Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2020, 21:31
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 179
Rept. Given: 2
Rept. Rcvd 46 Times in 32 Posts
Thanks Given: 58
Thanks Rcvd at 350 Times in 116 Posts
DavidXanatos Reputation: 46
[C++ Sample] DLL injection and API hooking

I needed a program to think its not running in a terminal session so I threw something together from existing lib's that does the job: https://github.com/DavidXanatos/HideTS
Very simple using the MinHook lib.

Given how simple it is I thought it may be a good sample for anyone who needs to hook some windows API in some program for whatever reason.

Might be useful to some beginners.
Reply With Quote
The Following 2 Users Gave Reputation+1 to DavidXanatos For This Useful Post:
MarcElBichon (06-06-2020), user1 (05-19-2020)
The Following 11 Users Say Thank You to DavidXanatos For This Useful Post:
ahmadmansoor (05-19-2020), barukai (05-08-2020), Doit (05-26-2020), h8er (05-09-2020), Kurapica (01-04-2021), niculaita (05-08-2020), nimaarek (05-24-2020), SinaDiR (05-18-2020), Stingered (05-08-2020), user1 (05-19-2020), zeuscane (05-08-2020)
  #2  
Old 05-16-2020, 16:12
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
Post

for .NET applications example?
Reply With Quote
  #3  
Old 06-06-2020, 04:41
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 179
Rept. Given: 2
Rept. Rcvd 46 Times in 32 Posts
Thanks Given: 58
Thanks Rcvd at 350 Times in 116 Posts
DavidXanatos Reputation: 46
No .NET yet...

But I have reworked the Injector: https://github.com/DavidXanatos/HideTS/tree/master/Injector
It now injects without using create remote thread by hijacking the main thread, and it has an option to disable the parelell dll loading introduced with a recent win 10 edition.

Also the injector doesn't longer need to be the same bit'ness as the target process and dll, well if its 64 bit it can do booth, it its 32 bit it can only do 32, so well its half universal LOL.
Reply With Quote
The Following 6 Users Say Thank You to DavidXanatos For This Useful Post:
Abaddon (06-07-2020), deepzero (06-06-2020), Doit (06-10-2020), niculaita (06-07-2020), tonyweb (06-07-2020), user1 (06-06-2020)
  #4  
Old 06-06-2020, 22:58
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
you should get a promotion.
Reply With Quote
The Following User Says Thank You to user1 For This Useful Post:
Abaddon (06-07-2020)
  #5  
Old 06-07-2020, 01:45
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 179
Rept. Given: 2
Rept. Rcvd 46 Times in 32 Posts
Thanks Given: 58
Thanks Rcvd at 350 Times in 116 Posts
DavidXanatos Reputation: 46
Quote:
Originally Posted by user1 View Post
you should get a promotion.
I would like that
Reply With Quote
The Following 2 Users Gave Reputation+1 to DavidXanatos For This Useful Post:
Insid3Code (06-09-2020), user1 (06-09-2020)
The Following User Says Thank You to DavidXanatos For This Useful Post:
user1 (06-09-2020)
  #6  
Old 12-29-2020, 06:00
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
https://sanet.st/blogs/islamayman/dll_injector_hacker_pro.3586757.html
__________________
Decode and Conquer
Reply With Quote
  #7  
Old 01-04-2021, 02:07
ycloud ycloud is offline
Friend
 
Join Date: Feb 2004
Posts: 56
Rept. Given: 2
Rept. Rcvd 22 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 33 Times in 9 Posts
ycloud Reputation: 23
hook GetSystemMetrics
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Sample analysis Aesculapius Source Code 2 02-13-2018 19:35
malevolous pdf sample Shub-Nigurrath General Discussion 3 02-08-2014 01:03


All times are GMT +8. The time now is 17:57.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )