"Application Injection" is a term that I coined last year at DefCon for a technique first demonstrated to me there.
Sitting in the front row of a rowdy, fun crowd at one of the last talks (shots, shots for the speaker!) of the conference, I watched in amazement as it was shown to me how to start an application, hook into it's process, grab a reference to the main form and then inject a full scripting and compilation environment directly into the application.
This of course was happening, not at the podium, but directly beside me, as Dinis Cruz was catching me up on his 14 months of straight coding and getting me back up to speed on his complete overhaul of the O2 Platform.
Below is a series of screenshots that attempts to illustrate this original hooking technique (there are much easier / more stable / cross language ways to accomplish this currently) and then the execution of some very simple scripts that reveal and allow access to the inner details of the application.
The command prompt is launched to execute a script that will
appscan.exe and open a LogViewer shown here
displaying the 'waiting for
main window to load' loop.
Below is a close-up of the Log Viewer, showing the reference to the main window retrieved and the Compile Engine executing a script to add O2 methods to the main code base.
Here we see those added methods, creating an O2 Menu with the Log Viewer and Script Editor which will be started inside of the process, as any other 'native' methods would be.
Simply returning the Main Form (The AppScan Standard GUI in this case) gives access to all the Form level properties, which when manipulated have an instantaneous effect!
Instead, returning a call to MainForm.showDetails() gives a full picture of all Methods, Fields and Properties in use in the entire application.
Since we are far beyond public, private or protected (by way of reflection) at this point, I believe it's fair to say:
All Your Application's Data Are Belong To Us.