Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Step Through DLL's & Portable Executables

Step Through DLL's & Portable Executables 12 years 1 month ago #5776

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
Hello All,

This is what I would like to accomplish. OS=W2KP.

When I enter my User Credentials & press Enter, and before it authenticates agains the Local SAM database, I would like it to trigger a Disassembler and pass control to Disassembled

GINA,
LSA,
Windows NT LanManager Driver MSV1-0 Security Support Provider and finally the SAM.

I should be able to step through the code and be able to view the contents of the variables and if possible be able to change values of any chosen variable.

Any help would be greatly appreciated.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: Step Through DLL's & Portable Executables 12 years 1 month ago #5781

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
User credentials where ? At login time ?

I'm not sure how you want to accomplish this.. though softice would be the best way to go..

You do realise that you will not be dropped into the 'code'... you'll be put smack bang into the ASM......

You will not see 'variables'.. you will be able to see unnamed memory locations, and named memory locations such as the stack & the heap depending on your debugger / disassembler.

You will also be able to see the registers :)


Take my advice...
Do this on something real small first..... like

void main ()
{
exit();
}



You'll need to be familiar with x86 assembly.. function prologue / epilogue, calls, as well as Windows' quirky way of launching PE files and the internal structures that control process execution, function address lookups (import / export tables), maybe naughty things that reside with the kernel at ring 0, and a whole load more.

In other words we're not swimming in the paddling pool anymore....

Anyone want to write a device driver after lunch ? :)

Good luck,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Step Through DLL's & Portable Executables 12 years 1 month ago #5786

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
Something tells me you haven't done this before mate :)
Cheers,

--Sahirh,

Everything aside, where in my post did I mention I did this kind of work before? And even if I didn't do it, does it mean that it is something impossible? Might take years for me to do, but it's alright.

If I did, why would I ask? It was just an idea that I was thinking about.

There are a lot of things You probably *Do Not Know* and *Did Not Do*. Does it mean anything. .. . . . . . . . .mate.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup