[Full-disclosure] Release uhooker v1.3



What's uhooker?:

A tool to intercept and manipulate execution of programs. It enables
the user to insert hooks in function calls and arbitrary addresses
within the executable file in memory. The hooks handlers are written
in Python and can be changed at runtime without the need to restart
the inspected process.

Download:

http://oss.coresecurity.com/uhooker/release/1.3/uhooker_v1.3.tgz
http://oss.coresecurity.com/uhooker/release/1.3/uhooker_v1.3.zip

more info:

http://oss.coresecurity.com/projects/uhooker.htm
http://oss.coresecurity.com/uhooker/doc/index.html

Some Videos:

http://oss.coresecurity.com/uhooker/doc/uhooker_changeconnect.wmv
http://oss.coresecurity.com/uhooker/doc/uhooker_sendhex.wmv



What's new in uhooker v1.3?
===========================

-Several bug fixes, everything should work better than before :)

-Fixed bug with readunicode() API where reading empty multibyte strings,
resulted in the plugin freezing for ever.

-Now you can load multiple .CFG files (load one, then load another to hook
something else, etc). Previously, you were only allowed to load one .CFG file
with breakpoints/handlers definitions. Now you can load as many as you like
whenever you want.

-If a .CFG file overlaps previously set hooks, you have the chance
to redefine them (for example, you can dinamically change the
file/function handling the breakpoint. This adds to the feature
present since the first version of uhooker that allows runtime rewriting
of the handler's code).


-Errors in the code of the handlers (written in python) are now
correctly handled.

-Previously, if you had an error in the code you wrote to handle
certain breakpoint, this caused the 'uhooker's python server' to
'crash', and you needed to restart your debugging session all over
again.

This scenario was very common, particuarly if you were developing
your own handler/script for the first time, or if you were
modifying at runtime the code of a handler/script.


Well, no more! :), Now if you have an error (syntax error,
identation error, general programming error,etc), the error that
your handler has will be displayed on the uhooker's console, and
you'll be able to recover from that error. This improvement means:

1-If an error occurs on the code, you don't
need to restart the debugger's session (and lose
the state of the program, etc.).

2-If you are changing in runtime the code of the
handler, and you makee a mistake, you'll see what
caused the error, and you can fix the script/handler
and move on!.


-and there are probably more things but I didn't write them down and
now I dont't remember :).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • release uhooker v1.3
    ... The hooks handlers are written ... What's new in uhooker v1.3? ... -Now you can load multiple .CFG files (load one, ...
    (Bugtraq)
  • Re: Can extra processing threads help in this case?
    ... No hyperthreading == N handlers, where N is the number of threads being used (no matter ... incoming queuing and perform load balancing. ... A single queue with two handlers will not by itself provide ... queue is if too many free jobs are submitted. ...
    (microsoft.public.vc.mfc)
  • Re: Can extra processing threads help in this case?
    ... The only thing that you "said" you found that if you load a simple test program, that you see ZERO FAULTS after the initial faults have settled down. ... 10 ms and reduced the TPS now to 50. ... this is an idealize equalized loading system - a single queue with two handlers. ... you need to redesign and measure how the OCR processor can work as a multi-threaded processor. ...
    (microsoft.public.vc.mfc)
  • Re: Can extra processing threads help in this case?
    ... a single queue with two handlers. ... incoming queuing and perform load balancing. ... A single queue with two handlers will not by itself provide ... 100 ms real time threshold for my high priority jobs. ...
    (microsoft.public.vc.mfc)
  • Re: [ANNOUNCE] Merkeys Kernel Debugger
    ... hooks, adding the needed hooks to be more complete, working as a ... One serious point has to do with NMI handling on SMP since the notify_die ... handlers when I MUST BE ABLE TO NMI AND HALT non-focus processors first. ... enter debugger events. ...
    (Linux-Kernel)