You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our current hack uses the xbdm.dll PE header for it's communication needs.
@Ernegien suggested to use the xbdm.dll relocation section for our scratch space instead.
According to him we'll have at least 4kb across any version.
I think it's a great idea as the PE header might be re-used, but it's unlikely the .reloc will be re-used (or does XBDM support relocation?).
Alternatively we could look for unused padding space.
We can probably use the xbdm modsection command to locate both of these - it's also supported in every XBDM version.
We also overwrite the code of the thread resume function DmResumeThread. Instead, we should just add a lightweight hook which re-enters the original function, so we are less invasive.
Our code should use the same memory area as the communication space, and ensure that we never consume more memory than available.
We should also switch to another function which is available in every XBDM version.
The text was updated successfully, but these errors were encountered:
Our current hack uses the xbdm.dll PE header for it's communication needs.
@Ernegien suggested to use the xbdm.dll relocation section for our scratch space instead.
According to him we'll have at least 4kb across any version.
I think it's a great idea as the PE header might be re-used, but it's unlikely the
.reloc
will be re-used (or does XBDM support relocation?).Alternatively we could look for unused padding space.
We can probably use the xbdm
modsection
command to locate both of these - it's also supported in every XBDM version.We also overwrite the code of the thread resume function
DmResumeThread
. Instead, we should just add a lightweight hook which re-enters the original function, so we are less invasive.Our code should use the same memory area as the communication space, and ensure that we never consume more memory than available.
We should also switch to another function which is available in every XBDM version.
The text was updated successfully, but these errors were encountered: