Vulnerability Development mailing list archives
Re: Accessing IE/Netscape incomming data
From: dullien () GMX DE (Thomas Dullien)
Date: Thu, 28 Oct 1999 16:51:59 +0200
You patch winsock.dll typically. You move the official one to owinsck.dll and make your new winsock.dll reporcess all the calls then call the original.
Another (IMO nicer) solution is to hook all APIs of a given process; You can do that quite easily in the PE Header of the target. Basically you use OpenProcess(), ReadProcessMemory() and WriteProcessMemory() to substitute the addresses in the PE Header that point to the winsock library functions with pointers to your own functions. You can add their code using VirtualAllocEx() and WriteProcessMemory() into the monitored process's address space.
Current thread:
- Re: AIM 3.0, (continued)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- linux userland ip spoofing vulnerability Boo Hampshire (Oct 26)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: Accessing IE/Netscape incomming data Martin (Oct 27)
- Re: Accessing IE/Netscape incomming data Thomas Dullien (Oct 28)