![[2007 CodeEngn Conference 01] amesianx - Art of Hooking](https://static.fdocuments.net/doc/165x107/553890cc550346bf308b47cf/2007-codeengn-conference-01-amesianx-art-of-hooking.jpg)
About hooking
26
About Hoooo0oooking pyutic
-
Upload
kim-dongju -
Category
Technology
-
view
172 -
download
5
Transcript of About hooking
About Hoooo0oooking
pyutic
What is hooking?
PUSH 1
PUSH 2
PUSH 3
PUSH 4
What is hooking?
PUSH 1
PUSH 2
PUSH 3
PUSH 4
Log([ESP])
What we can do
Assembly Code -Before-
Assembly Code -After-
Assembly Code -Solution-
PUSH 1
JMP
PUSH 3
PUSH 4
PUSH 2
LOG([ESP])
JMP
How to insert code?
Read/WriteProcessMemory
DLL Injection
etc
Read/WriteProcessMemory
Write *other* process memory
Read/WriteProcessMemory
But, Where is free space for my codes?
DLL InjectionInject my DLL
What is DLL? -Processes-
a.exe b.exe c.exe
What is DLL? -Processes-
a.exe b.exe c.exe
What is DLL? -Processes-
a.exe
a.exe
A.dll
B.dll
C.dll
b.exe
b.exe
A.dll
B.dll
C.dll
c.exe
c.exe
A.dll
B.dll
C.dll
DLL Injection
a.exe
a.exe
A.dll
B.dll
C.dll
DLL Injection
a.exe
a.exe
A.dll
B.dll
C.dll
MyDll.dll
DLL Injection -Merit-
Edit memory by using pointer
Doesn’t need to write codes
Code can be developed by using ‘C’
How to inject DLL?
DLL is generally can be loaded by calling ‘LoadLibrary’
How to?
CreateRemoteThread
How to inject DLL? -CreateRemoteThread-
Create *other* process’s thread
Thread function is ‘LoadLibrary’
But Where is DLL name?
VirtualAllocEx
How to inject DLL? -VirtualAllocEx-
Malloc other process's memory
After mallocing, Write DLL name by using WriteProcessMemory
How to inject DLL?
VirtualAllocEx
CreateRemoteThread
LoadLibrary(in target)
???
PROFIT!
Code Implementation -DllMain()-
Code Implementation -penguin()-
Code Implementation -insertJMP()-
Code Implementation -hookedFunction()-
Thanks !
![David Reguera - New w32 hooking skills [RootedCON 2010]](https://static.fdocuments.net/doc/165x107/558e30791a28ab5a618b470a/david-reguera-new-w32-hooking-skills-rootedcon-2010.jpg)
