From: m on 13 Jul 2010 18:32 look at Detours in MSDN "AG" <heyji2(a)gmail.com> wrote in message news:766c84f2-e56a-4dab-9c2e-21fd0c404553(a)i31g2000yqm.googlegroups.com... > Hello, > > I am working on a taint tracing tool, and I for this I would like to > intercept socket opening and closing, and reads from sockets. > > On linux, this can be done in intercepting system calls > (SYS_socketcall, SYS_read, SYS_close) but on windows, how can I > monitor such things ? In the system call table (given by metasploit), > I don't see the equivalent calls. Though, monitoring the system calls > during a simple client/server communication, I have identified the > following function calls: > > NtCreateFile (for socket opening ?) > NtDeviceIoControlFile (for controling the socket ?) > NtRequestWaitReplyPort > NtWaitForSingleObject > NtQueryInformationProcess > NtClose > NtUnmapViewOfSection > NtAllocatevirtualMemory > NtTerminateProcess > > I tried to display some of their buffers, without being able to find > any of the transmitted data of the communication. > > Is there a way to intercept the data buffers in use during read/write > through a socket if I monitor system calls, or is it useless because > things does not go like I imagine? > > Thanks in advance for your help, > > AG.
From: AG on 15 Jul 2010 14:09 On Jul 14, 12:32 am, "m" <m...(a)b.c> wrote: > look at Detours in MSDN Hello m, I have difficulties to access the web page on Microsoft web site. But I have seen that it is dated from 1999, and I assume it does the same thing than PIN (from Intel) which I am using for this. But I will definitly try to have a look as well as at the TDI filters. And come back if it is not what I need. Thank you all. AG.
First
|
Prev
|
Pages: 1 2 Prev: In case this group is gone from MS News Server Next: Expand.exe failure on WS08-R2 |