flat assembler
Message board for the users of flat assembler.
Index
> Windows > API Hook |
Author |
|
asmcoder 23 Sep 2008, 10:33
[content deleted]
Last edited by asmcoder on 14 Aug 2009, 14:56; edited 1 time in total |
|||
23 Sep 2008, 10:33 |
|
dxl 27 Sep 2008, 16:50
bcdsys:
If you don't know Portable Executable format you cannot write a program to set a hook on tcp socket api function in usermode. A PE executable contains a table fullfilled with addresses of api functions imported when the program is loaded in memory by Windows. Some programs import dynamically api functions directly using LoadLibrary/GetProcaddress api functions When imports table do exist, you can add a routine in the targeted program to patch the table with a new address at runtime for the desired api function to set a hook. Or you can write another program to do the job. (in this case, some problems will probably occur with the hardware protection used in not too old microprocessors: memory section have or have not a "execute" attrbute. Trying to run a program, for example in the stack, will lead to an error message box !) |
|||
27 Sep 2008, 16:50 |
|
vid 27 Sep 2008, 17:08
check this: http://www.apihooks.com/
|
|||
27 Sep 2008, 17:08 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.