• Welcome to Valhalla Legends Archive.
 

hooking system stuff

Started by iNsAnE-MS, May 22, 2005, 08:44 AM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

iNsAnE-MS

May 22, 2005, 08:44 AM
Is there any way to hook into like... windows? I need to see what process spawns another process. (Trying to write a tool I can use to kill this goofy spyware.)

iNsAnE-MS

#1
May 22, 2005, 09:27 AM
I managed to whack the spyware spawner at the source by killing the power to my computer and then starting computer in safe mode, replacing the offending exe with a harmless nothing exe with read-only and system attribs, and deleting registry entries. Still need to know how to hook stuff like that though...

Warrior

#2
May 22, 2005, 09:51 AM
You're a die hard Spyware killer. :]
Quote from: effect on March 09, 2006, 11:52 PM
Islam is a steaming pile of fucking dog shit. Everything about it is flawed, anybody who believes in it is a terrorist, if you disagree with me, then im sorry your wrong.

Quote from: Rule on May 07, 2006, 01:30 PM
Why don't you stop being American and start acting like a decent human?

iNsAnE-MS

#3
May 22, 2005, 11:07 AM
Rawr.

OnlyMeat

#4
May 22, 2005, 09:45 PM
Quote from: iNsAnE[m-s] on May 22, 2005, 08:44 AM
Is there any way to hook into like... windows? I need to see what process spawns another process. (Trying to write a tool I can use to kill this goofy spyware.)

Don't install spyware?

iNsAnE-MS

#5
May 23, 2005, 04:32 AM
No choice, didn't have XP all updated and it hijacked me. First time I've had spyware in two years.

MyndFyre

#6
May 23, 2005, 05:25 PM
You need the Windows DDK to hook the CreateProcess() routine.  You'll need to create a kernel-mode driver that uses the PsSetCreateProcessNotifyRoutine system function.

Note that products like Norton Internet Security and Microsoft Anti-Spyware already do things like this.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iNsAnE-MS

#7
May 24, 2005, 04:00 AM
Although they do this already, they don't notify of what program performs certain actions like modifying the registry, and do not notify me of what spawns 'approved' programs.

Adron

#8
June 01, 2005, 01:05 PM
Quote from: iNsAnE[m-s] on May 24, 2005, 04:00 AM
Although they do this already, they don't notify of what program performs certain actions like modifying the registry, and do not notify me of what spawns 'approved' programs.

To find out what program spawns a program I think you can just turn on process tracking in the security auditing settings for 2k+. To find out who modifies the registry you need to write a kernel mode driver that hooks the registry functions. Or use regmon....

Stealth

#9
June 02, 2005, 12:33 AM
Quote from: iNsAnE[m-s] on May 22, 2005, 08:44 AM
Is there any way to hook into like... windows? I need to see what process spawns another process. (Trying to write a tool I can use to kill this goofy spyware.)

One of my favorite anti-spyware tools will help you here: SysInternals' ProcessExplorer lets you see and terminate entire process trees as well as process handle information and plenty of other good stuff.
- Stealth
Author of StealthBot
Print
|
Go Up Pages1
User actions