Raised This Month: $12 Target: $400
 3% 

SM msvcrt exports


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
NotnHeavy
Junior Member
Join Date: Feb 2022
Location: England
Old 11-12-2022 , 11:49   SM msvcrt exports
Reply With Quote #1

SM msvcrt exports

Remember this post a user made a while back, demonstrating how you can get an executable's PEB? Well, inspiration tends to be pretty wild.

I wrote my own SourcePawn include that walks over the export table of the loaded msvcrt.dll module, grabs the RVAs of a bunch of stdlib.h functions (such as malloc and free), then sets up SDKCalls for them. Why? Why not, I thought this would be fun. It allowed me to learn a few things on the way as well.

If I ever get bored, I may write a Linux version of this as well. Feel free to bug me over it I suppose. :)

Go wild with this! For serious work however, I would advice towards using an extension instead.

GitHub repository
cstdlib.inc in GitHub repository
NotnHeavy is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
Old 12-01-2022 , 05:30   Re: SM msvcrt exports
Reply With Quote #2

Cool. Good work.

Just FYI, there is MemoryEx include, doing the same for both Windows and Linux.
BTW, unlike Windows, there is no symbol information in elf libs loaded module. Such info could be extracted from physical file only. I described more detail information here.
__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch & FreeZone)
[My plugins] [My tools] [GitHub] [Articles] [HiJackThis+] [Donate]

Last edited by Dragokas; 12-01-2022 at 05:31.
Dragokas is offline
NotnHeavy
Junior Member
Join Date: Feb 2022
Location: England
Old 12-01-2022 , 12:23   Re: SM msvcrt exports
Reply With Quote #3

That's actually pretty interesting! Thank you for sharing, I didn't realize this existed haha.
NotnHeavy is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 16:01.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode