strtok() C++ wrapper

In this article, I share with you a simple C++ class that wraps the string tokenization function strtok(). The QuickTokenizer class makes it easy to tokenize and enumerate the tokens in a thread-safe manner.

The class code

//////////////////////////////////////////////////////////////////////////
class QuickTokenizer
{
private:
  char *buf;
  char *token;
  char *ctx;

  void FreeBuffers()
  {
    if (this->token != NULL)
    {
      free(this->token);
      this->token = NULL;
    }
    if (this->buf != NULL)
    {
      free(this->buf);
      this->buf = NULL;
    }
  }

public:
  QuickTokenizer() : buf(NULL), token(NULL)
  {

  }

  const char *Tokenize(
    const char *str,
    const char *tok)
  {

    this->buf = _strdup(str);
    this->token = _strdup(tok);

    return strtok_s(buf, token, &ctx);
  }

  const char *NextToken()
  {
    return strtok_s(NULL, token, &ctx);
  }

  ~QuickTokenizer()
  {
    FreeBuffers();
  }
};

Continue reading

Detect executable format using Python

In this article, I am sharing with you a small Python script that lets you detect if a file is an executable file and what platform the executable is targeting.

The following formats for 32 bits and 64bits processors are supported:

  • Mach-O files: both regular and universal formats
  • Windows PE files
  • Linux ELF files

The script

#---------------------------------------------------------------------
EXEFLAG_NONE        = 0x0000
EXEFLAG_LINUX       = 0x0001
EXEFLAG_WINDOWS     = 0x0002
EXEFLAG_MACOS       = 0x0004
EXEFLAG_MACOS_FAT   = 0x0008
EXEFLAG_32BITS      = 0x0010
EXEFLAG_64BITS      = 0x0020

# Keep signatures sorted by size
_EXE_SIGNATURES = (
    ("\x4D\x5A", EXEFLAG_WINDOWS),
    ("\xCE\xFA\xED\xFE", EXEFLAG_MACOS | EXEFLAG_32BITS),
    ("\xCF\xFA\xED\xFE", EXEFLAG_MACOS | EXEFLAG_64BITS),
    ("\xBE\xBA\xFE\xCA", EXEFLAG_MACOS | EXEFLAG_32BITS | EXEFLAG_MACOS_FAT),
    ("\xBF\xBA\xFE\xCA", EXEFLAG_MACOS | EXEFLAG_64BITS | EXEFLAG_MACOS_FAT),
    ("\x7F\x45\x4C\x46\x01", EXEFLAG_LINUX | EXEFLAG_32BITS),
    ("\x7F\x45\x4C\x46\x02", EXEFLAG_LINUX | EXEFLAG_64BITS)
)

def get_exeflags(filepath):
    try:
        with open(filepath, "rb") as f:
            buf = ""
            buf_len = 0
            for sig, flags in _EXE_SIGNATURES:
                sig_len = len(sig)
                if buf_len < sig_len:
                    buf += f.read(sig_len - buf_len)
                    buf_len = sig_len

                if buf == sig:
                    return flags
    except:
        pass

    return EXEFLAG_NONE

Continue reading

Introducing Ganxo v0.1 – An open source API hooking framework

Hello,

Today I release the first Alpha version of Ganxo (pronounced as “Gun Show” or “Gan Chou”), an open source API hooking framework. In Catalan, Ganxo means “hook”, thus the framework’s name.

Writing an API hooking framework was always on my to do list. I started developing Ganxo back in April 2016 and after two weeks of development during my free time, I got busy with other things and abandoned my efforts.

My initial goals were to accomplish the following before going public with it:

  • Support x86 and x64 hooking
  • Write a more extensive test suite
  • Fully document it

This past weekend, I decided to release Ganxo even though I have not met all my goals. As of today, Ganxo works on MS Windows and supports x86 API hooking. The groundwork is laid down and it should be easy to add x64 bits hooking support on Windows or even just port it to other operating systems.

Feel free to clone the code from here and start using it today.

Stay tuned, I plan more features in the coming future!

flower separator
batchography-good-resDo you want to master Batch Files programming? Look no further, the Batchography is the right book for you.

Available in print or e-book editions from Amazon.
flower separator

You might also like:

Batchography: Batch files and Unicode

Recently, I had to update my popular utility that resets NTFS files permission to support Unicode paths. I had to investigate how to add Unicode support in Batch scripts. It seems that this was a topic I forgot to add into my comprehensive Batch files programming book.

This article is the result of my investigation, in which I am going to show you how to add Unicode support to your Batch file scripts in 3 easy steps.

Continue reading

Batchography: Embedding Python scripts in your Batch file script

I keep writing about Batch programming, so it is obvious by now that Batch files programming has become one of my favorite activities. Every time I have to write a quick script to automate a task, I go first for the Batch files programming language. If that does not do the job, I use the Python programming language and if that fails, I go for C/C++ before deciding to writing using the assembly language.

Now, what about combining the two languages to achieve what you want?

That’s today’s topic. It is an excerpt from Chapter 4 in the Batchography book. Continue reading

7 DLL injection techniques in Microsoft Windows

In this article, I am going to list half a dozen DLL injection techniques that can be used by a user mode process running on MS Windows. There could be more techniques but I am sharing with you the techniques that I had first hand experience with.

1. AppInit_DLLs

People used to rely on the AppInit_DLLs registry key. The OS loader queries this value and loads the DLLs specified there when a process is created. I have not used this technique in a long while (last time I used it was on Windows XP) and I heard it is now restricted or discontinued because it was widely used by malware.

2. SetWindowsHookEx API

The SetWindowsHookEx API installs an application-defined hook procedure into a given hook chain. There are various supported hook chains (CBT, Journal, Window messages, keyboard, mouse, etc).

When using the SetWindowsHookEx API, you are instructing the operating system to inject your custom hook DLL into other process where it is relevant. The Windows hooks work when the other processes import / use functionality from USER32.dll.

Continue reading

Batchography: Reading a text file line by line in Batch files

This is yet another article about Batch files. In this article, I am going to show you how to read a text file line by line using the Batch files scripting language.

For more advanced Batch scripting topics, please grab a copy of the Batchography book.

batchography-good-res

Let’s get started! Continue reading