The "Base Address?"
Author
Hey, I was talking with these people one day, asking them how they injected their third party program into the game they used it on, and they started talking about how they "Patched the Base Address, then injected it." What is the "Base Address" and how could I STOP it from being patched?
*EDIT*
When I asked how I could stop it, I was thinking more from the inside of the program, :P.
I'm not sure, but I think this sort of code injection happens while the process is running, not via modification of the binary. I think there are techniques for detecting processes who have attached to and/or attacked your memory space, and terminating as a result, but tbh I'm not familiar with them myself.
[EDIT] I happened to find this article on how the injection is done in the first place.
[EDIT] I happened to find this article on how the injection is done in the first place.
Author
Quote:Original post by Promit
Yet more googling brings up this page which may be useful.
Thanks for the help, I had googled earlier but found nothing but books like "Building a good base tan."
It sounds like they're talking about inserting thier own dll into the game. Every dll has a "base address" which is the default address it loads into memory. It's hard to say more without more context.
There's pretty much nothing your program can do to stop such things. Especially if it's running on thier hardware and they're admins on the machine.
There's pretty much nothing your program can do to stop such things. Especially if it's running on thier hardware and they're admins on the machine.
There are ways to do it, but this topic is very complex to explain it in a posting (there are whole books about this topic out there).
A good start is the article posted above. In the appendix the autor lists some useful sources when you're really interested in this topic.
A good start is the article posted above. In the appendix the autor lists some useful sources when you're really interested in this topic.
Author
Quote:Original post by ext
There are ways to do it, but this topic is very complex to explain it in a posting (there are whole books about this topic out there).
A good start is the article posted above. In the appendix the autor lists some useful sources when you're really interested in this topic.
Hrm..I'll have to read up on this then, :P.
( Also, the reason I put it in For Beginners is because this is..well..my beginning experience with this topic. :P )
That article is mostly talking about things to do about attacks *from outside the machine* - basically defensive practice designed to mitigate buffer overflow or other bugs in your own (or possibly system) code. Those techniques accomplish exactly nothing against an attacker that owns the machine and has admin access. Maybe the attacker has to go through an extra level of indirection to find your data - bfd.
IMHO these sorts of things just give people a false sense of how secure thier systems are as well as making things annoying for the poor developers that have to use (and work around) them - probably causing even more bugs.
IMHO these sorts of things just give people a false sense of how secure thier systems are as well as making things annoying for the poor developers that have to use (and work around) them - probably causing even more bugs.
Author
Quote:Original post by Anon Mike
That article is mostly talking about things to do about attacks *from outside the machine* - basically defensive practice designed to mitigate buffer overflow or other bugs in your own (or possibly system) code. Those techniques accomplish exactly nothing against an attacker that owns the machine and has admin access. Maybe the attacker has to go through an extra level of indirection to find your data - bfd.
IMHO these sorts of things just give people a false sense of how secure thier systems are as well as making things annoying for the poor developers that have to use (and work around) them - probably causing even more bugs.
Looks like they'd still have, like you said, trouble injecting their code into your program. If the person DOES happen to still do it, then he probably deserves to hack for a little bit.
Another question: Is there any way to tell whether ANY modification has been made to a client whatsoever at runtime?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement