About hooking
-
Upload
kim-dongju -
Category
Technology
-
view
166 -
download
5
Transcript of About hooking
![Page 1: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/1.jpg)
About Hoooo0oooking
pyutic
![Page 2: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/2.jpg)
What is hooking?
PUSH 1
PUSH 2
PUSH 3
PUSH 4
![Page 3: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/3.jpg)
What is hooking?
PUSH 1
PUSH 2
PUSH 3
PUSH 4
Log([ESP])
![Page 4: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/4.jpg)
What we can do
![Page 5: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/5.jpg)
Assembly Code -Before-
![Page 6: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/6.jpg)
Assembly Code -After-
![Page 7: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/7.jpg)
Assembly Code -Solution-
PUSH 1
JMP
PUSH 3
PUSH 4
PUSH 2
LOG([ESP])
JMP
![Page 8: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/8.jpg)
How to insert code?
Read/WriteProcessMemory
DLL Injection
etc
![Page 9: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/9.jpg)
Read/WriteProcessMemory
Write *other* process memory
![Page 10: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/10.jpg)
Read/WriteProcessMemory
But, Where is free space for my codes?
![Page 11: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/11.jpg)
DLL InjectionInject my DLL
![Page 12: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/12.jpg)
What is DLL? -Processes-
a.exe b.exe c.exe
![Page 13: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/13.jpg)
What is DLL? -Processes-
a.exe b.exe c.exe
![Page 14: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/14.jpg)
What is DLL? -Processes-
a.exe
a.exe
A.dll
B.dll
C.dll
b.exe
b.exe
A.dll
B.dll
C.dll
c.exe
c.exe
A.dll
B.dll
C.dll
![Page 15: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/15.jpg)
DLL Injection
a.exe
a.exe
A.dll
B.dll
C.dll
![Page 16: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/16.jpg)
DLL Injection
a.exe
a.exe
A.dll
B.dll
C.dll
MyDll.dll
![Page 17: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/17.jpg)
DLL Injection -Merit-
Edit memory by using pointer
Doesn’t need to write codes
Code can be developed by using ‘C’
![Page 18: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/18.jpg)
How to inject DLL?
DLL is generally can be loaded by calling ‘LoadLibrary’
How to?
CreateRemoteThread
![Page 19: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/19.jpg)
How to inject DLL? -CreateRemoteThread-
Create *other* process’s thread
Thread function is ‘LoadLibrary’
But Where is DLL name?
VirtualAllocEx
![Page 20: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/20.jpg)
How to inject DLL? -VirtualAllocEx-
Malloc other process's memory
After mallocing, Write DLL name by using WriteProcessMemory
![Page 21: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/21.jpg)
How to inject DLL?
VirtualAllocEx
CreateRemoteThread
LoadLibrary(in target)
???
PROFIT!
![Page 22: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/22.jpg)
Code Implementation -DllMain()-
![Page 23: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/23.jpg)
Code Implementation -penguin()-
![Page 24: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/24.jpg)
Code Implementation -insertJMP()-
![Page 25: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/25.jpg)
Code Implementation -hookedFunction()-
![Page 26: About hooking](https://reader034.fdocuments.in/reader034/viewer/2022042518/55c8b2f9bb61ebe15f8b45e0/html5/thumbnails/26.jpg)
Thanks !