[icq-devel] ICQ hooks



Gerke Preussner j3rky at tactical-ops.de
Tue Jun 17 14:51:33 CEST 2003


Hi Alex,


the general answer in such cases is DLL Interception. Assuming you have
knowledge of the structure of exported DLL functions (parameter list and
return value), you can create a fake DLL that will pass through all API
calls to the original DLL and extract/insert information where
necessary.

The approach is fairly simple:

(1) rename the original DLL to something else
(2) create a fake DLL with a compatible exported function list
    and the name of the original DLL
(3) bind the original DLL within your fake DLL

For simple function parameters (integers, strings etc), the function
parameter list can often be reverse engineered by disassembling the DLL
and/or the host application. For more complex parameters, such as
objects, the whole thing can be difficult and requires knowledge about
the used compiler.


Regards,


j3rky


--  
headcrash industries
email: j3rky at gerke-preussner.de
www: http://www.gerke-preussner.de
latest project: http://flowershop.gerke-preussner.de

***

TacticalOps Coder, Designer & Mapper
TacticalOps Germany PR & Community
Kamehan Studios, Paris, France
email: j3rky at tactical-ops.de

sick of playing Counterstrike?
try: http://www.tactical-ops.to
and: http://www.tactical-ops.de



-----Original Message-----
From: icq-devel-bounces at blipp.com [mailto:icq-devel-bounces at blipp.com]
On Behalf Of Alex A. Antsiferov
Sent: Tuesday, June 17, 2003 2:21 PM
To: icq-devel at blipp.com
Subject: [icq-devel] ICQ hooks


Hi All!

I'm writing utility that will be secure all messages so i need to hook
ICQ Api calls. Can anybody tell me how can i do it?




More information about the icq-devel mailing list