News

Preview of Function Hacker

Significant progress has been made on the new function hacker tool. The data filtering on this new version is not yet implemented, but all the required data is currently being recorded. The visualization of the execution flow as well as the play bar control is working well with quick performance.

I have run into a significant hurdle regarding the immediate derefencing of pointers to allow for searching for parameters passed as pointers or structures. I was originally planning on using the obsolete Kernel32.dll isBadReadPtr() function to check if the input arguments to the instrumented functions are pointers, but this will no longer work because this will mess up the page guards used for stack growth. Instead for the first release I am not going to focus on any pointer derefencing, and add it in a later version by handwriting the assembly to check that the address is within a valid heap. Thanks to Zelimir for his work on adding a few nice things here and there. Anyways, here is a screenshot of the interface with some labels: