Results 1 to 3 of 3

Thread: Dynamically insert Win32API Call

  1. #1

    Dynamically insert Win32API Call


    I am trying to use the Microsoft Detour's package and prove that I am successfully able to intercept Win32API calls that might have been injected by a malicious code into my exe.

    I was able to statically insert some new Win32API calls in my app using OllyDbg. But I am also trying to dynamically insert a few Win32API calls into my exe to prove that I can detect the anomaly using the Detours package.

    This is where I am stuck..I am unable to find help on how to modify the exe after it has been loaded in the memory. I know how to modify the exe before it is loaded.

    Hope my question was clear enough :-)

    Thanks for any help,
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Have you looked at any of the process patchers? It might be cumbersome to add enough patches to do what you are trying, but (AFAIK) they all perform patching on the code after loading into memory but prior to the start of execution.

    Personally I like R!SC's Process Patcher for the small stuff I do...

  3. #3
    Check The Governor. It is using Detours to WoW.


Similar Threads

  1. Unpacking Dynamically Allocated Code
    By disavowed in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: November 2nd, 2012, 03:53
  2. Call Bp
    By Jo_ti in forum The Newbie Forum
    Replies: 5
    Last Post: September 5th, 2009, 22:20
  3. IDA Call Graph
    By NoLoader in forum Tools of Our Trade (TOT) Messageboard
    Replies: 7
    Last Post: November 1st, 2007, 18:02
  4. Need Help with Strange JSR Call
    By BrashL in forum The Newbie Forum
    Replies: 5
    Last Post: March 16th, 2005, 15:26
  5. Is it possible to insert code?
    By Argoth in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: January 13th, 2001, 19:29


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts