Hooking the Hook

Hi there,

Actually I’m working on a particular application that as first instance needs to monitor the
activity of certain functions, such as CreateFile(), ReadFile(), WriteFile
and DeviceIoControl().

Especially this last API, cause all communications between a Device Driver and the UserMode application, are accomplished by IOTCLs that are sent with DeviceIoControl().

So essentially we need to implement an API Monitoring application, and this can be done by hooking the wanted API and using next an empty Trampoline function, just to grab the used parameters.

The most intersting hooking are:
Microsoft’s Detour -> http://research.microsoft.com/sn/detours/
Deviare -> http://www.nektra.com/products/deviare/index.php
Mini-HookEngine ->http://www.codeproject.com/KB/system/mini_hook_engine.aspx

My suggestion is to use Deviare or Mini-HookEngine are really easy and powerful!😉

Regards,
Evilcry

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: