Archive for articles

mlandi | March 9, 2011
No comments

DLL Redirection Tutorial

WARNING: If you do not understand what you are doing you WILL really screw up your system. I take no responsibility for this.

Did you ever need to intercept DLL functions that are part of the Windows API? There are many good reasons for doing this; application debugging, process spying, clocking, etc. Even more powerful than function interception is the ability to modify the response of function calls back to the application. This is precisely what DLL Proxying (also known as DLL Hijacking) allows you to do.

In the following tutorial we are going to intercept Mozilla Firefox’s function call to the Windows Socket Library, “wsock32.dll”. The function is called “gethostbyname”. This function is invoked each time Firefox performs a DNS lookup of a domain name. Once this function is intercepted, our proxy DLL will log each URL that Firefox requests, outputting each request to a log file.

Read more

Category: articles, computer security, featured, malware, rootkit, theory | Tags: , , , ,
mlandi | March 9, 2011
No comments

The Methods of Windows Rootkits

Long ago I wrote my senior research paper which described the ways in which Rootkits are infecting systems and how they can remain hidden from the operating system itself.  Let me know what you think.

http://sourcesecure.net/Articles/Rootkits.pdf

The article has been published in the Journal of Applied Security Research.  If you wish, you can purchase a copy.

Category: articles, computer security, featured, malware, rootkit |