EH-Net

Features => /root => Topic started by: don on September 09, 2008, 10:13:02 PM


Title: [Article]-Intercepted! Windows Hacking via DLL Redirection
Post by: don on September 09, 2008, 10:13:02 PM
Craig does it again with this step-by-step tutorial. Have fun and don't be afraid to experiment on your own. Let us know how you do.

Permanent link: [Article]-Intercepted! Windows Hacking via DLL Redirection (http://www.ethicalhacker.net/content/view/207/2/)

Quote

(http://www.ethicalhacker.net/images/stories/columns/heffner/interception/windows-security_ico.png)

By Craig Heffner 

In Windows, all applications must communicate with the kernel through API functions; as such, these functions are critical to even the simplest Windows application. Thus, the ability to intercept, monitor, and modify a program's API calls, commonly called API hooking, effectively gives one full control over that process. This can be useful for a multitude of reasons including debugging, reverse engineering, and hacking (in all interpretations of the word).

While there are several methods which can be used to achieve our goal, this tutorial will examine only DLL redirection. This approach was chosen for several reasons:

  • It is relatively simple to implement.
  • It allows us to view and modify parameters passed to an API function, change return values of that function, and run any other code we desire.
  • While most other methods require code to be injected into the target process or run from an external application, DLL redirection requires only write access to the target application's working directory.
  • We can intercept any API call without modifying the target (either on disk or in memory) or any system files.


As always, please add your thoughts to this thread as well as suggestions for other tutorials for Mr. Heffner... add joke here.  ;)

Don

Title: Re: [Article]-Intercepted! Windows Hacking via DLL Redirection
Post by: Andrew Waite on September 10, 2008, 07:16:38 AM
Quote from: don on September 09, 2008, 10:13:02 PM
add joke here.  ;)

must...resist...joke...

Great article though, definitely on my to do list for going through again in more detail. Thanks.

Title: Re: [Article]-Intercepted! Windows Hacking via DLL Redirection
Post by: don on September 11, 2008, 12:43:05 PM
Submitted to digg as:

Quote

Awesome step-by-step tutorial on Windows API Interception helps you compromise a user's system or circumvent trial protection techniques. A little coding, a little disassembly, loads of hands-on fun.
http://digg.com/security/Intercepted_Windows_Hacking_via_DLL_Redirection


I'm sure we have 200 - 250 people who visit this site that can regularly help us get noticed on a larger scale by digging our articles. This is the cheapest and easiest way to help support EH-Net.

Thanks,
Don

Title: Re: [Article]-Intercepted! Windows Hacking via DLL Redirection
Post by: mad_irish on October 16, 2008, 12:11:01 PM
I'm a little confused.  Milw0rm lists this article as posted in November of 2006 - two years ago (http://www.milw0rm.com/author/858).  Is this just a cross post or did Craig Heffner actually produce this content for EHN?  Adding a dig for content posted on milw0rm, packetstorm and other sites seems a little odd.  I did find the PDF format on milw0rm much easier to read (and print/save :).

Title: Re: [Article]-Intercepted! Windows Hacking via DLL Redirection
Post by: don on October 16, 2008, 02:12:51 PM
I guess it is a cross post. When Craig sent it to me, he said it was an old article, but didn't tell me about the sites you mention. Maybe he didn't know. I'll ask him off-board. Good content either way.

Don


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com