Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2020, 21:31
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 114
Rept. Given: 0
Rept. Rcvd 25 Times in 18 Posts
Thanks Given: 31
Thanks Rcvd at 233 Times in 77 Posts
DavidXanatos Reputation: 25
[C++ Sample] DLL injection and API hooking

I needed a program to think its not running in a terminal session so I threw something together from existing lib's that does the job: https://github.com/DavidXanatos/HideTS
Very simple using the MinHook lib.

Given how simple it is I thought it may be a good sample for anyone who needs to hook some windows API in some program for whatever reason.

Might be useful to some beginners.
Reply With Quote
The Following 2 Users Gave Reputation+1 to DavidXanatos For This Useful Post:
MarcElBichon (06-06-2020), user1 (05-19-2020)
The Following 10 Users Say Thank You to DavidXanatos For This Useful Post:
ahmadmansoor (05-19-2020), barukai (05-08-2020), Doit (05-26-2020), h8er (05-09-2020), niculaita (05-08-2020), nimaarek (05-24-2020), SinaDiR (05-18-2020), Stingered (05-08-2020), user1 (05-19-2020), zeuscane (05-08-2020)
  #2  
Old 05-16-2020, 16:12
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 816
Rept. Given: 420
Rept. Rcvd 111 Times in 59 Posts
Thanks Given: 485
Thanks Rcvd at 432 Times in 258 Posts
user1 Reputation: 32
Post

for .NET applications example?
Reply With Quote
  #3  
Old 06-06-2020, 04:41
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 114
Rept. Given: 0
Rept. Rcvd 25 Times in 18 Posts
Thanks Given: 31
Thanks Rcvd at 233 Times in 77 Posts
DavidXanatos Reputation: 25
No .NET yet...

But I have reworked the Injector: https://github.com/DavidXanatos/HideTS/tree/master/Injector
It now injects without using create remote thread by hijacking the main thread, and it has an option to disable the parelell dll loading introduced with a recent win 10 edition.

Also the injector doesn't longer need to be the same bit'ness as the target process and dll, well if its 64 bit it can do booth, it its 32 bit it can only do 32, so well its half universal LOL.
Reply With Quote
The Following 6 Users Say Thank You to DavidXanatos For This Useful Post:
Abaddon (06-07-2020), deepzero (06-06-2020), Doit (06-10-2020), niculaita (06-07-2020), tonyweb (06-07-2020), user1 (06-06-2020)
  #4  
Old 06-06-2020, 22:58
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 816
Rept. Given: 420
Rept. Rcvd 111 Times in 59 Posts
Thanks Given: 485
Thanks Rcvd at 432 Times in 258 Posts
user1 Reputation: 32
you should get a promotion.
Reply With Quote
The Following User Says Thank You to user1 For This Useful Post:
Abaddon (06-07-2020)
  #5  
Old 06-07-2020, 01:45
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 114
Rept. Given: 0
Rept. Rcvd 25 Times in 18 Posts
Thanks Given: 31
Thanks Rcvd at 233 Times in 77 Posts
DavidXanatos Reputation: 25
Quote:
Originally Posted by user1 View Post
you should get a promotion.
I would like that
Reply With Quote
The Following 2 Users Gave Reputation+1 to DavidXanatos For This Useful Post:
Insid3Code (06-09-2020), user1 (06-09-2020)
The Following User Says Thank You to DavidXanatos For This Useful Post:
user1 (06-09-2020)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 22:04.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )