Monday, December 17, 2007

Release uhooker v1.3

What's uhooker?:

A tool to intercept and manipulate execution of programs. It enables the user to insert hooks in function calls and arbitrary addresses within the executable file in memory. The hooks handlers are written in Python and can be changed at runtime without the need to restart the inspected process.

Download:

http://oss.coresecurity.com/uhooker/release/1.3/uhooker_v1.3.tgz

http://oss.coresecurity.com/uhooker/release/1.3/uhooker_v1.3.zip



more info:

http://oss.coresecurity.com/projects/uhooker.htm

http://oss.coresecurity.com/uhooker/doc/index.html


Some Videos:

http://oss.coresecurity.com/uhooker/doc/uhooker_changeconnect.wmv
http://oss.coresecurity.com/uhooker/doc/uhooker_sendhex.wmv



What's new in uhooker v1.3?
===========================

-Several bug fixes, everything should work better than before :)

-Fixed bug with readunicode() API where reading empty multibyte strings,
resulted in the plugin freezing for ever.

-Now you can load multiple .CFG files (load one, then load another to hook
something else, etc). Previously, you were only allowed to load one .CFG file
with breakpoints/handlers definitions. Now you can load as many as you like
whenever you want.

-If a .CFG file overlaps previously set hooks, you have the chance
to redefine them (for example, you can dinamically change the
file/function handling the breakpoint. This adds to the feature
present since the first version of uhooker that allows runtime rewriting
of the handler's code).


-Errors in the code of the handlers (written in python) are now correctly handled.

-Previously, if you had an error in the code you wrote to handle
certain breakpoint, this caused the 'uhooker's python server' to
'crash', and you needed to restart your debugging session all over
again.

This scenario was very common, particuarly if you were developing
your own handler/script for the first time, or if you were
modifying at runtime the code of a handler/script.


Well, no more! :), Now if you have an error (syntax error,
identation error, general programming error,etc), the error that
your handler has will be displayed on the uhooker's console, and
you'll be able to recover from that error. This improvement means:

1-If an error occurs on the code, you don't
need to restart the debugger's session (and lose
the state of the program, etc.).

2-If you are changing in runtime the code of the
handler, and you makee a mistake, you'll see what
caused the error, and you can fix the script/handler
and move on!.


-and there are probably more things but I didn't write them down and now I dont't remember :).

Wednesday, December 12, 2007

uhooker videos - tcpnet.py video

A new video showing how to use the tcpnet.py script, this is a sample script
that allows you to intercept and modify network traffic using an hex editor.

Embedded Video (only IE I think)

http://oss.coresecurity.com/uhooker/doc/uhooker_sendhex_video.html

Direct Download

http://oss.coresecurity.com/uhooker/doc/uhooker_sendhex.wmv

Tuesday, December 04, 2007

Uhooker Videos

Hi All!,

I'm uploading new scripts for uhooker and also new videos showing how these scripts are used, to help you get an idea of the purpose of the scripts.

I just uploaded a video showing how to use the Change Connect() script, you can find it here:


Embedded in browser:

http://oss.coresecurity.com/uhooker/doc/change_connect_video.html


Direct Download of .WMV file (if using firefox, you will probably
need to download this one):

http://oss.coresecurity.com/uhooker/doc/uhooker_changeconnect.wmv


Note: If anyone knows of a free program to do screencasts & convert screencasts
to .SWF files(flash), please let me know. I'm currently doing it using 'Windows
Media Encoder', and I couldn't find a decent program to convert .WMV
to Flash. Any suggestion is welcome.