Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XBDM hack corrupts xbdm.dll #15

Open
JayFoxRox opened this issue Jul 1, 2018 · 0 comments
Open

XBDM hack corrupts xbdm.dll #15

JayFoxRox opened this issue Jul 1, 2018 · 0 comments

Comments

@JayFoxRox
Copy link
Member

Our current hack uses the xbdm.dll PE header for it's communication needs.

@Ernegien suggested to use the xbdm.dll relocation section for our scratch space instead.
According to him we'll have at least 4kb across any version.
I think it's a great idea as the PE header might be re-used, but it's unlikely the .reloc will be re-used (or does XBDM support relocation?).
Alternatively we could look for unused padding space.

We can probably use the xbdm modsection command to locate both of these - it's also supported in every XBDM version.


We also overwrite the code of the thread resume function DmResumeThread. Instead, we should just add a lightweight hook which re-enters the original function, so we are less invasive.
Our code should use the same memory area as the communication space, and ensure that we never consume more memory than available.
We should also switch to another function which is available in every XBDM version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant