Didier Stevens

Tuesday 3 June 2008

Quickpost: bpmtk Config File Embedding

Filed under: Hacking,My Software,Quickpost — Didier Stevens @ 5:59

After a rather long detour in PDF file format land, let’s pick up where we left the bpmtk.

My Basic Process Manipulation Tool Kit requires a configuration file with instructions to manipulate processes, like this one to start cmd.exe in a restricted environment:

start cmd.exe
search-and-write module:. unicode:DisableCMD hex:41

Save this configuration in a text file, for example start-cmd.txt. And then start bpmtk with this file:

bpmtk start-cmd.txt

You can also embed this configuration file inside the bpmtk executable, like this:

bpmtk start-cmd.txt bpmtk-cmd.exe

This will create a copy of bpmtk.exe, called bpmtk-cmd.exe, with start-cmd.txt embedded as a resource (called BPMTK).
When you execute bpmtk-cmd.exe (without any arguments), the embedded script will be executed. Use this
trick if you often have to execute the same command, or if you have to execute bpmtk in an environment where you cannot provide an argument.


Quickpost info


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: