Re: Intercepting hooks and API Calls
- From: "Arkady Frenkel" <arkadyf@xxxxxxxxxxxxxxxx>
- Date: Sun, 5 Jun 2005 18:57:38 +0200
I don't know if driver can help here but intercepting
SetWindowsHook(Ex) is a way IMHO
Arkady
"Cleber P. de Souza" <nospam@xxxxxxxxx> wrote in message
news:urIc9MFaFHA.900@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> I have been studying about techniques that could intercept Hooks and API
> call to select what would be normal operation or illegal call, example:
> If detected an hook that monitor the Keyboard, this could be considered a
> trojan and need be blocked. The same could be said about some API calls
> that don't have necessity instead when came from the system or a knew
> application.
>
> I think the best way to implement something to do this would be creating a
> device driver in kernel mode that implements ways to intercept hooks and
> messages before it get the target window and decide blocked or no based in
> a internal database with the rules.
>
> What do you think about this and would be it possible?
> Are there some job on this area? Any suggestion?
>
> Thanks,
>
> Cleber P. de Souza
.
- References:
- Intercepting hooks and API Calls
- From: Cleber P. de Souza
- Intercepting hooks and API Calls
- Prev by Date: Re: fast memcpy for xeon
- Next by Date: Re: Eliyas Yakub's sample JoyFlt
- Previous by thread: Intercepting hooks and API Calls
- Next by thread: Re: Intercepting hooks and API Calls
- Index(es):
Relevant Pages
|
