|
Api Hooking w/ Device Driver
I was wondering if anybody has some resources about hooking api's thru ring0, i would rather not overwrite code, i was thinking about setting a page guard, and when it hits, catch it thru the driver, and go from there, anybody else has any ideas or resources ?
Thanks. |
depends on what are you trying to do on what O.S...HW BPs might also be good for these things..
|
Quote:
http://www.sysinternals.com/ And use regmon95 source. you will find 2 source: 1 - sys file src. 2- application src. By changing it you can write APIMon very easy. |
appreciated! i didnt even think about that application, it slipped my mind :)
|
try look at this > http://www.bindview.com/Services/RAZOR/Utilities/Windows/strace_readme.cfm
it comes with source code ... |
I was actually contemplating hooking file and registry api's using ring0 driver, under NT5+, using WDM and ring0, and though of filemon and regmon as a good base. I'm looking to write up a small "application firewall" that would allow me to permit or deny access to registry keys or files. A neat final project for an undergraduate degree no? Only problem is, I can't seem to find the regmon, filemon or apimon source code. I'd much rather hook through ring0 than anything else, but if anything I'm open to suggestions/alternatives/input/whatever. If anyone has any advice on what I should read up I'd appreciate it
|
What about take a look in the www.rootkit.com sources?
|
Quote:
Regards. |
| All times are GMT +8. The time now is 18:17. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX