API-hooking

[Nukacola]

hey,
i read something on the old fravia sites of this undocumented API function there it was using for Vbox.
Here is the link maybe a help.

From the retired +Tsehp.
http://www.woodmann.com/fravia/vbox42.htm

regards
Nukacola

[MaRKuS-DJM]

Shub-Nigurrath:
that's exactly what i searched for
thanks!

[nikola]

Afaik VirtualProtectEx should finish the job for you. But if you are looking for another way look at attachment. Very nice tut there, with masm source code and proc to get write permission to some address... What are you trying to make with it? Import resolver?

I cant seem to attach the file :/ If you still need this pm me bro

[MaRKuS-DJM]

Quote:

Originally Posted by nikola

Afaik VirtualProtectEx should finish the job for you.

i tried this, but you aren't able to do this for Win 95 / 98 / Me kernel because it won't remove it's protection. i want to make it generic for every win OS.

@nikola
i don't want to make an import resolver, the thing i'm trying to make is generic protection inline-patcher through API-hooking. it works through a hook of CreateFileA (backup-file) or optional hook of CreateFileMappingA (writing old bytes back) or ReadFile (also write old bytes back). then GetModuleHandleA is also hooked because it's near OEP for most programs. from there the real inline-patch is done.
this should all work through a in-memory patch of kernel32 export table or an external dll hooked for all processes. i don't think direct API patching is good idea because you will have trouble then getting back to the next API-commands.
the idea comes from DZA-patcher or dUP, but these inline-patches don't work for applications like arma or ASPr. i successful inline-patched some ASPr-targets (any version) this way without problems.