|
Article Publishing
|
~ biggest cracking reverse engineering trick |
The biggest trick in reverse engineering would have to be taking a program that has a DLL, and then loading your own clone DLL instead of that DLL, but changing one function in the DLL to load your own code.
Why is this the biggest trick? Because you can write your code in another language other than assembly, something higher level like C or Delphi, or Rust. All you need to do is simply make a copy of the DLL that exports all the same functions as the original DLL, by either editing the existing DLL and modifying it to load another DLL, or just editing the existing DLL to load your own function, or even rewriting the entire DLL and exporting all the required functions.
This could also be done with an executable and not just a DLL, but DLL's tend to be smaller and easier to mimic than an entire mammoth sized program.
The difficulty of course, is, if you want to modify a dll (or exe) to load another dll, to change that DLL binary in such a way that it imports functions. And to modify an existing exe or dll to export more functions or a single function which it doesn't already export, may be a little difficult. So if one can take an existing DLL that is really small that is part of the program, and just modify it, you then have a way in to the program through the small DLL as the vulnerability. Every time a function is loaded by the exe which is in the DLL, you now have your own code to run which you write in assembly, or possibly a high level language.
I am not a cracker, but this is likely the most fascinating and interesting reverse engineering modification that there is, IMO.. because it opens up a load of opportunities to inject code into programs that are expecting other code to be run, but could run any code that is the right data structure/procedure.
This assumes of course that the program loads a dll, which it may not. So there is always modifying the exe so that it does load a dll, but again this can be a little difficult as an exe that is not designed/compiled to load a dll is harder to modify into an exe which does load a dll. It would be interesting if there was a program out there which automated the process of taking an existing Exe, with no loading of dll, and turning it into one that does. Or a automated program that makes a dll have more exports which injects one more export into it, or making an exe have exports which originally did not.
All this is much easier said than done, but, probably the most interesting reverse engineering "add on" that can be done to any existing program. With the right tools and skills one could then run modifications to programs in high level languages instead of low level assembly injection.
|
|