Trao đổi với tôi


[Reverse's Tools] HookShark BETA 0.9 (with a vengeance)

It has been one month only, and here i come with another big update.
And yes, it's worth it.

I am doing a quick overview of what has changed.

I am introducing the first tool that detects Hooks of VTables.
It does so by tracing certain assembly patterns and relocated blocks in the data section, that might be a table of virtual method-pointers.

If you set the verbosity high HookShark will also list all changed relocated function ptrs. in data sections.

Also all found global instances of polymorphic classes with VTables are listed in one section for your convinience to ease the analysis of your target.

So feel free to test around some stuff. HookShark might not find all virtual function tables. But this is hardly avoidable.

Resigzed ImageClick this bar to view the full image.

Next up is the new built-in Disassembler. Not much functionality. Just to grant a quick look at the area, if this is something worth exploring further with a debugger.

Some targets might fuck with us, guarding pages or even the modulelists. Also time-attacks to detect thread suspensions is a common technique.
So if the target crashes on scan or doesn't seem to be scannable, play around with the new Troubleshooting options in the Global Options Tab.

Also check out the new Credits Dialog. I included the old Chiptune, that you might know from 0.6.

Abso insisted on testing out the new bug-tracking system. So if you want to report bugs, then try it out:

I don't know if i will use it. But it doesn't hurt to check it put. If you want to be extra sure, mention the bug here in this thread.

Resigzed ImageClick this bar to view the full image.

PS: Yeah i know. The pictures show version "0.8" :P
That's because im lazy to make new pictures.



09-02-2010 - 1 -- Fixed memory leak. Thx to MiDoX
Last edited by DeepblueSea; 09-03-2010 at 01:56 AM.

No comments:

Post a Comment