SKanns
November 21st, 2005, 14:08
Hello,
I am trying to use the Microsoft Detour's package and prove that I am successfully able to intercept Win32API calls that might have been injected by a malicious code into my exe.
I was able to statically insert some new Win32API calls in my app using OllyDbg. But I am also trying to dynamically insert a few Win32API calls into my exe to prove that I can detect the anomaly using the Detours package.
This is where I am stuck..I am unable to find help on how to modify the exe after it has been loaded in the memory. I know how to modify the exe before it is loaded.
Hope my question was clear enough :-)
Thanks for any help,
Subha
I am trying to use the Microsoft Detour's package and prove that I am successfully able to intercept Win32API calls that might have been injected by a malicious code into my exe.
I was able to statically insert some new Win32API calls in my app using OllyDbg. But I am also trying to dynamically insert a few Win32API calls into my exe to prove that I can detect the anomaly using the Detours package.
This is where I am stuck..I am unable to find help on how to modify the exe after it has been loaded in the memory. I know how to modify the exe before it is loaded.
Hope my question was clear enough :-)
Thanks for any help,
Subha