using an instrumentation framework such as Microsoft Detours

The following are some useful resources if you’d like to find out more about

reverse engineering and related topics:

■■

Reversing: Secrets of Reverse Engineering by Eldad Eilam

■■

Hacker Disassembling Uncovered by Kris Kaspersky

■■

The Art of Software Security Assessment by Mark Dowd, John McDonald,

and Justin Schuh

■■

www.acm.uiuc.edu/sigmil/RevEng

■■

www.uninformed.org/?v=1&a=7

Manipulating Exported Functions

As with Java applets, it may be possible to manipulate and repurpose an

ActiveX control’s processing solely by invoking methods that it exposes to the

browser through its normal interface.

ActiveX controls may expose numerous methods that the application never

actually invokes from HTML, which you may not be aware of without exam-

ining the control itself. COMRaider by iDefense is a useful tool that can dis-

play all of a control’s methods and their signatures, as shown in Figure 5-7.

Figure 5-7:  COMRaider showing the methods exposed by an ActiveX control

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham: