Hi All,
I have written API hook.(for FindNextFileA/W)
I am writing Code to inject my hook dll to all running process.
i have used virtualallocex, WriteProcessMemory, CreateRemoteThread, WaitForSingleObject, VirtualFreeEx...
Some how done it but i want to inject my dll to all process. How can i do this?
what i want to hide one of my folder and all files in it.?
Am i going in correct direction?
Do i need to inject my dll to all process? Or some selected Process like explorer.exe.... If so which are they?
And also if someone knows location of hidden folder somehow I can know if that folder is opened.? I need to ask password if that folder is opened,how to this?
Sorry to say that i am not (don't want to for distribution reason....) using madcollention....
Thanks in advance..
Jetli
injecting my hook dll to all running process.
Re: injecting my hook dll to all running process.
Well, that's your choice...Jetli wrote:Sorry to say that i am not (don't want to for distribution reason....) using madcollention....
Hi Madshi,
But Cannt you help me developing my own injecting dll code?
I have written what i have done to write injecting code now i need help in which process i need to inject? And Am i going corrrect direction?
Now, I am able to enumerate all runing processes via EnumProcesses() ( getting process ids ) API but i don't know in which processes i need to inject? Some processes like id=0,8(system) causes restart to my win2k adv server?
So Please guide me how can i make folder hidden? In which process i need to inject my dll?
By Saying this:
Sorry to say that i am not (don't want to for distribution reason....) using madcollention....
I meant i want to develope my code for my own.....
Thanks in advance.
Jetli :
But Cannt you help me developing my own injecting dll code?
I have written what i have done to write injecting code now i need help in which process i need to inject? And Am i going corrrect direction?
Now, I am able to enumerate all runing processes via EnumProcesses() ( getting process ids ) API but i don't know in which processes i need to inject? Some processes like id=0,8(system) causes restart to my win2k adv server?
So Please guide me how can i make folder hidden? In which process i need to inject my dll?
By Saying this:
Sorry to say that i am not (don't want to for distribution reason....) using madcollention....
I meant i want to develope my code for my own.....
Thanks in advance.
Jetli :
I think you're not aware of what problems you're having in front of you, if you decide to do it all yourself. There are so many problems you have to solve to make your solution good, stable and complete. Some examples:
(1) How do you solve injection of your dll into newly created processes? Do you plan to enumerate through all processes every second to get a hold of new processes or how did you plan to solve that?
(2) Are you aware that using CreateRemoteThread on a process which has just started and is not fully initialized yet will result in stability problems?
(3) Injection into some processes (e.g. processes of other XP fast user switching sessions) is not possible at all by using CreateRemoteThread.
And those are just DLL injection problems, and they're just limited to the NT family. There are more problems in win9x. And lots more problems when doing API hooking.
I'm sorry, but I don't have the time to help you developing your own solution. And besides - why should I do that? I've already spent thousands of hours to make my solution as good as it is. Why should I invent the wheel a 2nd time? It's not that I would be desperately searching for ways to get rid of my free time. My to do list is already more than full right now.
P.S: In order to hide your folder, it should be enough to inject your dll into user applications. Why don't you use SetWindowsHookEx to inject your dll? It's by no means perfect, but it should work fairly well for your case.
(1) How do you solve injection of your dll into newly created processes? Do you plan to enumerate through all processes every second to get a hold of new processes or how did you plan to solve that?
(2) Are you aware that using CreateRemoteThread on a process which has just started and is not fully initialized yet will result in stability problems?
(3) Injection into some processes (e.g. processes of other XP fast user switching sessions) is not possible at all by using CreateRemoteThread.
And those are just DLL injection problems, and they're just limited to the NT family. There are more problems in win9x. And lots more problems when doing API hooking.
I'm sorry, but I don't have the time to help you developing your own solution. And besides - why should I do that? I've already spent thousands of hours to make my solution as good as it is. Why should I invent the wheel a 2nd time? It's not that I would be desperately searching for ways to get rid of my free time. My to do list is already more than full right now.
P.S: In order to hide your folder, it should be enough to inject your dll into user applications. Why don't you use SetWindowsHookEx to inject your dll? It's by no means perfect, but it should work fairly well for your case.