Techniques

In revenge parlance, a Technique is a high level set of actions that should be performed on the running binary. For instance, instead of manually deciding how you need to hide yourself from debugging checks, a technique could be applied that specifically attempts to do that. They’re effectively high level batches of actions to be parformed with a single goal in mind.

Types of Techniques

There are two main types of techniques, due to how these techniques may be implemented:

Stalk Techniques

These techniques require the use of per-thread stalking. The important thing to note here is that you can only have one stalker running on a thread at a time. That means, you can only use one of these techniques at a time.

Replace Techniques

These techniques utilize binary re-writing prior to thread execution. The important thing to realize here is that these changes will affect all threads, since they are not thread specific. You can, however, have as many of these techniques running at a time as you like, since they do not take up a stalker context.

General Technique Usage

Specifics of technique usage may vary from technique to technique, the general usage remains the same. The steps are:

  1. Start your process

  2. Select the technique from process.techniques.<technique>()

  3. apply() your technique

    a. If it is a stalking technique, you may want to provide the threads to the apply function

  4. (optionally) remove() the technique at some point.

Techniques for specific calls

It’s possible to apply a technique for specific calls. For instance, where you would use a native call to a function like time(0), you can also provide a techniques argument with a single (or list) of techniques to apply to the specific call.

Details can be found under MemoryBytes documentation.

Implemented Techniques

For a list of techniques and more information, see Techniques.

How To Create a Technique

Creating a new technique is relatively strait forward:

  1. Create a new submodule in revenge/techniques

  2. Create your technique class by extending revenge.techniques.Technique

  3. Implement apply and remove methods

  4. Make sure TYPE is defined in your class

  5. In the __init__.py, be sure that you expose the Technique you created. It can be any name, so long as the class instantiator is visible.

  6. docs and tests

revenge will auto-discover the technique at runtime and expose it.