The Ethical Hacker Network - [Article]-Intercepted! Windows Hacking via DLL Redirection

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4169

Editor-In-Chief

[Article]-Intercepted! Windows Hacking via DLL Redirection

« on: September 09, 2008, 10:13:02 PM »

Craig does it again with this step-by-step tutorial. Have fun and don't be afraid to experiment on your own. Let us know how you do.

Permanent link: [Article]-Intercepted! Windows Hacking via DLL Redirection

Quote

By Craig Heffner

In Windows, all applications must communicate with the kernel through API functions; as such, these functions are critical to even the simplest Windows application. Thus, the ability to intercept, monitor, and modify a program's API calls, commonly called API hooking, effectively gives one full control over that process. This can be useful for a multitude of reasons including debugging, reverse engineering, and hacking (in all interpretations of the word).

While there are several methods which can be used to achieve our goal, this tutorial will examine only DLL redirection. This approach was chosen for several reasons:

It is relatively simple to implement.
It allows us to view and modify parameters passed to an API function, change return values of that function, and run any other code we desire.
While most other methods require code to be injected into the target process or run from an external application, DLL redirection requires only write access to the target application's working directory.
We can intercept any API call without modifying the target (either on disk or in memory) or any system files.

As always, please add your thoughts to this thread as well as suggestions for other tutorials for Mr. Heffner... add joke here. Wink

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Andrew Waite

Hero Member

Offline

Posts: 928

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

« Reply #1 on: September 10, 2008, 07:16:38 AM »

Quote from: don on September 09, 2008, 10:13:02 PM

add joke here. Wink

must...resist...joke...

Great article though, definitely on my to do list for going through again in more detail. Thanks.


	Logged

-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4169

Editor-In-Chief

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

« Reply #2 on: September 11, 2008, 12:43:05 PM »

Submitted to digg as:

Quote

Awesome step-by-step tutorial on Windows API Interception helps you compromise a user's system or circumvent trial protection techniques. A little coding, a little disassembly, loads of hands-on fun.
http://digg.com/security/Intercepted_Windows_Hacking_via_DLL_Redirection

I'm sure we have 200 - 250 people who visit this site that can regularly help us get noticed on a larger scale by digging our articles. This is the cheapest and easiest way to help support EH-Net.

Thanks,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

mad_irish

Newbie

Offline

Posts: 17

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

« Reply #3 on: October 16, 2008, 12:11:01 PM »

I'm a little confused. Milw0rm lists this article as posted in November of 2006 - two years ago (http://www.milw0rm.com/author/858). Is this just a cross post or did Craig Heffner actually produce this content for EHN? Adding a dig for content posted on milw0rm, packetstorm and other sites seems a little odd. I did find the PDF format on milw0rm much easier to read (and print/save


	Logged

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4169

Editor-In-Chief

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

« Reply #4 on: October 16, 2008, 02:12:51 PM »

I guess it is a cross post. When Craig sent it to me, he said it was an old article, but didn't tell me about the sites you mention. Maybe he didn't know. I'll ask him off-board. Good content either way.

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Pages: [1] Go Up

« previous next »