For injection to work, the registered process must statically link to user32.dll (only a few small non-graphical windows applications don't link user32.dll). Attention Note that on Windows NT a reboot is required after using -syswide_on or -syswide_off.ĭynamoRIO uses the \HKLM\SOFTWARE\Microsoft\Windows\Windows NT\CurrentVersion\AppInit_DLLs key (for 32-bit on 64-bit Windows (WOW64), \HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs) for -syswide_on to inject into new processes without having to directly launch them drrun.exe or drinject.exe. The bin32 version will display 64-bit processes but is unable to determine whether DynamoRIO is present. The bin64 version will display both 32-bit and 64-bit processes and will indicate which are 32-bit. To view 32-bit or WOW64 processes running under DynamoRIO the drview.exe tool can be used. The third argument, 0, is an ID supplied at registration which uniquely identifies the target client (see dr_deploy.h for details). This will result in a nudge event with argument=5 delivered to the client callback registered with dr_register_nudge_event() in all notepad.exe processes running under DynamoRIO. Run notepad.exe with the bbsize sample client using the following configure-and-run command:īin32/drconfig.exe -nudge notepad.exe 0 5 One-time configuration also uses the process id to specify that the configuration is for that process instance only.Īs an example, assume you have unpacked the DynamoRIO distribution and your current directory is its base directory. Also note that by default USERPROFILE is not set over cygwin ssh and must be explicitly set in the shell startup files.Ĭonfigurations are per-process, with the basename of the process used for identification (e.g., notepad.exe). Note that applications that do not have a USEPROFILE environment variable can be controlled using DYNAMORIO_CONFIGDIR or global configurations. DynamoRIO gives local files precedence when both exist. The provided tools support reading and writing both local and global configuration files, and automatically creating the local directory. Setting that DYNAMORIO_HOME value and creating the directory it points to must be done manually. If neither is set, a temp directory will be used when creating new configuration files for configure-and-run execution.ĭynamoRIO also supports global configurations, which are stored in the "config" subdirectory of the directory specified by the DYNAMORIO_HOME registry value in the registry key \HKLM\SOFTWARE\DynamoRIO\DynamoRIO (or for 32-bit on 64-bit Windows (WOW64) \HKLM\SOFTWARE\Wow6432Node\DynamoRIO\DynamoRIO). If the DYNAMORIO_CONFIGDIR environment variable is set, its value is used instead of USERPROFILE. Thus, configurations are persistent across reboots and are private to each user. The drconfig.exe tool, or the corresponding the drconfiglib.dll library, can also be used to nudge running processes.Ĭonfiguration information is stored in files in the current user's profile directory, which is obtained from the environment variable USERPROFILE. The drrun.exe tool supports the first, simpler model, while the drconfig.exe and drinject.exe tools support the second, more powerful model. There are two methods for running a process under DynamoRIO: the one-time configure-and-run, and the two-step separate configuration and execution. When using DynamoRIO as a third-party disassembly library (see Disassembly Library), no deployment is needed, as DynamoRIO does not control a target application when used as a regular library. On Linux, the tools are named drconfig, drrun, and drinject, and the libraries are libdrconfiglib.a and libdrinjectlib.a. The corresponding libraries (whose APIs are exposed by the tools) are drconfiglib.dll and drinjectlib.dll with header files dr_config.h and dr_inject.h. On Windows, the tools are drconfig.exe, drrun.exe, and drinject.exe. Once the DynamoRIO distribution contents are unpacked (see Distribution Contents), configuration and execution of applications under DynamoRIO is handled by a set of libraries and tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |