Re: DLL Watching

From: Ryan Permeh (ryanat_private)
Date: Tue Jan 08 2002 - 11:20:02 PST

Next message: Hector Herrera: "Re: DLL Watching"

Previous message: Marc Sherman: "RE: DLL Watching"
In reply to: Shripal: "DLL Watching"
Next in thread: Hector Herrera: "Re: DLL Watching"
Reply: Hector Herrera: "Re: DLL Watching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

by using "wrapper" dll's, or api hooking, you can do this.  basically, you
create a shell dll that exports all of the same functions and each export
logs and calls the equivilent actuall dll export.  this is a software
cracker / reverse engineer trick that has a lot of applicibility in research
context.

Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

----- Original Message -----
From: "Shripal" <meghaniat_private>
To: <secprogat_private>
Sent: Sunday, January 06, 2002 11:34 PM
Subject: DLL Watching


> [shrip] Is there any way of monitoring which processes are loading which
> dlls at realtime??
>
>
>

Next message: Hector Herrera: "Re: DLL Watching"
Previous message: Marc Sherman: "RE: DLL Watching"
In reply to: Shripal: "DLL Watching"
Next in thread: Hector Herrera: "Re: DLL Watching"
Reply: Hector Herrera: "Re: DLL Watching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 12:14:26 PST