Intercepting hooks and API Calls
- From: "Cleber P. de Souza" <nospam@xxxxxxxxx>
- Date: Fri, 03 Jun 2005 09:30:06 -0300
Hi,
I have been studying about techniques that could intercept Hooks and API call to select what would be normal operation or illegal call, example:
If detected an hook that monitor the Keyboard, this could be considered a trojan and need be blocked. The same could be said about some API calls that don't have necessity instead when came from the system or a knew application.
I think the best way to implement something to do this would be creating a device driver in kernel mode that implements ways to intercept hooks and messages before it get the target window and decide blocked or no based in a internal database with the rules.
What do you think about this and would be it possible? Are there some job on this area? Any suggestion?
Thanks,
Cleber P. de Souza .
- Follow-Ups:
- Re: Intercepting hooks and API Calls
- From: cristalink
- Re: Intercepting hooks and API Calls
- From: Maxim S. Shatskih
- Re: Intercepting hooks and API Calls
- Prev by Date: RE: installing printer driver programmatically
- Next by Date: Re: how to hide MDIS IM driver in Device Manager?
- Previous by thread: RE: Print Data
- Next by thread: Re: Intercepting hooks and API Calls
- Index(es):
Relevant Pages
|
