Submit Search
Upload
Inline Hooking in Windows
•
2 likes
•
1,567 views
High-Tech Bridge SA (HTBridge)
Follow
This document is the second of a series of five articles relating to the art of hooking.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 26
Download now
Download to read offline
Recommended
ゼロから学ぶIoT
ゼロから学ぶIoT
Masaru Takahashi
Azure ad の導入を検討している方へ ~ active directory の構成パターンと正しい認証方式の選択~
Azure ad の導入を検討している方へ ~ active directory の構成パターンと正しい認証方式の選択~
junichi anno
Java vs JavaScript | Edureka
Java vs JavaScript | Edureka
Edureka!
Tech Summit 2018 【事例紹介】 自社サービスに Azure IoT Hub Device Provisioning Serviceを適用してみた
Tech Summit 2018 【事例紹介】 自社サービスに Azure IoT Hub Device Provisioning Serviceを適用してみた
Masaru Takahashi
あなたも「違いが分かる人」になりましょう! ~ Azure, AzureStack, AzureStack HCI ~
あなたも「違いが分かる人」になりましょう! ~ Azure, AzureStack, AzureStack HCI ~
Masahiko Ebisuda
Sql serve2019 staticdatamaskting
Sql serve2019 staticdatamaskting
Microsoft
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
Shinya Yamaguchi
20221209-ApacheSolrによるはじめてのセマンティックサーチ.pdf
20221209-ApacheSolrによるはじめてのセマンティックサーチ.pdf
Koji Sekiguchi
Recommended
ゼロから学ぶIoT
ゼロから学ぶIoT
Masaru Takahashi
Azure ad の導入を検討している方へ ~ active directory の構成パターンと正しい認証方式の選択~
Azure ad の導入を検討している方へ ~ active directory の構成パターンと正しい認証方式の選択~
junichi anno
Java vs JavaScript | Edureka
Java vs JavaScript | Edureka
Edureka!
Tech Summit 2018 【事例紹介】 自社サービスに Azure IoT Hub Device Provisioning Serviceを適用してみた
Tech Summit 2018 【事例紹介】 自社サービスに Azure IoT Hub Device Provisioning Serviceを適用してみた
Masaru Takahashi
あなたも「違いが分かる人」になりましょう! ~ Azure, AzureStack, AzureStack HCI ~
あなたも「違いが分かる人」になりましょう! ~ Azure, AzureStack, AzureStack HCI ~
Masahiko Ebisuda
Sql serve2019 staticdatamaskting
Sql serve2019 staticdatamaskting
Microsoft
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
Azure active directory によるデバイス管理の種類とトラブルシュート事例について
Shinya Yamaguchi
20221209-ApacheSolrによるはじめてのセマンティックサーチ.pdf
20221209-ApacheSolrによるはじめてのセマンティックサーチ.pdf
Koji Sekiguchi
我家已經有一臺有線路由器,請問WF2419要如何設定才能接在這原有的路由器下正常運作?
我家已經有一臺有線路由器,請問WF2419要如何設定才能接在這原有的路由器下正常運作?
臺灣塔米歐
よくある質問と対策 2015
よくある質問と対策 2015
Atsushi Tanaka
Core java
Core java
Shubham singh
Executing SQL Queries and Making Plugins
Executing SQL Queries and Making Plugins
khcoder
Azure DevOps ハンズオン Vo.1 ~Azure Boards を用いたアジャイル計画とポートフォリオマネジメント~
Azure DevOps ハンズオン Vo.1 ~Azure Boards を用いたアジャイル計画とポートフォリオマネジメント~
Takunori Minamisawa
CSカレッジアワード 出題者:ヘイ株式会社さま 水木絵梨
CSカレッジアワード 出題者:ヘイ株式会社さま 水木絵梨
EriMizuki1
実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターン
Hiroyasu Suzuki
Springboot introduction
Springboot introduction
Sagar Verma
Oracle Database: リリースモデルとアップグレード・パッチ計画 (2021年2月版)
Oracle Database: リリースモデルとアップグレード・パッチ計画 (2021年2月版)
オラクルエンジニア通信
Spring Framework
Spring Framework
tola99
Spring framework Introduction
Spring framework Introduction
Anuj Singh Rajput
Servlet.ppt
Servlet.ppt
VMahesh5
هندسة البرمجيات 1
هندسة البرمجيات 1
alaa_ward
Are Dragons Real?
Are Dragons Real?
Sebastian Wardin
IDaaS を正しく活用するための認証基盤設計 ~Azure Active Directory の構成パターン詳細~
IDaaS を正しく活用するための認証基盤設計 ~Azure Active Directory の構成パターン詳細~
Trainocate Japan, Ltd.
Microsoft Azureのビッグデータ基盤とAIテクノロジーを活用しよう
Microsoft Azureのビッグデータ基盤とAIテクノロジーを活用しよう
Hideo Takagi
AWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for Enterprise
Akio Katayama
NGINX Back to Basics Part 3: Security (Japanese Version)
NGINX Back to Basics Part 3: Security (Japanese Version)
NGINX, Inc.
Spring boot
Spring boot
Gyanendra Yadav
[Japan Tech summit 2017] SEC 004
[Japan Tech summit 2017] SEC 004
Microsoft Tech Summit 2017
Client-side threats - Anatomy of Reverse Trojan attacks
Client-side threats - Anatomy of Reverse Trojan attacks
High-Tech Bridge SA (HTBridge)
Spying Internet Explorer 8.0
Spying Internet Explorer 8.0
High-Tech Bridge SA (HTBridge)
More Related Content
What's hot
我家已經有一臺有線路由器,請問WF2419要如何設定才能接在這原有的路由器下正常運作?
我家已經有一臺有線路由器,請問WF2419要如何設定才能接在這原有的路由器下正常運作?
臺灣塔米歐
よくある質問と対策 2015
よくある質問と対策 2015
Atsushi Tanaka
Core java
Core java
Shubham singh
Executing SQL Queries and Making Plugins
Executing SQL Queries and Making Plugins
khcoder
Azure DevOps ハンズオン Vo.1 ~Azure Boards を用いたアジャイル計画とポートフォリオマネジメント~
Azure DevOps ハンズオン Vo.1 ~Azure Boards を用いたアジャイル計画とポートフォリオマネジメント~
Takunori Minamisawa
CSカレッジアワード 出題者:ヘイ株式会社さま 水木絵梨
CSカレッジアワード 出題者:ヘイ株式会社さま 水木絵梨
EriMizuki1
実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターン
Hiroyasu Suzuki
Springboot introduction
Springboot introduction
Sagar Verma
Oracle Database: リリースモデルとアップグレード・パッチ計画 (2021年2月版)
Oracle Database: リリースモデルとアップグレード・パッチ計画 (2021年2月版)
オラクルエンジニア通信
Spring Framework
Spring Framework
tola99
Spring framework Introduction
Spring framework Introduction
Anuj Singh Rajput
Servlet.ppt
Servlet.ppt
VMahesh5
هندسة البرمجيات 1
هندسة البرمجيات 1
alaa_ward
Are Dragons Real?
Are Dragons Real?
Sebastian Wardin
IDaaS を正しく活用するための認証基盤設計 ~Azure Active Directory の構成パターン詳細~
IDaaS を正しく活用するための認証基盤設計 ~Azure Active Directory の構成パターン詳細~
Trainocate Japan, Ltd.
Microsoft Azureのビッグデータ基盤とAIテクノロジーを活用しよう
Microsoft Azureのビッグデータ基盤とAIテクノロジーを活用しよう
Hideo Takagi
AWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for Enterprise
Akio Katayama
NGINX Back to Basics Part 3: Security (Japanese Version)
NGINX Back to Basics Part 3: Security (Japanese Version)
NGINX, Inc.
Spring boot
Spring boot
Gyanendra Yadav
[Japan Tech summit 2017] SEC 004
[Japan Tech summit 2017] SEC 004
Microsoft Tech Summit 2017
What's hot
(20)
我家已經有一臺有線路由器,請問WF2419要如何設定才能接在這原有的路由器下正常運作?
我家已經有一臺有線路由器,請問WF2419要如何設定才能接在這原有的路由器下正常運作?
よくある質問と対策 2015
よくある質問と対策 2015
Core java
Core java
Executing SQL Queries and Making Plugins
Executing SQL Queries and Making Plugins
Azure DevOps ハンズオン Vo.1 ~Azure Boards を用いたアジャイル計画とポートフォリオマネジメント~
Azure DevOps ハンズオン Vo.1 ~Azure Boards を用いたアジャイル計画とポートフォリオマネジメント~
CSカレッジアワード 出題者:ヘイ株式会社さま 水木絵梨
CSカレッジアワード 出題者:ヘイ株式会社さま 水木絵梨
実践!AWSクラウドデザインパターン
実践!AWSクラウドデザインパターン
Springboot introduction
Springboot introduction
Oracle Database: リリースモデルとアップグレード・パッチ計画 (2021年2月版)
Oracle Database: リリースモデルとアップグレード・パッチ計画 (2021年2月版)
Spring Framework
Spring Framework
Spring framework Introduction
Spring framework Introduction
Servlet.ppt
Servlet.ppt
هندسة البرمجيات 1
هندسة البرمجيات 1
Are Dragons Real?
Are Dragons Real?
IDaaS を正しく活用するための認証基盤設計 ~Azure Active Directory の構成パターン詳細~
IDaaS を正しく活用するための認証基盤設計 ~Azure Active Directory の構成パターン詳細~
Microsoft Azureのビッグデータ基盤とAIテクノロジーを活用しよう
Microsoft Azureのビッグデータ基盤とAIテクノロジーを活用しよう
AWS Cloud Design Pattern for Enterprise
AWS Cloud Design Pattern for Enterprise
NGINX Back to Basics Part 3: Security (Japanese Version)
NGINX Back to Basics Part 3: Security (Japanese Version)
Spring boot
Spring boot
[Japan Tech summit 2017] SEC 004
[Japan Tech summit 2017] SEC 004
Viewers also liked
Client-side threats - Anatomy of Reverse Trojan attacks
Client-side threats - Anatomy of Reverse Trojan attacks
High-Tech Bridge SA (HTBridge)
Spying Internet Explorer 8.0
Spying Internet Explorer 8.0
High-Tech Bridge SA (HTBridge)
Userland Hooking in Windows
Userland Hooking in Windows
High-Tech Bridge SA (HTBridge)
Manipulating Memory for Fun & Profit
Manipulating Memory for Fun & Profit
High-Tech Bridge SA (HTBridge)
Frontal Attacks - From basic compromise to Advanced Persistent Threat
Frontal Attacks - From basic compromise to Advanced Persistent Threat
High-Tech Bridge SA (HTBridge)
Fuzzing: An introduction to Sulley Framework
Fuzzing: An introduction to Sulley Framework
High-Tech Bridge SA (HTBridge)
Defeating Data Execution Prevention and ASLR in Windows
Defeating Data Execution Prevention and ASLR in Windows
High-Tech Bridge SA (HTBridge)
Cybercrime in nowadays businesses - A real case study of targeted attack
Cybercrime in nowadays businesses - A real case study of targeted attack
High-Tech Bridge SA (HTBridge)
Become fully aware of the potential dangers of ActiveX attacks
Become fully aware of the potential dangers of ActiveX attacks
High-Tech Bridge SA (HTBridge)
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniques
enSilo
Process injection - Malware style
Process injection - Malware style
Sander Demeester
DIDÁCTICA Y MAPA CONCEPTUAL
DIDÁCTICA Y MAPA CONCEPTUAL
Magdalena Guirau
PROJECTE DE TREBALL FET PELS XIQUETS
PROJECTE DE TREBALL FET PELS XIQUETS
laucs1975
Weird photos pics on floidbox.com
Weird photos pics on floidbox.com
Florin Levarda
startup-ecosystem-survey-slovakia-2016
startup-ecosystem-survey-slovakia-2016
George Delaney FCA
Rr100 b
Rr100 b
Toshiyuki Shimono
Integration for manufacturing The eScop Approach
Integration for manufacturing The eScop Approach
FAST-Lab. Factory Automation Systems and Technologies Laboratory, Tampere University of Technology
ツイートするだけクライアント
ツイートするだけクライアント
森理 麟
Informe general
Informe general
kode99
Baum2
Baum2
dmolina87
Viewers also liked
(20)
Client-side threats - Anatomy of Reverse Trojan attacks
Client-side threats - Anatomy of Reverse Trojan attacks
Spying Internet Explorer 8.0
Spying Internet Explorer 8.0
Userland Hooking in Windows
Userland Hooking in Windows
Manipulating Memory for Fun & Profit
Manipulating Memory for Fun & Profit
Frontal Attacks - From basic compromise to Advanced Persistent Threat
Frontal Attacks - From basic compromise to Advanced Persistent Threat
Fuzzing: An introduction to Sulley Framework
Fuzzing: An introduction to Sulley Framework
Defeating Data Execution Prevention and ASLR in Windows
Defeating Data Execution Prevention and ASLR in Windows
Cybercrime in nowadays businesses - A real case study of targeted attack
Cybercrime in nowadays businesses - A real case study of targeted attack
Become fully aware of the potential dangers of ActiveX attacks
Become fully aware of the potential dangers of ActiveX attacks
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniques
Process injection - Malware style
Process injection - Malware style
DIDÁCTICA Y MAPA CONCEPTUAL
DIDÁCTICA Y MAPA CONCEPTUAL
PROJECTE DE TREBALL FET PELS XIQUETS
PROJECTE DE TREBALL FET PELS XIQUETS
Weird photos pics on floidbox.com
Weird photos pics on floidbox.com
startup-ecosystem-survey-slovakia-2016
startup-ecosystem-survey-slovakia-2016
Rr100 b
Rr100 b
Integration for manufacturing The eScop Approach
Integration for manufacturing The eScop Approach
ツイートするだけクライアント
ツイートするだけクライアント
Informe general
Informe general
Baum2
Baum2
Similar to Inline Hooking in Windows
CVE 2012-1889 Microsoft XML core services uninitialized memory vulnerability
CVE 2012-1889 Microsoft XML core services uninitialized memory vulnerability
High-Tech Bridge SA (HTBridge)
In-Memory Fuzzing with Java (Publication from High-Tech Bridge)
In-Memory Fuzzing with Java (Publication from High-Tech Bridge)
High-Tech Bridge SA (HTBridge)
Novell GroupWise Multiple Untrusted Pointer Dereferences Exploitation
Novell GroupWise Multiple Untrusted Pointer Dereferences Exploitation
High-Tech Bridge SA (HTBridge)
The Role of Standards in IoT Security
The Role of Standards in IoT Security
Hannes Tschofenig
20101109 (tech ed) how frameworks kill projects
20101109 (tech ed) how frameworks kill projects
Sander Hoogendoorn
Fixing security by fixing software development
Fixing security by fixing software development
Nick Galbreath
The State of Wicket
The State of Wicket
Martijn Dashorst
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Nick Galbreath
Возможности интерпретатора Python в NX-OS
Возможности интерпретатора Python в NX-OS
Cisco Russia
GeeCON Microservices 2015 scaling micro services at gilt
GeeCON Microservices 2015 scaling micro services at gilt
Adrian Trenaman
iOS Bootcamp: learning to create awesome apps on iOS using Swift (Lecture 7)
iOS Bootcamp: learning to create awesome apps on iOS using Swift (Lecture 7)
Jonathan Engelsma
voip_en
voip_en
Pierpaolo Palazzoli
Developer-Friendly CI / CD for Kubernetes
Developer-Friendly CI / CD for Kubernetes
DevOps Indonesia
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
Adrien Blind
JS digest. Mid-Summer 2017
JS digest. Mid-Summer 2017
ElifTech
DevOps Con 2015: Radical Agility with Autonomous Teams and Microservices in t...
DevOps Con 2015: Radical Agility with Autonomous Teams and Microservices in t...
Henning Jacobs
Dev ops con 2015 radical agility with autonomous teams and microservices in...
Dev ops con 2015 radical agility with autonomous teams and microservices in...
Jan Löffler
Radical Agility with Autonomous Teams and Microservices in the Cloud
Radical Agility with Autonomous Teams and Microservices in the Cloud
Zalando Technology
Introduction to the Container Networking and Security
Introduction to the Container Networking and Security
Cloud 66
Similar to Inline Hooking in Windows
(20)
CVE 2012-1889 Microsoft XML core services uninitialized memory vulnerability
CVE 2012-1889 Microsoft XML core services uninitialized memory vulnerability
In-Memory Fuzzing with Java (Publication from High-Tech Bridge)
In-Memory Fuzzing with Java (Publication from High-Tech Bridge)
Novell GroupWise Multiple Untrusted Pointer Dereferences Exploitation
Novell GroupWise Multiple Untrusted Pointer Dereferences Exploitation
The Role of Standards in IoT Security
The Role of Standards in IoT Security
20101109 (tech ed) how frameworks kill projects
20101109 (tech ed) how frameworks kill projects
Fixing security by fixing software development
Fixing security by fixing software development
The State of Wicket
The State of Wicket
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Faster Secure Software Development with Continuous Deployment - PH Days 2013
Возможности интерпретатора Python в NX-OS
Возможности интерпретатора Python в NX-OS
GeeCON Microservices 2015 scaling micro services at gilt
GeeCON Microservices 2015 scaling micro services at gilt
iOS Bootcamp: learning to create awesome apps on iOS using Swift (Lecture 7)
iOS Bootcamp: learning to create awesome apps on iOS using Swift (Lecture 7)
voip_en
voip_en
Developer-Friendly CI / CD for Kubernetes
Developer-Friendly CI / CD for Kubernetes
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
JS digest. Mid-Summer 2017
JS digest. Mid-Summer 2017
DevOps Con 2015: Radical Agility with Autonomous Teams and Microservices in t...
DevOps Con 2015: Radical Agility with Autonomous Teams and Microservices in t...
Dev ops con 2015 radical agility with autonomous teams and microservices in...
Dev ops con 2015 radical agility with autonomous teams and microservices in...
Radical Agility with Autonomous Teams and Microservices in the Cloud
Radical Agility with Autonomous Teams and Microservices in the Cloud
Introduction to the Container Networking and Security
Introduction to the Container Networking and Security
Recently uploaded
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
apidays
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Recently uploaded
(20)
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Inline Hooking in Windows
1.
Your texte here
…. Inline Hooking in Windows 6 September 2011 Brian MARIANI Senior Security Consultant ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
2.
SOME IMPORTANT POINTS
Your texte here …. This document is the second of a series of five articles relating to the art of hooking. As a test environment we will use an english Windows Seven SP1 operating system distribution. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
3.
WHAT IS AN
INLINE HOOK Your texte here …. When an inline hook is implemented it will overwrite the first bytes codes of a windows api in order to redirect code flow. This kind of technique can be used in ring 3 or ring 0 modes. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
4.
CHARACTERISTICS
Your texte here …. Inline hooking is more robust than import address table (IAT) hooks. They do not have problems related to dll binding at runtime. They can trap any function call, not just system calls. No device driver is required. They are widely used in many renowned professional applications and well-known rootkits. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
5.
SOME GOOD UTILITIES
Your the Defcon 17 Nick Harbour has presented a good tool At texte here …. named apithief. The tool launches a process in a suspended state. It then injects a DLL and hook Win32 API functions. The tool can then monitor the api behavior. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
6.
SOME BAD UTILITIES
Your texte here …. widespread malware take advantage of Well-known and this kind of technique to hook key api windows components in order to spy and steal sensitive information from the user. One of these famous malwares is Zeus, also known as Zbot, PRG, Wsnpoem or Gorhax. ws2_32! WSASend API hooked ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
7.
Implementing an inline
hook Your texte hereour dll into the process we want to hijack. We inject …. (Please see Userland Hooking in Windows) The first bytes of the target api are saved, these are the bytes that will be overwritten. We place a jump, call or push-ret instruction. The jump redirects the code flow to our function. The hook can later call the original api using the saved bytes of the hooked function. The original function will return control to our function and then data can be easily tampered. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
8.
WHAT ARE WE
GOING TO OVERWRITE Your texte here …. It is very important to determine what and where we are going to overwrite the bytes codes. Knowing exactly how much space we have at our disposal is really important, otherwise we can destroy the logic of the api, or write beyond his borders. An unconditional jump will require 5 bytes. We need to disassemble the beginning of the target api. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
9.
WHERE ARE WE
GOING TO OVERWRITE Your texte herea windows api function is usually the same. The start of …. After XP-SP2 Microsoft decided to change the windows api preamble: MOV EDI,EDI PUSH EBP MOV EBP,ESP This allow for hot-patching, inserting a new code without the need to reboot the box. We can use these five bytes to insert our own set of instructions. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
10.
WHERE ARE WE
GOING TO OVERWRITE Your texte here …. why we select the start of the function is Another reason because the more deeper into the function the hook is located, the more we must be careful with the code. If you hook deeper into the function, you can create unwanted issues. Things become more complex. Keep it simple and stupid. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
11.
AN UNSUCCESSFUL HOOK
Your we try to …. If texte here hook every function in the same way we can modify the logic of the function. In the picture below we have inserted an unconditional jump that destroy the logic of the function. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
12.
A SUCCESSFUL HOOK
Your this particular example the prolog of httpsendrequest In texte here …. API has been hooked with a jump to our function. We have used the first 5 bytes of the target function to place our jmp instruction. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
13.
INLINE HOOKING PRACTICAL
EXAMPLE (1) Yourthis practical example our target is a simple chat system In texte here …. using nc.exe, but every program using WS2_32.DLL!Send Api could be used. We want to hijack the sent messages from one of two users. To accomplish this task we inject our DLL into nc.exe process and we hook the aforementioned api. Then we jump into our function and we change the stack parameters, then we adjust our stack to avoid incovenients and finally we jump again to WS2_32.DLL!Send api. This hook example can be used to create more complex scenarios. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
14.
INLINE HOOKING PRACTICAL
EXAMPLE (2) Your textehooking the WS2_32.dll!send API we attach with Before here …. our debugger to the nc.exe process which is already listening on port 9999. We can see the unhook prolog. WS2_32!Send ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
15.
INLINE HOOKING PRACTICAL
EXAMPLE (3) Your texte here …. for inbound connections (upper image) and the client Server is listening connects (lower image). All is working normally and users are discussing without any issues. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
16.
INLINE HOOKING PRACTICAL
EXAMPLE (4) Yourthis time we inject our DLL into the nc.exe process. At texte here …. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
17.
INLINE HOOKING PRACTICAL
EXAMPLE (5) Your texte here …. Let’s check using the our debugger how’s things have changed. The API preamble has been modified. It has been replaced with a jump to our evil function. WS2_32!Send ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
18.
INLINE HOOKING PRACTICAL
EXAMPLE (6) Your texte here our function at address 0x6FAC11D0. Let’s check …. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
19.
INLINE HOOKING PRACTICAL
EXAMPLE (7) Your texte here …. the chat has changed too :] The behavior of ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
20.
DETECTING INLINE HOOKING
(1) Your texte here …. Detecting inline hooks is pretty simple. Rootkits detectors like gmer, or BlackLight from Fsecure do a good job. Let’s do an injection test into Internet Explorer 8.0 in Windows 7 and hook wininet!HttpSendRequestW Api. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
21.
DETECTING INLINE HOOKING
(2) Your texte here …. place :] The hook is in ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
22.
DETECTING INLINE HOOKING
(3) Your texte has …. But it here been successfully detected by gmer anti- rootkit. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
23.
CONCLUSION
Inline hooks can be very useful when trying to reverse Your texte here …. malware. Paradoxically nowadays malcode use this technique to change the behavior of the operating system in order to steal personal information. By understanding and identifying hooks, thought, you will be able to detect most public rootkits and malwares. We hope this document help you understand and master inline hooks. Demo video: Inline Hooking in Windows ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
24.
TO BE CONTINUED
Your texte here …. In future documents we will introduce Kernel Hooking. ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
25.
REFERENCES
Your texte here …. Subverting the Windows Kernel (Greg Hoglund & James Butler) Professional Rootkits (Ric Vieler) Programming application for Microsoft Windows fourth edition (Jeffrey Ritchter) http://msdn.microsoft.com/en-us/magazine/cc301805.aspx Programming Windows Security (Keith Brown) http://support.microsoft.com/kb/197571 http://www.youtube.com/watch?v=2RJyR9igsdI http://community.websense.com/blogs/securitylabs/archive/tags/ Zeus/default.aspx http://www.ibm.com/developerworks/linux/library/l-ia/index.html http://www.gmer.net/ ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
26.
Thank-you for reading
Your texte here …. Thank you for reading Your questions are always welcome! Brian.mariani@htbridge.ch ORIGINAL SWISS ETHICAL HACKING ©2011 High-Tech Bridge SA – www.htbridge.ch
Download now