Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment What about... (Score 1) 387

So all you NASCAR fans coming out of the wood work (and racing fans in general) I have a questions. Are there any motor racing events without restrictions to (at least) the engines?

As a huge nerd...I'd love to see a motor sport that is more about the ability to manufacture some crazy ass vehicle than how good the driver is.

Submission + - Your C# Executables: Now Even More Unsafe (imgur.com) 2

Redmancometh writes: So I have made hacks for a few semi-popular games that involve C#. Recently I discovered a library called mono.cecil which made ILcode manipulation relatively painless. After discovering this I put a bit of my infosec background to use. So...I used it to make an application that allows the injection of "agent" dlls into a bytecode assembly (exe or dll.)

Features currently available
: — Search directories for .net assemblies. Filter for .exe/.dll and whether or not to search recursively.
  — Get assembly of running process and determine if it's .net. If so, add to file list
  — Specify entry point for "jumpMethod()" instructions in C# dll assemblies from the GUI. This guarantees you can hook something that you know will be called.
  — Can completely replace entry point method if the option is specified
  — Can inject code from specified agent into all constructors in target assembly. Separate methods in agent correspond to instructions inserted at top/bottom of constructors respectively.
- Can inject code from specified agent into all methods of target assembly. Separate methods in agent correspond to instructions inserted at top/bottom of methods respectively...No checkbox yet, just an argument. I'll add the checkbox when methods can be hooked via select-able BindingFlag filters

Here are some photos:
The good:
      — A means of instrumentation in C#. The ability to fully interact with the code causing you problems...at runtime.
      — The ability to deploy patches to 3rd party C# applications extremely easily.
      — Very few pieces of malware written in C# are "stealthy"
      — C# has authentication checks when accessing fol
The Bad:
    — I can cheat in all your .net games.
    — It can search specifically for .net assemblies, or the assemblies of chosen processes, and inject .net code into them. This could be used maliciously..and make injected code quite hard to remove.

So you know, never trust a .net binary again. I'll be releasing the application once it's 100% done. Currently it works with about ~90% of C# assemblies with a pretty significant agent payload. Let me know what you guys think, and let me know if you have any ideas. I'll be releasing the first version in the next week or so.

At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.