重新链接十六进制代码并在另一台机器上运行
如果我可以在一台机器上获取函数的十六进制代码 我如何重新链接它并在另一台机器上执行 IE, 如果我从反汇编器中获取函数的十六进制代码 并且该函数称为 Windows API,
void newfunc()
{
call some_API;
}
用于在另一台机器上运行,我必须重新链接它才能调用该机器的 API 地址。 假设机器运行具有相同硬件架构的 Windows..
ps:关于分布式系统编程
更多说明: 因此我有 newfunc() 的十六进制代码,其中包括对机器 A 中 some_API 的调用程序集...我想在类似的架构和操作系统但不同的机器 B 上运行这个十六进制代码 所以我必须重新链接它,以便对 some_API 的调用转到目标计算机 B 的 some_API...我该怎么做? 提前谢谢
if i could get the hex code of a function in one machine
how would i relink it and execute on another machine
i.e,
if i get the functions hex code from a disassembler
and the function called a windows API
void newfunc()
{
call some_API;
}
for running on another machine i would have to relink it to call that machines API address.
given the machine runs windows with same hardware architecture..
p.s:regards to a distributed systems programming
more explanation:
thus i have the hex code of newfunc() which includes the call assembly to some_API in machine A... i want to run this hex on a similar architecture and OS but a different machine B
so i would have to relink it so that call to some_API goes to the destination machine B's some_API...how would i do that?
thnx in advance
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
要执行您在 Windows 下描述的操作,需要复制 PE 加载程序功能。
在 Windows 下,通常发生的情况是:
在 PE 的 RDATA 部分:
您不能只复制文本和 RDATA,因为由于 ASLR(地址空间布局随机化),DLL 可以加载到不同的位置,其目的是防止您的行为发生变化。尝试做的事情:
假设您有一个很好的方法来识别函数所需的所有数据(这可能并不容易),您可以通过直接进入 Windows“系统调用”界面来避免此 DLL 问题。
例如,请参阅:http://www.nynaeve.net/?p=48 和http://www.symantec.com/connect/articles/windows-syscall-shellcode 将作为起点。请注意第二篇文章中的注意事项,系统调用接口在操作系统版本之间会发生变化!假设您的分布式系统类似,那就没问题了。
打包远程执行代码问题的典型解决方案是将代码放入 DLL 中。
然后,当DLL被加载到每台机器上时(例如,LoadLibrary),PE加载器将修复正确的地址。
To do what you have described under Windows would require duplicating the PE Loader functionality.
Under Windows, what usually happens is:
in the RDATA section of the PE:
You can't just copy text and RDATA because DLL's can be loaded in different places due to ASLR (Address Space Layout Randomization) which aims to prevent exactly what you are trying to do:
ASSUMING you had a good way of identifying all the data that your function needs (which may not be easy), you could avoid this DLL problem by going directly to the Windows "syscall" interface.
For example, see: http://www.nynaeve.net/?p=48 and http://www.symantec.com/connect/articles/windows-syscall-shellcode will serve as starting points. Note the cautions in the second article that the system call interface changes between versions of the OS! Assuming your distributed system is similar, you will be fine.
The typical solution for the problem of packaging code for remote execution, is to put the code in a DLL.
Then, when the DLL is loaded on each machine (eg, LoadLibrary), the PE loader will fix up the proper addresses.