+ Reply to Thread
Results 1 to 3 of 3
  1. 05-11-2009 #1
    counterstrikewi
    counterstrikewi is offline
    Night's Watch
    counterstrikewi's Avatar
    Join Date
    Apr 2009
    Location
    \??\.\PhysicalDrive0:\+00h
    Posts
    1,920

    undetecting functions method

    is it possible to

    implement hooking of certain functions.
    harmless goes to harmful

    then hook your own functions to change the harmless functions into the harmful ones?

    or do i not understand hooking :S
    DelphiBasics - Ultimate Delphi Resource for Beginners
    www.delphibasics.info
    Reply With Quote Reply With Quote
  2. 22-11-2009 #2
    mjrod5
    mjrod5 is offline
    Senior Member
    mjrod5's Avatar
    Join Date
    Aug 2008
    Location
    In your stack O___O
    Posts
    3,101
    Well yea you can, but your still gonna need to pass the parameters to the "legit" api call...
    [img]http://www.photochopz.com/forum/images/smilies/fap.gif[/img]In The Oven (err in Development) : Pie [img]http://www.photochopz.com/forum/images/smilies/fap.gif[/img]
    [QUOTE=uraskiddie;115188]What are you? Like 10 years old?
    That's complete rubbish, you probably got your depictions of being a "hacker" from a prepubescent forum infested with homosexually-oriented pedophiles.[/QUOTE]
    [QUOTE=Envy;136433]Russian?
    Trusted.
    Botnets are like our right hands.[/QUOTE]
    [url]http://cognitivity.org/[/url]
    Reply With Quote Reply With Quote
  3. 23-11-2009 #3
    Hs32-Idir
    Hs32-Idir is offline
    Senior Member
    Hs32-Idir's Avatar
    Join Date
    Oct 2008
    Location
    Memory Another Process
    Posts
    176
    you must call external APIs with a hocked api.
    Hook the Loadlibrary & GetProcAddress to get for exemple a LoadLibrartNext & GetProcAddressNext , and call others APis with them,

    function HsIdirLoadLibrary(lpLibFileName: PChar): HMODULE; stdcall;
    begin
    Result := NextLoadLibrary(lpLibFileName);
    HookNewLibrary(Table,result);
    end;

    the Hook new library detect if the Api hooked then it change the allocation table.
    --- Finally the secret is Changing The Allocation Table.

    I have 1 library to do this method in my website you can download it.
    you can find it at http://www.Hs32-Idir.110mb.com
    [CENTER][FONT="Arial Black"]Hs32-Idir[/FONT][/CENTER]
    [FONT="Franklin Gothic Medium"][CENTER][FONT="Fixedsys"]Dreaming in Digital[/FONT][/CENTER]
    [CENTER][FONT="Fixedsys"]Living in Realtime[/FONT] [/CENTER]
    [CENTER][FONT="Fixedsys"]Thinking in Binary[/FONT][/CENTER]
    [CENTER][FONT="Fixedsys"]Talking in IP[/FONT] [/CENTER][/FONT]
    [CENTER][FONT="Fixedsys"][FONT="Fixedsys"]Welcome to My World[/FONT][/FONT][/CENTER][URL="http://www.Hs32-Idir.tk"]http://www.Hs32-Idir.tk[/URL]
    Reply With Quote Reply With Quote
 

 
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [VB.NET] Useful Functions
    By Chakra in forum General Programming Help
    Replies: 0
    Last Post: 13-09-2009, 18:52
  2. Best RAT Functions
    By gangster136 in forum Off-Topic
    Replies: 17
    Last Post: 02-08-2009, 04:07
  3. lttlogger undetecting
    By neropower in forum Delphi Help
    Replies: 0
    Last Post: 04-04-2009, 12:49
  4. "Undetecting" Already Compiled Executables?
    By drizzle in forum General Programming Help
    Replies: 14
    Last Post: 03-12-2007, 19:57
  5. MSN Functions
    By British_Intel in forum Snippets
    Replies: 6
    Last Post: 15-07-2007, 14:52

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

All times are GMT +1. The time now is 21:59.
www.opensc.ws
Copyright ©2005 - 2012, OpenSC Forums



Search Engine Friendly URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.