Adriano dos Santos Fernandes wrote:

> Alexandre Benson Smith wrote:
>
>> Ok... I cannot say a lot of in memory code injection, as I understand
>> it, it's possible, but the possibilities are a lot limited compared to
>> change the binary for a custom build, change the binary with a custom
>> build open all kinds of possibilities, while in memory code injection
>> must be a change of byte per byte, so one cannot do a lot without
>> breaking the original functionality, or even make the software unable to
>> run.
>>
> An exploit could just download a DLL, load it and do anything. Official
> FB binaries is easy identically recreated (i.e., use same FB source code
> version and same compiler version), so it's easy for one to "play" with
> it and know exactly what in-memory bytes need to be modified to call
> another code.
>
>
> Adriano
>
>

I think about this line, but even to download something is a bunch of
code that need to be inserted, I was thinking more about a "local"
instalation, and patching the code to load that dll.

But as I said earlier, I am not that familiar with code injection
techniques. But, as far as I can see, any other piece of software suffer
from the same problem. The diference would be the source code ? I don't
think so, if one will just replace a given piece of code by a custom
routine that will load the dll, he can just put the original code inside
the dll and everything will look ok from the user POV.

see you !

--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br