- Forum
- Windows Programming
- How will you hook NtTerminateProcess?
How will you hook NtTerminateProcess?
closed account (13bSLyTq)
Hi,
You should be in the beginners section learning basics, anyway you asked this question about 2+ times to hook NtTerminateProcess you must
- Grab Address of NtTerminateProcess
- Unprotect 5 bytes of the address
- Add a 5-byte jmp to the prologue of the function, with the operand being the offset between NtTerminateProcess and callback with 0x5 added if you enabled hot-patching to avoid instruction\stack being corrupted
- In the callback you must replace the original stack and perform the overwritten instructions manually then jmp back with offset between NtTerminateProcess and the current EIP location with 0x5 added to avoid the jmp, which would avoid the infinite loop
if done correct you must be successfull.
This is as simple as we can get you see, any good Winapi member can do this in 40 seconds. Easy
Please don't ask me about math of finding offset. It is basic math.
You should be in the beginners section learning basics, anyway you asked this question about 2+ times to hook NtTerminateProcess you must
- Grab Address of NtTerminateProcess
- Unprotect 5 bytes of the address
- Add a 5-byte jmp to the prologue of the function, with the operand being the offset between NtTerminateProcess and callback with 0x5 added if you enabled hot-patching to avoid instruction\stack being corrupted
- In the callback you must replace the original stack and perform the overwritten instructions manually then jmp back with offset between NtTerminateProcess and the current EIP location with 0x5 added to avoid the jmp, which would avoid the infinite loop
if done correct you must be successfull.
This is as simple as we can get you see, any good Winapi member can do this in 40 seconds. Easy
Please don't ask me about math of finding offset. It is basic math.
closed account (3hMz8vqX)
Can you give me the code?
I dont know the callback also...
because I have never done hooking before...:)
Sorry about that :)
I dont know the callback also...
because I have never done hooking before...:)
Sorry about that :)
Last edited on
closed account (13bSLyTq)
NO! I will not give you the COE, "learn it don't ask it".
Next causally saying "sorry about that" as if it is trivial is not right, hooking is fairly simple topic it.
Thanks!
Next causally saying "sorry about that" as if it is trivial is not right, hooking is fairly simple topic it.
Thanks!
Last edited on
closed account (3hMz8vqX)
Please, it might me simple for you but not for me since Im a beginner and learning computer security through examples...:)
closed account (13bSLyTq)
Hi,
Sorry - I am not giving code as you are a "beginner" as you said and you still have to learn as Computer Security is about learning and besides learning is better than me giving code to you.
Regards,
OrionMaster.
Sorry - I am not giving code as you are a "beginner" as you said and you still have to learn as Computer Security is about learning and besides learning is better than me giving code to you.
Regards,
OrionMaster.
closed account (3hMz8vqX)
Okay,
this thread is useless...
Im gonna abandon this thread and this forum...:(((
this thread is useless...
Im gonna abandon this thread and this forum...:(((
closed account (13bSLyTq)
Okay, Bye. No need to insult the forum.
Besides you have not contributed anything so it makes no difference
Besides you have not contributed anything so it makes no difference
Last edited on
Topic archived. No new replies allowed.