“Code cave”的意思、由来-开放百科全书

词条

Code cave

释义

Common uses
Advantages
Disadvantages
Tools
References
External links

{{Multiple issues|{{Underlinked|date=September 2018}}{{Orphan|date=October 2015}}
}}

A code cave is a series of null bytes in a process's memory. The code cave inside a process's memory is often a reference to a section of the code’s script functions that have capacity for the injection of custom instructions. For example, if a script’s memory allows for 5 bytes and only 3 bytes are used, then the remaining 2 bytes can be used to add external code to the script.

Common uses

The concept of a code cave is often used by hackers to execute arbitrary code in a compiled program. It can be an extremely helpful tool to make additions and removals to a compiled program including the addition of dialog boxes, variable modification, or removal of software key validation checks. Often using a call instruction commonly found on many CPUs, the code jumps to the new subroutine and pushes the next address onto the stack. After execution of the subroutine, a return instruction can be used to pop the previous location off of the stack into the program counter. This allows the existing program to jump to the newly added code without making significant changes to the program itself.

Advantages

Easy/Fast – This means the modification process is fast and easy. When modifying the existing code with byte tools like Ollydbg, the added functions can be compiled and tested without any dependencies.
No need for source – Using code caves can be extremely efficient if there is no source code provided for the coder. The programmer can make adjustments and add/remove functions to the code without having to rewrite an entire new program or link class into a project.

Disadvantages

Easy to break the program – In many cases you will be modifying the executable file. This means that there may not be an existing code cave in the existing script for any code injection due to the lack of resources provided in script. Any replacement of the existing script may lead to program failure/crash.
Lack of versatility – Injecting code into an existing script means that the limited space given only allows for simple instruction modifications and the language used is only assembly.

Tools

Ollydbg: a debugger for code analysis. It traces the script calls and executes, as well as displays any iterations in the libraries and binaries. Code can be injected or removed into/from the EXE file directly with this debugger.
PE: Explorer: it lets you open and edit executable files called PE files (portable executable files). This includes .EXE, .DLLs and other less common file types.
Cheat Engine: a powerful tool that reads process memory and writes process memory. This means any client-side data values can be changed and edited. It also can display changes in the values.
TSearch: a powerful tool that reads process memory and writes process memory. Like Cheat Engine, it can change client-side values data.^[1]^[2]^[3]^[4]

References

1. ^http://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves The Beginners Guide to Codecaves - CodeProject
2. ^http://thelegendofrandom.com/blog/archives/tag/code-caveModifiying Binaries: Adding a Splash Dialog {{Webarchive|url=https://web.archive.org/web/20140407082907/http://thelegendofrandom.com/blog/archives/tag/code-cave# |date=2014-04-07 }}
3. ^http://eryanbot.com/jtp/2012/06/30/game-hacking-utilizing-code-caves/ Game Hacking-Utilizing Code Caves
4. ^http://www.progamercity.net/ghack-tut/164-guide-theories-methods-code-caves.html Theories and methods of Code-caves

External links

Code Cave Injection Tutorial C++ - rohitab.com - Forums
Code Cave explanation in german

3 : Process (computing)|Threads (computing)|Software cracking

随便看

开放百科全书收录14589846条英语、德语、日语等多语种百科知识，基本涵盖了大多数领域的百科知识，是一部内容自由、开放的电子版国际百科全书。