needed to build the Hangman game using the Batch scripting language.
To learn more about how the Hangman is programmed using the Batch scripting language, please refer to Chapter 5 in the Batchography book.
Get the book from Amazon:
- the print edition
- or the e-book edition
Continue reading “Batchography – Programming the “Hangman game” using the Batch scripting language!”
3 easy steps to setting up a zero configuration multi-platform web server with NodeJS and local-web-server
In this technical post I am going to illustrate how you can use the simple local-web-server package for NodeJS to start your web server in a few commands.
Let’s get started!
Step 1 – Installation
First, install NodeJS from http://nodejs.org/download/
If you are using Windows, then make sure you download the MSI package because it is so easy to install.
Keep the default options as you’re installing:
After installing NodeJS, open an elevated command prompt (i.e: run cmd.exe as Administrator) and type the following command in order to install the local-web-server package:
npm install -g local-web-server
You should see something like this:
No errors imply that the package has been successfully installed! Continue reading “3 easy steps to setting up a zero configuration multi-platform web server with NodeJS and local-web-server”
Microsoft Surface Studio – A cool All-in-one computer but what’s with 6:18?
During the October 2016 Microsoft event, Microsoft announced the Surface Studio all-in-one computer and I really like it! Good job Microsoft!
https://www.youtube.com/watch?v=BzMLA8YIgG0
But…I could not help but notice the time and the date on the screen poster to be 6:18 (which is also Saturday, June 18th, 2016)…
Any thoughts?
You might also like:
- Microsoft’s New Surface Book Review
- Surface Computing!
- Batchography: Useful keyboard shortcuts for editing and working with the command prompt
- Inside the Microsoft Visitor Center – Redmond, Washington
How to turn your bookshelf into an e-book library: Digitizing all of your books
Since I moved to the US, I collected around 350 books. I love books and the thought of giving them up is not a pleasant thought.
Each time I used to move from an apartment to another, the majority of boxes would be packed with books. Each time I travel somewhere for a long period, I miss being able to grab a book from my bookshelf and start reading (most of my books are old and they do no exist in digital format anyway). It is clear that I have attachment to those books.
To break this attachment, I had to make a couple of decisions. The first was whether to just forget about the books, leave them on the shelves and get myself busy with another chore. The other decision was whether to scan and /or give away the books. With that came other questions like how to scan books and convert them to eBooks, what methods to use, how much efforts would it take to convert the books, etc.
I decided to get rid of the books and the trim down on the space they occupy. For the reasons outlined later in this blog post, I chose to destructively scan my books. By scanning the books, I get a digital and searchable copy of my books (in PDF format).
In this blog post, I will share with you different ways you can use to digitize books and then the remainder of this blog post will illustrate how I destructively digitized all of my books and what tools I used. Continue reading “How to turn your bookshelf into an e-book library: Digitizing all of your books”