madshi.net

Recently i needed to do this for a project I'm writing and found out through reading that there is no perfect solution a lot of the time to determine whether a given user has admin rights on NT-based OS's. I found this piece of code on Elists/Delphi. function IsNTAdmin: Boolean; const SECURITY_NT_AU...

you could also play with Get/SetThreadContext API's and modify EIP directly, I guess. You could either overwrite the jmp instruction or inc eip, skip a call,and exit it remotely. i didn't mention it because it's more in depth than i was willing to explain and writing 3 lines instead of multiple line...

I just briefly looked at Madshi's example and came up with this quick and dirty yet effective hack. Messages such as WM_CLOSE/SC_CLOSE, WM_DESTROY, WM_QUIT are useless because the window isn't handling them. TerminateProcess is hooked as well as its underlying native API, NtTerminateProcess. So neit...

Yarek, Torcap only speaks SOCKS4 and unless your proxy speaks this it won't work. Wow, you're starting to confuse me now because most of the important questions i asked you yesterday didn't get a response. Please talk to me like I'm a child because I'm having the hardest time trying to make sense of...

Madshi, He didn't say whether he's using Delphi or BCB but if he's using Delphi he probably wondered because GetLocalTime is a procedure in Delphi and not a function in Delphi. Although procedures are semantically voided functions maybe it confused him, unless you had c coding experience one might c...

my lunch break is over, back to work :cry: by the way i failed to mention this before but if you've research different aspects of working with sockets what I think you're trying to do is actually write an application layer gateway, which is a tad bit different than a proxy. The differences are subtl...

as i said, i'll look into it later tonight or tomorrow evening when i have the time. I looked at the link you provided and that's a little bit different than what you're trying to do. If you're just wanting to hook winsock to redirect connections locally on your PC you certainly don't need to use SO...

I'll take a look at it tonight if I have time, if not tonight tomorrow evening. It looks like you're using some of appsniff's code in your project and I remember looking at that many months ago. I'll install indy x when i get a chance too, i currently don't have it installed. I have used INDY's TCPM...

or not, apparently Mathias disabled PM support for this forum. You can email me at an alternate address i own.

mov.eax.0x13@gmail.com

--Iconic

I don't need your proxy code, just your DLL source code to determine what's going on. I've already written plenty of winsock code to bounce connections so i'll be able to get a test going sometime in the next day or so, depending on how much time i have to spare. I'll PM you my email on this forum s...

After you proxy the connection successfully it's easy to check the recv buffer for data you would deem offensive, like the word "sex" in a URL. If that's all you're trying to do, meaning disallow visiting a website based on URL content you certainly do not need to hook winsock, there are m...

By the way, i still don't understand what you mean by this I tried to call the connectHookProc myself, but it seems when calling connectHookProc from sendHookProc does not make any effect ... Thanks again. but I think you should realize that for example, WSAConnect() and Connect() are not the same A...

tell me what you're trying to accomplish and maybe i can free up some time to help you, i've _successfully_ hooked winsock many times for various reasons. If you're just trying to monitor send/recv operations, relay a connection or whatever your reason is I need to know what you're attempting to do ...

I'll research it next week when my life isn't so busy, i'll start by killing of KPF and all dependencies, then checking the for the hooks in memory, maybe by cmp the disk images verse the memory images for modifications. I haven't determined their hooking method because I haven't bothered to investi...

I've just searched for my past email communication about Kerio. I think the situation is this: Kerio overwrites the first bytes of WinSock functions to hook the APIs. That's basically what madCodeHook does, too. Now madCodeHook realizes that the APIs are already hooked and installing just another h...