Injection

c++ / delphi package - dll injection and api hooking
Post Reply
JoeFischietti
Posts: 2
Joined: Tue Apr 20, 2004 11:03 am

Injection

Post by JoeFischietti »

Hi All
i need to intercept LsaLogonUser call that is stored on secur32.dll, howned by lsass.exe process
i think to use madcodehook to do this, by injecting my code in the main process lsass.exe.
it's right?


any suggestion ?
apreciated.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Well, if you know that lsass.exe is the only process you need to hook, then just put the LsaLogonUser hook (HookAPI('secur32.dll', 'LsaLogonUser', ...)) into a little dll and inject that to lsass.exe (InjectLibrary(lsassProcessHandle, 'yourHook.dll')). Quite easy. But you need enough privileges to get a process handle to lsass.exe, probably you need admin rights for that.
JoeFischietti
Posts: 2
Joined: Tue Apr 20, 2004 11:03 am

Post by JoeFischietti »

Right, that's ok. i try now.
for your info, i need only to intercept, in some way, failed logon attempts and relative username (not from the network, only from the people wants to use the station directly).
obviously, w/out write custom gina or auth. pakage.

I try some way, without success. finally i decide to intercept LsaLogonUser, i hope that aren't hardest...:)
if this fails, i try to hijack winlogon.exe


Thanks A Lot
if you have some tip, please let me.
Thanks,
Joe :D
Post Reply