~/posts
13 posts
Low-Level Interception: A Guide to Windows NT API Hooking
Hooking the NT API allows for low-level monitoring of system calls. By injecting a custom DLL and using 14-byte absolute jumps with trampolines, we can intercept calls like NtCreateFile without breaking the original functionality.
calc (pwnable.tw)
The calc binary validates input length but mishandles expressions that start with an operator. By corrupting pool->cnt, we gain out-of-bounds writes on the stack and overwrite the saved return address with a ROP chain.
ACS 2024: A Silver Journey in Ha Long with KMA.Qrange
KMA.Qrange placed 2nd at ACS 2024 in Ha Long, winning $10,000. This post details our RE challenge solutions from Qualifier and Finals.