When I was working with various user-mode hooking techniques, I developed this very simple way to bypass any trivial user-mode hooks applied to Win32 APIs.
Key features:
Here's the source code of the native DLL: Anti.cpp
Here's a simple wrapper class for using the DLL: DynamicApi.cs
Here's how you'd use it: SampleUsage.cs
Alright so, that's it for now. If you've any questions or suggestions, just leave them below in the comments section.
Have fun! ;)
When I was working with various user-mode hooking techniques, I developed this very simple way to bypass any trivial user-mode hooks applied to Win32 APIs.Key features:
- 32-bit and 64-bit support.
- Bypasses trivial user-mode hooks at runtime (IAT, Hotpatching, etc.)
- Dynamically calls Win32 API by loading the library or module (if not already loaded) and getting the target function address at runtime.
- No support for Nt/Zw version APIs i.e. system calls. Don't use this to call them - unless you want your application to crash.
- No support for functions not implementing the standard function prologue. (GetCurrentProcess, GetCurrentProcessId, etc.)
Here's the source code of the native DLL: Anti.cpp
Here's a simple wrapper class for using the DLL: DynamicApi.cs
Here's how you'd use it: SampleUsage.cs
Popular
Tags
Videos
0 comments:
Post a Comment