.

[Article]-Intercepted! Windows Hacking via DLL Redirection

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Sep 09, 2008 10:13 pm

[Article]-Intercepted! Windows Hacking via DLL Redirection

Craig does it again with this step-by-step tutorial. Have fun and don't be afraid to experiment on your own. Let us know how you do.

Permanent link: [Article]-Intercepted! Windows Hacking via DLL Redirection


Image


By Craig Heffner 

In Windows, all applications must communicate with the kernel through API functions; as such, these functions are critical to even the simplest Windows application. Thus, the ability to intercept, monitor, and modify a program's API calls, commonly called API hooking, effectively gives one full control over that process. This can be useful for a multitude of reasons including debugging, reverse engineering, and hacking (in all interpretations of the word).

While there are several methods which can be used to achieve our goal, this tutorial will examine only DLL redirection. This approach was chosen for several reasons:

  • It is relatively simple to implement.
  • It allows us to view and modify parameters passed to an API function, change return values of that function, and run any other code we desire.
  • While most other methods require code to be injected into the target process or run from an external application, DLL redirection requires only write access to the target application's working directory.
  • We can intercept any API call without modifying the target (either on disk or in memory) or any system files.



As always, please add your thoughts to this thread as well as suggestions for other tutorials for Mr. Heffner... add joke here.  ;)

Don
CISSP, MCSE, CSTA, Security+ SME
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Sep 10, 2008 7:16 am

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

don wrote:add joke here.  ;)


must...resist...joke...

Great article though, definitely on my to do list for going through again in more detail. Thanks.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Sep 11, 2008 12:43 pm

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

Submitted to digg as:


Awesome step-by-step tutorial on Windows API Interception helps you compromise a user's system or circumvent trial protection techniques. A little coding, a little disassembly, loads of hands-on fun.
http://digg.com/security/Intercepted_Wi ... edirection



I'm sure we have 200 - 250 people who visit this site that can regularly help us get noticed on a larger scale by digging our articles. This is the cheapest and easiest way to help support EH-Net.

Thanks,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

mad_irish

User avatar

Newbie
Newbie

Posts: 17

Joined: Thu Aug 14, 2008 7:45 am

Post Thu Oct 16, 2008 12:11 pm

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

I'm a little confused.  Milw0rm lists this article as posted in November of 2006 - two years ago (http://www.milw0rm.com/author/858).  Is this just a cross post or did Craig Heffner actually produce this content for EHN?  Adding a dig for content posted on milw0rm, packetstorm and other sites seems a little odd.  I did find the PDF format on milw0rm much easier to read (and print/save :).
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Oct 16, 2008 2:12 pm

Re: [Article]-Intercepted! Windows Hacking via DLL Redirection

I guess it is a cross post. When Craig sent it to me, he said it was an old article, but didn't tell me about the sites you mention. Maybe he didn't know. I'll ask him off-board. Good content either way.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to /root

Who is online

Users browsing this forum: No registered users and 3 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software