CodeBreakers-Journal - Portal for IT-Security & IT-Anti-Security

Side Story
Adding Imports by Hand

This is a tutorial about the imports i wrote "by the way" while solving a harder problem. It focus on 2 particular problems: Building up all the imports information and adding imports (both by hand). It does NOT touch the problem of reconstructing a dumped imports section but, hopefully, I will release tutorials on the later as i tackle more well-known packers. While elaborating this tutorial i worked on Win98 and WinXP, but everything should be a trivial translation for other OSes (excluding section 5, but this deal with the differences between Win2k and the rest of Oses).

Latest Papers

Journals

CodeBreakers Journal

Assembly Programming Journal

Journal Issues

RECON2006 Conf. Proc.

Vol.3, No.1, 2006

RECON2005 Conf. Proc.

Vol.2, No.1, 2005

Vol.1, No.2, 2004

Vol.1, No.1, 2004

Statistics

Members: 1927
News: 293
Web Links: 1
Visitors: 3929660

Featured Conference Video

OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!

Home

Articles - Programming

Reverse Code Engineering

Unpacking by Code Injection

Written by E. Abril

Side Story
Adding Imports by Hand

In this paper, we show how to gain insight information for a given target through code injection. Our attacks are totally stealth for most current anti-cracking technology and represent a real-life threat, the most relevant information we can retrieve is the following:

List of exceptions, handlers and related information.
List of API calls to all DLLs (parameters, returncodes,...).

Full reconstruction of the Imports Table.
Entry Point.

Our methods are flexible and not difficult to implement, we outline the source code and provide a real-life example of how to analyse the log files.

Download: