Didier Stevens

Thursday 25 June 2009

bpmtk: Injecting VBScript

Filed under: bpmtk,Hacking,My Software — Didier Stevens @ 7:03

Here’s a new trick: injecting VBScript in a process. I’ve developed a DLL that will create a COM instance of the VBScripting engine and let it execute a VBScript. Injecting this DLL in a running program results in execution of the VBScript in the context of the running program. Here’s an example where I wrote a VBScript to search and replace a string in the memory of the notepad process:

Here is part of the VBScript I developed to search and replace inside the memory of a process. It uses custom methods like Peek, Poke and Output that I’ve added to the scripting engine:

20090609-205420

I’ll provide more details in an upcoming blogpost on bpmtk version 0.1.5.0, but you can already download it here.

YouTube, Vimeo and hires Xvid.

Blog at WordPress.com.