Pages of Code Injection

MAIN | NEWS | TUTORIALS | WIN32ASM | TOOLS | LINKS | E-MAIL

Introduction

I am Lord Rhesus, and welcome to my pages of code injection. This site doesn't focus on cracking or any other aspects of reverse engineering, it solely concentrates on code injection or functionality adding if you prefer. The aim of this site is to provide a source of reference which others who are interested in this topic can use to keep up to date on the latest methods, techniques and tools in this field of reverse engineering. Most of the work contained on this site isn't mine and is stolen / borrowed from other reversers who have written good tutorials on code injection that fit in with the aims of this site.

Code Injection

In a single line, code injection is the art of adding extra functionality or alternative features to a program by introducing new code directly into the binary executable formats of it's constituent parts. You may have heard that this art is extremely difficult to practice and only attempted by the l337 (elite in hacker talk). To be blunt the previous statement is complete bollocks! This view is usually held by people who haven't even attempted to add new code into an already compiled program, mostly a view sprouted by kiddies in chat rooms. Adding functionality to program is difficult if you don't know assembly that well, so this is why there is an assembly section on this page, but once you've grasped even a basic knowledge of the language then you can essentially do anything.

Adding functionality to a program in loose term has been done by virus writers for nearly 20 years now (even thought the functionality they add isn't exactly what we would like to have added to our programs). The techniques that they used are pretty much the same as they are now and there is probably a fair bit that we could learn from them. Virus writing however isn't what this site is about and I wouldn't want to push people down that dangerous path. Adding *useful* code to programs has probably been done in the past but it only started becoming popular in the last 2/3 years so as a field of study it is relatively new, but nevertheless there are plenty of reversers out there have have made their own contributions over the years. This is most likely due to the eaze of exploiting the overbloatedness of the Windows format of files. For example, the smallest program that you can write is one which starts and then finishes straight away without doing anything else. A DOS program written in assembler that does this is 2 bytes long, where as a Windows program that does this is 2.5 kilobytes long, that's ~1280 times larger. The huge size difference is due to the standard layout of Windows programs, the PE header for example is ~250 bytes minimum plus the file is split up into sections and between these sections is a lot of free and unused space. The free and unused space is where we can inject code. There are other ways of making space to inject code but these are covered in depth in the tutorials so there's no point mentioning them here.

Disclaimer

Like all sites these days here is a disclaimer which basically says "Hey, don't blame me, it's not my fault, it was someone else".

So in the original words of a genius:

I disclaim all liability for the entire contents of this web site. If you are easily offended by the spreading of free information then feel free to pay for it. The fee is $10 for every page read and file downloaded, payable to the fund for complete commercial arseholes (CCA). This is an organisation that has been set up to look after spammers, door to door sales men, and TV ad men. These poor people have spent their entire lives trying to help people buy the goods that they *really* want like the giant slipper which has enough room for the entire family to fit their feet in, and the entertaining and fashionable yet affordable fabric frisbee which also doubles up as a sun visor. Gotta have one! For a start if it wasn't for these people then we wouldn't have had the millennium. Do you recall seeing the ball drop in New York on millennium eve behind the huge Discover billboard. That's right. It wasn't the celebration of the 2000th birthday of Christ? Don't be silly, it was a celebration of the Discover Card and the power to buy what you want, where you want, whenever you want (Availability depending on the current heath of your bank account, who your dad is and whether you are economically viable or not. Poor people living in Ghettos need not apply). Go on, have a heart, donate some money to these pioniers of our modern society. Some of them only have one bollock, and many were buggered senseless by their boss as they climbed the slippery brown ladder of marketting success! It could be you next!

Well there we go, I think that disclaimer is appropriate enough to satisfy anyone who has objections to my website!