SourceSec Security Research » reverse engineering http://www.sourcesec.com Security research and vulnerability assesment Tue, 19 Jan 2010 05:15:53 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Windows DLL Redirection http://www.sourcesec.com/2008/11/03/windows-dll-redirection/ http://www.sourcesec.com/2008/11/03/windows-dll-redirection/#comments Mon, 03 Nov 2008 21:48:56 +0000 cheffner http://www.sourcesec.com/?p=19 In Windows, all applications must communicate with the kernel through API functions; as such, these functions are critical to even the simplest Windows application. Thus, the ability to intercept, monitor, and modify a program’s API calls, commonly called API hooking, effectively gives one full control over that process. This can be useful for a multitude of reasons, including debugging, reverse engineering, and hacking (in all interpretations of the word).

While there are several methods which can be used to achieve our goal, this tutorial will examine only DLL redirection. This approach was chosen for several reasons:

  • It is relatively simple to implement.
  • It allows us to view and modify parameters passed to an API function, change return values of that function, and run any other code we desire.
  • While most other methods require code to be injected into the target process or run from an external application, DLL redirection requires only write access to the target application’s working directory.
  • We can intercept any API call without modifying the target (either on disk or in memory) or any system files.

The full article has been posted on EthicalHacker.net and milw0rm.com.

]]> http://www.sourcesec.com/2008/11/03/windows-dll-redirection/feed/ 0