| |
|
|
|
|
05-11-2009, 17:43
|
||||
|
||||
|
undetecting functions method
is it possible to
implement hooking of certain functions. harmless goes to harmful then hook your own functions to change the harmless functions into the harmful ones? or do i not understand hooking 
__________________
|DelphiBasics| Opensc.ws Village: εїз ̴̡ı̴̴̡ ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ | ٩(̾●̮̮̃̾???̃̾)۶ mjrod5 |̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ ̴̡ı̴̡̡ ̡͌l̡ ٩(̾̾̾ಠ̮̮̃̾ಠ̃̾)۶ counterstrikewi ̴̡̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ ̡ 
|
|
23-11-2009, 01:19
|
||||
|
||||
|
you must call external APIs with a hocked api.
Hook the Loadlibrary & GetProcAddress to get for exemple a LoadLibrartNext & GetProcAddressNext , and call others APis with them, function HsIdirLoadLibrary(lpLibFileName: PChar): HMODULE; stdcall; begin Result := NextLoadLibrary(lpLibFileName); HookNewLibrary(Table,result); end; the Hook new library detect if the Api hooked then it change the allocation table. --- Finally the secret is Changing The Allocation Table. I have 1 library to do this method in my website you can download it. you can find it at http://www.Hs32-Idir.110mb.com
__________________
Hs32-Idir Dreaming in Digital Living in Realtime Thinking in Binary Talking in IP Welcome to My World http://www.Hs32-Idir.tk
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [VB.NET] Useful Functions | Chakra | Snippets | 0 | 13-09-2009 19:52 |
| Best RAT Functions | gangster136 | Off-topic | 17 | 02-08-2009 05:07 |
| lttlogger undetecting | neropower | Delphi help | 0 | 04-04-2009 13:49 |
| "Undetecting" Already Compiled Executables? | drizzle | Source Code help | 14 | 03-12-2007 19:57 |
| MSN Functions | British_Intel | VB Samples | 6 | 15-07-2007 15:52 |
Linear Mode
