| View previous topic :: View next topic |
| Author |
Message |
Davita
Joined: 13 Sep 2005
Posts: 106
|
 Posted: Sun Jul 25, 2010 3:44 pm Post subject: Hooked api bypass problem |
 |
|
Hello madshi
I've seen some applications bypassing my hooked apis and by bypassing I don't mean calling lower level api. Is there any way to protect my app from this?
Thanks |
|
| Back to top |
|
 |
iconic
Joined: 08 Jun 2005
Posts: 605
|
| Posted: Mon Jul 26, 2010 1:10 am Post subject: |
|
|
There are too many ways to bypass usermode API hooks to list, plus I doubt Madshi would want me to sit here an explain any of them since it counters his hard work on madCodeHook. Answer in short, no there is no real way to completely protect your hooks 100% from being unhooked or being completely bypassed. If you want details on all hook bypass methods I use you can email me at (bindshell <at> gmail <dot> com)
--Iconic |
|
| Back to top |
|
|
Davita
Joined: 13 Sep 2005
Posts: 106
|
| Posted: Mon Jul 26, 2010 6:38 am Post subject: |
|
|
I understand. I sent you an email iconinc. Thanks for your help  |
|
| Back to top |
|
|
iconic
Joined: 08 Jun 2005
Posts: 605
|
| Posted: Tue Jul 27, 2010 5:11 pm Post subject: |
|
|
Odd, I just checked and didn't get any email from you. Make sure you put something that relates to this forum under the email subject so I know it's someone from here.
--Iconic |
|
| Back to top |
|
|
Davita
Joined: 13 Sep 2005
Posts: 106
|
| Posted: Tue Jul 27, 2010 7:39 pm Post subject: |
|
|
Done, I sent you from 2 different mail, at least one of them will be delivered I hope
mail subject is "madCodeHook, Hook Bypass Protection" |
|
| Back to top |
|
|
Davita
Joined: 13 Sep 2005
Posts: 106
|
| Posted: Sun Aug 01, 2010 12:03 pm Post subject: |
|
|
iconic I just wanted to check if you received my mail.  |
|
| Back to top |
|
|
iconic
Joined: 08 Jun 2005
Posts: 605
|
| Posted: Sun Aug 01, 2010 3:15 pm Post subject: |
|
|
Yes, sorry for the delay... will replay today via email
--Iconic |
|
| Back to top |
|
|
madshi
Site Admin
Joined: 21 Mar 2004
Posts: 5908
|
| Posted: Tue Aug 10, 2010 11:06 am Post subject: |
|
|
@iconic, I'm happy that you're here to help. Just please in cases like this try to make sure that your help is benefiting "good" software... 
Which does not mean that I think that Davita would create malware. I don't know what kind of software Davita is writing. Hopefully it's a good software. |
|
| Back to top |
|
|
Davita
Joined: 13 Sep 2005
Posts: 106
|
| Posted: Tue Aug 10, 2010 11:15 am Post subject: |
|
|
Hi madshi again. He made sure that the software was not a malware, we had a discussion by mail and I sent him the description of my software and screens
but I didn't receive any mail yet, probably he's very busy right now and the thread is actuall to date
and madshi, http://forum.madshi.net/viewtopic.php?t=5468 <-- this issue is more urgent, could you please take a look?  |
|
| Back to top |
|
|
madshi
Site Admin
Joined: 21 Mar 2004
Posts: 5908
|
| Posted: Tue Aug 10, 2010 11:52 am Post subject: |
|
|
| Davita wrote: | | He made sure that the software was not a malware, we had a discussion by mail and I sent him the description of my software and screens |
Well done, iconic!! |
|
| Back to top |
|
|
Davita
Joined: 13 Sep 2005
Posts: 106
|
| Posted: Tue Aug 10, 2010 12:22 pm Post subject: |
|
|
this is an irony I guess  |
|
| Back to top |
|
|
madshi
Site Admin
Joined: 21 Mar 2004
Posts: 5908
|
| Posted: Tue Aug 10, 2010 12:24 pm Post subject: |
|
|
What do you mean?
I'm just happy that iconic is making sure that his inside knowledge is only available to "good" programmers like you. |
|
| Back to top |
|
|
Davita
Joined: 13 Sep 2005
Posts: 106
|
| Posted: Tue Aug 10, 2010 12:26 pm Post subject: |
|
|
| Ah sorry, forget it |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
