Introduction In this post, we will continue to play with Warsow (see the first article) and exposes some basic knowledge about pointers paths and /proc/mem. Pointers paths? I don’t know if pointers paths is the real name but I’ll use it in the rest of the article. Last day, we saw where is the struct of the first opponent in our Warsow memory. However, due to the ASLR, the struct location changes between two executions. Thus we need a little…
Introduction This bonus article describes a second easy method to retrieve a symbol address into a process. The first method was exposed here. As explained previously, the injected lib is loaded into the victim process (yeah, that’s the goal) but also into the injector in order to compute an offset. This last loading can cause several drawbacks: Load a library just to compute an offset may be overkill. If the library contains some constructors, these ones will be run into…
Introduction In the last article, we saw how to retrieve a function pointer into the memory of a process as well as the theory about shared library injection and . As a reminder, here are the steps to inject a library: Compute the address of __libc_dlopen_mode into the victim process. Attach the victim process with ptrace. Modify the victim process to make it execute the __libc_dlopen_mode function. So, in this article we will see how to interfere with the execution…
Introduction Since my childhood, I wanted to know how do game cheats work. And because it has been a long time since I haven’t touch any process from the inside, the time has come! In this article series, I will show some of my works about cheats development. I just began this long journey and I don’t even know yet if I will finish it (yeah, procrastination). As explain into the title, in this article I describe the first part…