Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-07-2020, 21:31
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 119
Rept. Given: 1
Rept. Rcvd 29 Times in 20 Posts
Thanks Given: 34
Thanks Rcvd at 265 Times in 82 Posts
DavidXanatos Reputation: 29
[C++ Sample] DLL injection and API hooking

I needed a program to think its not running in a terminal session so I threw something together from existing lib's that does the job: https://github.com/DavidXanatos/HideTS
Very simple using the MinHook lib.

Given how simple it is I thought it may be a good sample for anyone who needs to hook some windows API in some program for whatever reason.

Might be useful to some beginners.
Reply With Quote
The Following 2 Users Gave Reputation+1 to DavidXanatos For This Useful Post:
MarcElBichon (06-06-2020), user1 (05-19-2020)
The Following 11 Users Say Thank You to DavidXanatos For This Useful Post:
ahmadmansoor (05-19-2020), barukai (05-08-2020), Doit (05-26-2020), h8er (05-09-2020), Kurapica (01-04-2021), niculaita (05-08-2020), nimaarek (05-24-2020), SinaDiR (05-18-2020), Stingered (05-08-2020), user1 (05-19-2020), zeuscane (05-08-2020)
  #2  
Old 05-16-2020, 16:12
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 890
Rept. Given: 431
Rept. Rcvd 115 Times in 63 Posts
Thanks Given: 497
Thanks Rcvd at 475 Times in 285 Posts
user1 Reputation: 36
Post

for .NET applications example?
Reply With Quote
  #3  
Old 06-06-2020, 04:41
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 119
Rept. Given: 1
Rept. Rcvd 29 Times in 20 Posts
Thanks Given: 34
Thanks Rcvd at 265 Times in 82 Posts
DavidXanatos Reputation: 29
No .NET yet...

But I have reworked the Injector: https://github.com/DavidXanatos/HideTS/tree/master/Injector
It now injects without using create remote thread by hijacking the main thread, and it has an option to disable the parelell dll loading introduced with a recent win 10 edition.

Also the injector doesn't longer need to be the same bit'ness as the target process and dll, well if its 64 bit it can do booth, it its 32 bit it can only do 32, so well its half universal LOL.
Reply With Quote
The Following 6 Users Say Thank You to DavidXanatos For This Useful Post:
Abaddon (06-07-2020), deepzero (06-06-2020), Doit (06-10-2020), niculaita (06-07-2020), tonyweb (06-07-2020), user1 (06-06-2020)
  #4  
Old 06-06-2020, 22:58
user1's Avatar
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: Romania
Posts: 890
Rept. Given: 431
Rept. Rcvd 115 Times in 63 Posts
Thanks Given: 497
Thanks Rcvd at 475 Times in 285 Posts
user1 Reputation: 36
you should get a promotion.
Reply With Quote
The Following User Says Thank You to user1 For This Useful Post:
Abaddon (06-07-2020)
  #5  
Old 06-07-2020, 01:45
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 119
Rept. Given: 1
Rept. Rcvd 29 Times in 20 Posts
Thanks Given: 34
Thanks Rcvd at 265 Times in 82 Posts
DavidXanatos Reputation: 29
Quote:
Originally Posted by user1 View Post
you should get a promotion.
I would like that
Reply With Quote
The Following 2 Users Gave Reputation+1 to DavidXanatos For This Useful Post:
Insid3Code (06-09-2020), user1 (06-09-2020)
The Following User Says Thank You to DavidXanatos For This Useful Post:
user1 (06-09-2020)
  #6  
Old 12-29-2020, 06:00
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,226
Rept. Given: 899
Rept. Rcvd 86 Times in 58 Posts
Thanks Given: 3,198
Thanks Rcvd at 459 Times in 324 Posts
niculaita Reputation: 86
https://sanet.st/blogs/islamayman/dll_injector_hacker_pro.3586757.html
__________________
Decode and Conquer
Reply With Quote
  #7  
Old 01-04-2021, 02:07
ycloud ycloud is offline
Friend
 
Join Date: Feb 2004
Posts: 53
Rept. Given: 2
Rept. Rcvd 22 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 32 Times in 8 Posts
ycloud Reputation: 23
hook GetSystemMetrics
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Malware Sample analysis Aesculapius Source Code 2 02-13-2018 19:35
malevolous pdf sample Shub-Nigurrath General Discussion 3 02-08-2014 01:03


All times are GMT +8. The time now is 10:39.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )