c++ / delphi package - dll injection and api hooking
luckygame
Posts: 3 Joined: Fri Apr 22, 2005 5:51 am
Post
by luckygame » Fri Apr 22, 2005 8:26 am
I can't hook Process32Next, can you tell me how to hook it?Thank you very mush.
note:not write virus/trojan
neji
Posts: 155 Joined: Wed Mar 09, 2005 11:39 am
Contact:
Post
by neji » Fri Apr 22, 2005 12:58 pm
madshi has a security check in there, so you can't hook several API's from the ntdll.dll (Process32Next, NtQueryProcessInformation,...)
uall
Posts: 254 Joined: Sun Feb 20, 2005 1:24 pm
Post
by uall » Fri Apr 22, 2005 1:03 pm
maybe madshi forgot to protect Process32NextW for hooking
you have to ask him if he can give you a version where you can hook it
luckygame
Posts: 3 Joined: Fri Apr 22, 2005 5:51 am
Post
by luckygame » Fri Apr 22, 2005 2:28 pm
Thank you.
madshi,can you tell me how to hook process32first?
I want to write code myself.
madshi
Site Admin
Posts: 10753 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Mon Apr 25, 2005 9:04 am
For what purpose do you need to hide your process?
luckygame
Posts: 3 Joined: Fri Apr 22, 2005 5:51 am
Post
by luckygame » Wed Apr 27, 2005 6:21 am
madshi wrote: For what purpose do you need to hide your process?
Because I can't hook process32next,I want to know how to hook this api.Only study.
Thanks.
madshi
Site Admin
Posts: 10753 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Wed Apr 27, 2005 7:08 am
I'm sorry, but I don't allow hooking of this API, cause it can be used to write viruses/trojans.
neji
Posts: 155 Joined: Wed Mar 09, 2005 11:39 am
Contact:
Post
by neji » Wed Apr 27, 2005 7:34 am
But the Taskmanager doesn't use Process32First/Process32Next to list the running processes, does he?
So you could only hide your process from 3rd Party Tools, because to hide this process from the taskmanager you need to hook NtQueryProcessInformation which is blocked, too.