Trao đổi với tôi


[Hooking] Hook detection

1.madShow tool:

Hi, I am writing a small programm which displays all current installed user hooks. I've create msall support for madCHook, maybe someone can test it, and say if it works. Thx

HookShark BETA 0.9 (with a vengeance)

It has been one month only, and here i come with another big update.
And yes, it's worth it.

I am doing a quick overview of what has changed.

I am introducing the first tool that detects Hooks of VTables.
It does so by tracing certain assembly patterns and relocated blocks in the data section, that might be a table of virtual method-pointers.

If you set the verbosity high HookShark will also list all changed relocated function ptrs. in data sections.

Also all found global instances of polymorphic classes with VTables are listed in one section for your convinience to ease the analysis of your target.

So feel free to test around some stuff. HookShark might not find all virtual function tables. But this is hardly avoidable.

Resigzed ImageClick this bar to view the full image.

Next up is the new built-in Disassembler. Not much functionality. Just to grant a quick look at the area, if this is something worth exploring further with a debugger.

Some targets might fuck with us, guarding pages or even the modulelists. Also time-attacks to detect thread suspensions is a common technique.
So if the target crashes on scan or doesn't seem to be scannable, play around with the new Troubleshooting options in the Global Options Tab.

Also check out the new Credits Dialog. I included the old Chiptune, that you might know from 0.6.

Abso insisted on testing out the new bug-tracking system. So if you want to report bugs, then try it out:

I don't know if i will use it. But it doesn't hurt to check it put. If you want to be extra sure, mention the bug here in this thread.

Resigzed ImageClick this bar to view the full image.

PS: Yeah i know. The pictures show version "0.8" :P
That's because im lazy to make new pictures.


Fixed version:


09-02-2010 - 1 -- Fixed memory leak. Thx to MiDoX


No comments:

Post a Comment