Hooking(Message Hooking / API Hooking)

• Hooking

- Reverse engineering core technology

- techniques that interchange or intercept function calls, messages, events, etc.

- Development of Hook code for bug fix or improvement (source code X)

- Development of Hook code to freely manipulate executable file and process memory

• Hooking Advantages

- execution of user's hook code before/after API call, Message forwarding (additional function)

- Possible to peek or manipulate the return value of API function / parameter passing through hooking function

- Cancels "Send Event", "Call API" or change the execution flow to user code

=> free calling depending on the situation

• Most Popular Hooking

- Message Hooking

- API Hooking

• Hooking points

- IAT (import addres table): A table of which functions in a library refer to which functions.

 => Changing the API address to a hooking function,

- Code: Directly access the API real address from the system library mapped to process memory, and modify the code directly

 - Export Address Table (EAT): A mechanism to use functions provided by library files in other programs: message / API hooking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking

Reverse engineering : Hooking(Message Hooking, API Hooking)

Reverse engineering : Hooking(Message Hooking, API Hooking)

• Reverse engineering

 - Opposition to "Forward Engineering"

 - Techniques to Backtrack about the deployed system
- part of the software maintenance process

• purpose

- to understand the structure and operation principle of the program(using the disassembler / debugger )

- to fix bugs or improve functionality

- freely manipulating executable files and process memory

• uses

- Debugging and patching (Hotfix)

- Modify an application without code

- hacking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking #Reverse engineering

PCANBasic api : PCAN_RECEIVE_EVENT

PCAN_RECEIVE_EVENT를 설정하면 PCAN 데이터를 받을 때에만 동작한다.

CAN_SetValue (class-method : SetValue) 함수를 호출 -> Win32 동기화 함수 (예 : WaitForSingleObject) 중 하나를 사용하여 이벤트 신호를 받을 때까지 대기 ->  CAN_Read (클래스 메소드 : 읽기) 함수로 읽을 수 있으며 CAN 메시지를 처리

SetValue로 이벤트를 설정하고 Win32 동기화 함수를 통해 대기 할 시, 프로세스 로드가 증가 없이 데이터 읽기가 가능하다.

원문 번역.

이벤트를 사용하려면 클라이언트 응용 프로그램이 CAN_SetValue (class-method : SetValue) 함수를 호출하여 매개 변수 PCAN_RECEIVE_EVENT를 설정해야합니다. 이 매개 변수는 이벤트 객체의 핸들을 설정합니다. 메시지를 받으면 드라이버는이 이벤트를 "Signaled"상태로 설정합니다.

다른 스레드는 프로세스 로드를 증가시키지 않고 Win32 동기화 함수 (예 : WaitForSingleObject) 중 하나를 사용하여 이벤트 신호를 받을 때까지 대기하는 클라이언트 어플리케이션에서 시작해야함.

 이벤트가 신호되고 나면 클라이언트의 수신 버퍼를 CAN_Read (클래스 메소드 : 읽기) 함수로 읽을 수 있으며 CAN 메시지를 처리 ​​할 수 ​​있습니다.

ref: http://www.peak-system.com/‎


sample code :

can.h
classA {
....
DWORD readthread(); 
HANDLE m_hEvent; // 이벤트 핸들
....
}
---------------------------------------
can.cpp

DWORD classA::readthread() {

      ....

    LOADAPI.SetValue(m_PcanHandle, PCAN_RECEIVE_EVENT, &m_hEvent, sizeof(m_hEvent));

    if (m_hEvent == NULL) {

        return RETURN::FAIL;

    }

    

    while (1) {

    //Wait for CAN Data...

        result = WaitForSingleObject(m_hEvent, 10000);

        if (result == WAIT_OBJECT_0)

              LOADAPI.Read(m_PcanHandle, &CANMsg, &CANTimeStamp); 

    } 

Error: Virtualbox guest additions: modprobe vboxsf failed

shared folder Error: Virtualbox guest additions: modprobe vboxsf failed

$ sudo apt-get install virtualbox-guest-dkms

$ sudo apt-get install linux-headers-virtual

#Example #Error #Virtualbox #linux

linux "ps" command example

"ps" command example

: If i use "ps" command, I can check working process.

$ ps [-option]

-a : enumerates all processes (total user)

-u : each process of user and usage time

-x: enumerates all processes without a controlling terminal

-l : enumerates the detailed information

-e: Display all processes statuses

Example)
 ps -aux

PID : process id

%CPU : cpu usage

%MEM : memory usage
VSZ : virtual memory usage

RSS : real memory usage

Stat : process status ( S : sleep, I : idle, T : stop, …)

Linux : search content (in file) / and search file or folder example

search content
$ grep -r "content" ./*

  ex) grep -r "LD_PRELOAD" ./*

search file or folder

$ find ./* -name "file or folder"
  ex) find ./* -name "library" or find ./* -name "*lib*"

android pdk make error : Android can only be built by versions 3.81 and 3.82.

This error is caused by an incorrect "make" version.

root@kiwon-VirtualBox:~/pdk/android-4.4.2_r1# make

build/core/main.mk:45: ********************************************************************************

build/core/main.mk:46: *  You are using version 4.1 of make.

build/core/main.mk:47: *  Android can only be built by versions 3.81 and 3.82.

build/core/main.mk:48: *  see https://source.android.com/source/download.html

build/core/main.mk:49: ********************************************************************************

build/core/main.mk:50: *** stopping.  Stop.

This error is caused by an incorrect "make" version.

So, Please add "make" version.

$make -v

GNU Make 4.1
.…

Please add "make" version 4.1 .

$ vi ./build/core/main.mk

 40 # Check for broken versions of make.

 41 # (Allow any version under Cygwin since we don't actually build the platform there.)

 42 ifeq (,$(findstring CYGWIN,$(shell uname -sm)))

 43 ifeq (0,$(shell expr $$(echo $(MAKE_VERSION) | sed "s/[^0-9\.].*//") = 3.81))

 44 ifeq (0,$(shell expr $$(echo $(MAKE_VERSION) | sed "s/[^0-9\.].*//") = 3.82))

 45 ifeq (0,$(shell expr $$(echo $(MAKE_VERSION) | sed "s/[^0-9\.].*//") = 4.1))

 46 $(warning ********************************************************************************)

 47 $(warning *  You are using version $(MAKE_VERSION) of make.)

 48 $(warning *  Android can only be built by versions 3.81 and 3.82.)

 49 $(warning *  see https://source.android.com/source/download.html)

 50 $(warning ********************************************************************************)

 51 $(error stopping)

 52 endif

 53 endif

 54 endif

 55 endif

Okay .