provides:

    * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
    * ELF/PE (32/64bit) parser/utility stuff
    * IA32 disassembler
    * Memory analysis

Platforms:
GNU/Linux 2.6
Windows XP SP2

Version: Alpha (still rough)
Stdlib: Phobos 1 / 2
License: Public Domain

http://destroy.selfip.org/kong/

On Wed, 26 Dec 2007 11:48:27 +0200, Neal Alexander <wqeqweuqy@hotmail.com> wrote:

> provides:
>
>      * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
>      * ELF/PE (32/64bit) parser/utility stuff
>      * IA32 disassembler
>      * Memory analysis
>
> Platforms:
> GNU/Linux 2.6
> Windows XP SP2
>
> Version: Alpha (still rough)
> Stdlib: Phobos 1 / 2
> License: Public Domain
>
> http://destroy.selfip.org/kong/

That looks really sweet!

I've written something a lot smaller (need-driven) in this area:
http://privatepaste.com/6e1afLxV7c

-- 
Best regards,
 Vladimir                          mailto:thecybershadow@gmail.com

Neal Alexander wrote:
> provides:
> 
>     * Code hooking (JMP[mem] code-overwrite and PLT/IAT rtdl)
>     * ELF/PE (32/64bit) parser/utility stuff
>     * IA32 disassembler
>     * Memory analysis
> 
> Platforms:
> GNU/Linux 2.6
> Windows XP SP2
> 
> Version: Alpha (still rough)
> Stdlib: Phobos 1 / 2
> License: Public Domain
> 
> http://destroy.selfip.org/kong/

I have a couple suggestions:

1) Please include the phrase "D programming language" rather than "D language".
2) It needs more explanation of what code hooking is and what you can do with it.

Thanks!

> 2) It needs more explanation of what code hooking is and what you can do with it.
>
> Thanks!

Agreed :)

On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1@digitalmars.com> wrote:

> 2) It needs more explanation of what code hooking is and what you can do with it.

IMO if you don't know what it is, you probably don't need it ;) it's like having to explain what programming or a compiler is on the DMD homepage.

There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

-- 
Best regards,
 Vladimir                          mailto:thecybershadow@gmail.com

Vladimir Panteleev wrote:
> On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1@digitalmars.com> wrote:
> 
>> 2) It needs more explanation of what code hooking is and what you can do
>> with it.
> 
> IMO if you don't know what it is, you probably don't need it ;) it's like having to explain what programming or a compiler is on the DMD homepage.
> 
> There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking

I disagree.  I didn't know what the announcement was talking about from the original announcement, but after reading more, I think it sounds like something that could be useful to me.  It sounds like it could be used to do what I've heard called "interception" or "wrapping" of dlls.  Like here: http://glintercept.nutty.org/index.html

--bb

Bill Baxter wrote:
> Vladimir Panteleev wrote:
>> On Wed, 26 Dec 2007 23:15:23 +0200, Walter Bright <newshound1@digitalmars.com> wrote:
>>
>>> 2) It needs more explanation of what code hooking is and what you can do
>>> with it.
>>
>> IMO if you don't know what it is, you probably don't need it ;) it's like having to explain what programming or a compiler is on the DMD homepage.
>>
>> There's a bit of info on Wikipedia: http://en.wikipedia.org/wiki/Hooking
> 
> I disagree.  I didn't know what the announcement was talking about from the original announcement, but after reading more, I think it sounds like something that could be useful to me.  It sounds like it could be used to do what I've heard called "interception" or "wrapping" of dlls.  Like here: http://glintercept.nutty.org/index.html
> 
> --bb
Yea you just hook the allocator for an interface and have it return a proxy object. I have some old directx8 wrapping code that i can strip and turn into a demo of this.


Anyway, i added an intro to the site:

"""Hooking represents a useful method of modifying the runtime behavior of an application. This is achieved through rerouting API/function calls to alternate code locations while still allowing the original code to be called from other contexts (ie. from the replacement function). Hooking, combined with class wrapping, such as the case with COM objects, can completely alter the behavior of the target application without having access to its source code.

Executable image parsing allows this to be extended further. Instead of globally hooking a procedure we can now modify behavior privately, within the context of each DLL or shared object (IAT/PLT:GOT hooking method). """


I'm gonna try to get the project setup on dsource.org for SVN / forums.  The code and documentation need polishing and whatever feedback is appreciated.

I am not really sure what this is, but can it be used to make an executable delete/replace itself :) ?

bobef wrote:
> I am not really sure what this is, but can it be used to make an executable delete/replace itself :) ?

No, but the TODO list has a "from-memory executable loader" on it thats half done (see http://www.joachim-bauch.de/tutorials/load_dll_memory.html/en).

Ive used something similar in an older project to allow the software to hot-swap its core (no file backing/locking and everything was stored in a zip archive).

The main issue is when/where/how to unload the old core. You can pass a context onto the next dll and let it unload/modify the old, or you can create a loader stub inside its own memory region and let it handle all the loading / unloading.


In any case, i'll see if i can come up with something interesting.


BTW:
Delinking a DLL from the process environment block module list lets you delete the file on disk IIRC (example at the bottom here http://destroy.selfip.org/svn/kong/win32/DSO.d).

Dunno how useful that is, aside from hiding the dll or letting you delete it off disk.

Added support for Tango for those interested.


Also the new project site is: http://www.dsource.org/projects/kong/wiki


The HDD on the old site died like a week after i finished setting up the pos haha.