Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Workshop => Topic started by: M4D45M on September 30, 2005, 02:21:30 PM

Title: ?? Is it possible to trick api hooks by..
Post by: M4D45M on September 30, 2005, 02:21:30 PM
ripping dll functions and paste them into my own assembly code ?

For example the code for CreateRemoteThread (kernel32.dll)
And fro this code also ripping all containing ntdll imports.

What I wanted to know is, if it is possibly to copy the code of
a dll instead of calling it.

Can anybody tell me if this would work anyhow or why it would
definitly not.
(And if this would bypass a fucking standard api hook of some security software)
Title: Re: ?? Is it possible to trick api hooks by..
Post by: rags on September 30, 2005, 03:44:58 PM
Quote from: madasm on September 30, 2005, 02:21:30 PM
Can anybody tell me if this would work anyhow or why it would
definitly not.
(And if this would bypass a fucking standard api hook of some security software)
Just curious, by "security software", do you mean anti-virus software, and if you do, why would you want to?
Title: Re: ?? Is it possible to trick api hooks by..
Post by: M4D45M on September 30, 2005, 09:34:44 PM
so am i. [curious]
i want to improve my assembly knowledge. [practical]
i prefer security-related issues.
an example could be a anti-virus software hooking
a API function or also a firewall or other
security package software.
i'm interested in how things work in detail.
so i also want to try things new to me,
but i sometimes need a bit help to move
forward and need to get qualified info.

another way i thought of, is to use
the functions entrypoint overwrite method,
but i'm not sure if a hook triggers first.

the goal i wanted to reach is to collect
enough knowledge to code a bypass situation
!by myself!

i want to grow further in knowledge of low level
programming and i'm also interested in
security systems, kryptology, etc.
at the moment i also code a mail client
which supports smtp AUTH with CRAM-MD5.
This requires implementation of HMAC,
which is also very interesting.
til now i learned about a lot of security
situations and with this i were also able
to figure out pretty more things in assembly.

thanx.
Title: Re: ?? Is it possible to trick api hooks by..
Post by: hutch-- on October 01, 2005, 03:04:43 AM
madasm,

What you are after is ilegal, it involves reverse engineering software that you don't own. There is a perfectly legal way to do even better, get the start address from the function in the DLL at runtime and then copy the function into dynamic memory allocated in the calling app, then you can call the start address of the function locally and it will usuaslly be faster.

Please leve the reverse engineering stuff out of the forum as the rules prohibit such topics.
Title: Re: ?? Is it possible to trick api hooks by..
Post by: M4D45M on October 01, 2005, 10:02:27 AM
sorry.
but thanx anyways.
Text only | Text with Images