So, let's say you want to intercept all the functions exported by kernel32.dll? well,
having to write by hand the .cfg file and the .py file with the handlers can be a daunting task :), it has hundreds of functions.
So, instead of doing that, just use genhooks.py like this:
genhooks.py -f kernel32.dll -t b -c kernel32.cfg -p kernel32.py
-f: specifies the name of the DLL
-t: specifies the hook type. b = before, a = after, * = address (you would normally use b or a)
-c: OPTIONAL. specifies the name of the .cfg file. if it is not specified, the dllname_without_the_extesion.cfg will be used
-p: OPTIONAL. name of the .py file with the hooks for all the functions. if it is not specified the dllname_without_the_extension.py will be used.
And that's it. It's a very simple script that I coded 300 hundred times already, the only difference is that now I'm keeping a copy around :).
The script can be found here:
http://oss.coresecurity.com/uhooker/doc/index.html#scripts
Direct download link:
http://oss.coresecurity.com/uhooker/scripts/genhooks.py
2 comments:
Thanks man. Uhooker is now a very handy tool in my toolkit. Best regards. =)
Cool!, Thanks!. :).
Please let me know if you have any specific feature you want in the tool and of any bugs!
Post a Comment