I've been doing/trying out alot of different dllinjection, iat patching, function hooking etc lately, reading everything i've come across and applyed that in different ways (ingenius stupid ways :PPP) but the term Trampoline has evaded my understanding, WTF is ment with a trampoline?
Posted on 2003-05-03 08:59:55 by SFP
It is an Microsoft term for replacing a few (aka 5) bytes at the near start of PE files and use this to load your own DLL (or wahatever) into the process memory area -- - aka make process jump via "trampoline" == circus term? to your code -- and then of course restore the original bytes and the execute them...

In Brief: A method of injection a DLL into an processe's memory space via a small asm code patch .
Posted on 2003-05-03 10:09:52 by BogdanOntanu

"trampoline" == circus term?

Afaik it's what you can jump from in to water like this:


[COLOR=sienna]o[/COLOR]
[COLOR=sienna]-|-[/COLOR] [COLOR=purple]>-\[/COLOR]
[COLOR=sienna]/ \[/COLOR] [COLOR=purple]|[/COLOR]
3__________________ [COLOR=purple]|[/COLOR]
3|------------------ [COLOR=purple]v[/COLOR]
3|
3|______________
3|--------------
3|
3|__________
3|----------
3|
3|
3|
---+---[COLOR=blue]~~~~~~~~~~~~(Water)~~~~~~~[/COLOR]
\[COLOR=blue]~~~~~~~~~~~~~~~~~~~~~~~~~[/COLOR]

(/me very bad painter :stupid: )
Posted on 2003-05-03 15:32:28 by scientica
Hahahaha, you guys are funny :grin:

A "trampoline" is one of those things you bounce on, and women use little mini ones in some aerobic classes. They are great for having in your backyard as a kids (and adults) toy.

The guy at MS who published this technique is using it in the context of "you are bouncing from the original dll function to your own, then bouncing back to it".

p.s. Trampolines are fun when you are drunk, just don't fall off :)
Posted on 2003-05-03 17:26:37 by sluggy
scientica, very nice picture, but that's a diving board. :)




^- trampoline.
Posted on 2003-05-03 22:31:37 by iblis
It must be a good method for api hooking purposes.
Posted on 2003-05-04 03:53:07 by Vortex

diving board

You're right, I just checked with an dictionary, the Swedish word "Trampolin" mean diving board, and I thought it (trampoline) was the same word, but clearly I was wrong. But nowI knoe something I didn't know yeasteday.. :)
Posted on 2003-05-04 04:26:47 by scientica
So what's Swedish for trampoline then?
Posted on 2003-05-04 10:35:14 by iblis

It is an Microsoft term for replacing a few (aka 5) bytes at the near start of PE files and use this to load your own DLL (or wahatever) into the process memory area -- - aka make process jump via "trampoline" == circus term? to your code -- and then of course restore the original bytes and the execute them...

In Brief: A method of injection a DLL into an processe's memory space via a small asm code patch .


sounds like a hook just for vrius writers :eek:
Posted on 2003-05-04 12:12:06 by rob.rice

So what's Swedish for trampoline then?

"StudsPosted on 2003-05-04 13:42:00 by scientica
Oh so THAT'S what they call it =) I just called it EP patching for DLL loading :P I guess trampoline is easier :P thx.
Posted on 2003-05-05 05:27:14 by SFP