hacktricks/reversing/common-api-used-in-malware.md

# Algemene API gebruik in Malware

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Generies

### Netwerk

| Rauwe Sockets   | WinAPI Sockets |
| ------------- | -------------- |
| socket()      | WSAStratup()   |
| bind()        | bind()         |
| listen()      | listen()       |
| accept()      | accept()       |
| connect()     | connect()      |
| read()/recv() | recv()         |
| write()       | send()         |
| shutdown()    | WSACleanup()   |

### Volharding

| Registrasie         | Lêer          | Diens                      |
| ---------------- | ------------- | ---------------------------- |
| RegCreateKeyEx() | GetTempPath() | OpenSCManager                |
| RegOpenKeyEx()   | CopyFile()    | CreateService()              |
| RegSetValueEx()  | CreateFile()  | StartServiceCtrlDispatcher() |
| RegDeleteKeyEx() | WriteFile()   |                              |
| RegGetValue()    | ReadFile()    |                              |

### Enkripsie

| Naam                  |
| --------------------- |
| WinCrypt              |
| CryptAcquireContext() |
| CryptGenKey()         |
| CryptDeriveKey()      |
| CryptDecrypt()        |
| CryptReleaseContext() |

### Anti-Analise/VM

| Funksie Naam                                             | Assembly Instruksies |
| --------------------------------------------------------- | --------------------- |
| IsDebuggerPresent()                                       | CPUID()               |
| GetSystemInfo()                                           | IN()                  |
| GlobalMemoryStatusEx()                                    |                       |
| GetVersion()                                              |                       |
| CreateToolhelp32Snapshot \[Kontroleer of 'n proses loop\] |                       |
| CreateFileW/A \[Kontroleer of 'n lêer bestaan\]          |                       |

### Stealth

| Naam                     |                                                                            |
| ------------------------ | -------------------------------------------------------------------------- |
| VirtualAlloc             | Allokeer geheue (packers)                                                |
| VirtualProtect           | Verander geheue toestemming (packer gee uitvoerings toestemming aan 'n afdeling) |
| ReadProcessMemory        | Inspuiting in eksterne prosesse                                          |
| WriteProcessMemoryA/W    | Inspuiting in eksterne prosesse                                          |
| NtWriteVirtualMemory     |                                                                            |
| CreateRemoteThread       | DLL/Proses inspuiting...                                                 |
| NtUnmapViewOfSection     |                                                                            |
| QueueUserAPC             |                                                                            |
| CreateProcessInternalA/W |                                                                            |

### Uitvoering

| Funksie Naam    |
| ---------------- |
| CreateProcessA/W |
| ShellExecute     |
| WinExec          |
| ResumeThread     |
| NtResumeThread   |

### Divers

* GetAsyncKeyState() -- Sleutel logging
* SetWindowsHookEx -- Sleutel logging
* GetForeGroundWindow -- Kry die naam van die lopende venster (of die webwerf van 'n blaaier)
* LoadLibrary() -- Importeer biblioteek
* GetProcAddress() -- Importeer biblioteek
* CreateToolhelp32Snapshot() -- Lys lopende prosesse
* GetDC() -- Skermskoot
* BitBlt() -- Skermskoot
* InternetOpen(), InternetOpenUrl(), InternetReadFile(), InternetWriteFile() -- Toegang tot die Internet
* FindResource(), LoadResource(), LockResource() -- Toegang tot hulpbronne van die uitvoerbare

## Malware Tegnieke

### DLL Inspuiting

Voer 'n arbitrêre DLL binne 'n ander proses uit

1. Vind die proses om die kwaadwillige DLL in te spuit: CreateToolhelp32Snapshot, Process32First, Process32Next
2. Maak die proses oop: GetModuleHandle, GetProcAddress, OpenProcess
3. Skryf die pad na die DLL binne die proses: VirtualAllocEx, WriteProcessMemory
4. Skep 'n draad in die proses wat die kwaadwillige DLL sal laai: CreateRemoteThread, LoadLibrary

Ander funksies om te gebruik: NTCreateThreadEx, RtlCreateUserThread

### Reflektiewe DLL Inspuiting

Laai 'n kwaadwillige DLL sonder om normale Windows API-oproepe te doen.\
Die DLL word binne 'n proses gemap, dit sal die invoeradresse oplos, die herlokasies regmaak en die DllMain-funksie aanroep.

### Draad Hijacking

Vind 'n draad van 'n proses en laat dit 'n kwaadwillige DLL laai

1. Vind 'n teiken draad: CreateToolhelp32Snapshot, Thread32First, Thread32Next
2. Maak die draad oop: OpenThread
3. Suspend die draad: SuspendThread
4. Skryf die pad na die kwaadwillige DLL binne die slagoffer proses: VirtualAllocEx, WriteProcessMemory
5. Herbegin die draad wat die biblioteek laai: ResumeThread

### PE Inspuiting

Portabele Uitvoering Inspuiting: Die uitvoerbare sal in die geheue van die slagoffer proses geskryf word en daarvandaan uitgevoer word.

### Proses Hollowing

Die malware sal die wettige kode uit die geheue van die proses onttrek en 'n kwaadwillige binêre laai

1. Skep 'n nuwe proses: CreateProcess
2. Ontkoppel die geheue: ZwUnmapViewOfSection, NtUnmapViewOfSection
3. Skryf die kwaadwillige binêre in die proses geheue: VirtualAllocEc, WriteProcessMemory
4. Stel die ingangspunt in en voer uit: SetThreadContext, ResumeThread

## Hooking

* Die **SSDT** (**System Service Descriptor Table**) wys na kernfunksies (ntoskrnl.exe) of GUI bestuurder (win32k.sys) sodat gebruikersprosesse hierdie funksies kan aanroep.
* 'n Rootkit kan hierdie punte na adresse wat hy beheer, verander
* **IRP** (**I/O Request Packets**) stuur stukke data van een komponent na 'n ander. Byna alles in die kern gebruik IRP's en elke toestel objek het sy eie funksietabel wat gehook kan word: DKOM (Direct Kernel Object Manipulation)
* Die **IAT** (**Import Address Table**) is nuttig om afhanklikhede op te los. Dit is moontlik om hierdie tabel te hook om die kode wat aangeroep sal word, te kap.
* **EAT** (**Export Address Table**) Hooks. Hierdie hooks kan vanaf **userland** gedoen word. Die doel is om geexporteerde funksies deur DLL's te hook.
* **Inline Hooks**: Hierdie tipe is moeilik om te bereik. Dit behels die verandering van die kode van die funksies self. Miskien deur 'n sprongetjie aan die begin hiervan te plaas.

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`# Algemene API gebruik in Malware`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`{% hint style="success" %}`
			`Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`<summary>Ondersteun HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`* Kyk na die [subskripsie planne](https://github.com/sponsors/carlospolop)!`
			`* Sluit aan by die 💬 [Discord groep](https://discord.gg/hRep4RUj7f) of die [telegram groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Deel hacking truuks deur PRs in te dien na die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`## Generies`
intruder 2023-09-02 23:48:41 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### Netwerk`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`\| Rauwe Sockets \| WinAPI Sockets \|`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`\| ------------- \| -------------- \|`
			`\| socket() \| WSAStratup() \|`
			`\| bind() \| bind() \|`
			`\| listen() \| listen() \|`
			`\| accept() \| accept() \|`
			`\| connect() \| connect() \|`
			`\| read()/recv() \| recv() \|`
			`\| write() \| send() \|`
			`\| shutdown() \| WSACleanup() \|`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`### Volharding`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`\| Registrasie \| Lêer \| Diens \|`
			`\| ---------------- \| ------------- \| ---------------------------- \|`
			`\| RegCreateKeyEx() \| GetTempPath() \| OpenSCManager \|`
			`\| RegOpenKeyEx() \| CopyFile() \| CreateService() \|`
			`\| RegSetValueEx() \| CreateFile() \| StartServiceCtrlDispatcher() \|`
			`\| RegDeleteKeyEx() \| WriteFile() \| \|`
			`\| RegGetValue() \| ReadFile() \| \|`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### Enkripsie`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`\| Naam \|`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`\| --------------------- \|`
			`\| WinCrypt \|`
			`\| CryptAcquireContext() \|`
			`\| CryptGenKey() \|`
			`\| CryptDeriveKey() \|`
			`\| CryptDecrypt() \|`
			`\| CryptReleaseContext() \|`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`### Anti-Analise/VM`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`\| Funksie Naam \| Assembly Instruksies \|`
			`\| --------------------------------------------------------- \| --------------------- \|`
			`\| IsDebuggerPresent() \| CPUID() \|`
			`\| GetSystemInfo() \| IN() \|`
			`\| GlobalMemoryStatusEx() \| \|`
			`\| GetVersion() \| \|`
			`\| CreateToolhelp32Snapshot \[Kontroleer of 'n proses loop\] \| \|`
			`\| CreateFileW/A \[Kontroleer of 'n lêer bestaan\] \| \|`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### Stealth`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`\| Naam \| \|`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`\| ------------------------ \| -------------------------------------------------------------------------- \|`
Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:35:49 +00:00			`\| VirtualAlloc \| Allokeer geheue (packers) \|`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`\| VirtualProtect \| Verander geheue toestemming (packer gee uitvoerings toestemming aan 'n afdeling) \|`
			`\| ReadProcessMemory \| Inspuiting in eksterne prosesse \|`
			`\| WriteProcessMemoryA/W \| Inspuiting in eksterne prosesse \|`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`\| NtWriteVirtualMemory \| \|`
Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:35:49 +00:00			`\| CreateRemoteThread \| DLL/Proses inspuiting... \|`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`\| NtUnmapViewOfSection \| \|`
			`\| QueueUserAPC \| \|`
			`\| CreateProcessInternalA/W \| \|`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`### Uitvoering`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`\| Funksie Naam \|`
			`\| ---------------- \|`
GitBook: [master] 411 pages modified 2020-12-09 00:31:50 +00:00			`\| CreateProcessA/W \|`
Translated ['forensics/basic-forensic-methodology/partitions-file-system 2024-03-26 15:51:04 +00:00			`\| ShellExecute \|`
			`\| WinExec \|`
			`\| ResumeThread \|`
			`\| NtResumeThread \|`
GitBook: [master] 2 pages modified 2020-12-03 18:00:02 +00:00
Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:35:49 +00:00			`### Divers`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`* GetAsyncKeyState() -- Sleutel logging`
			`* SetWindowsHookEx -- Sleutel logging`
			`* GetForeGroundWindow -- Kry die naam van die lopende venster (of die webwerf van 'n blaaier)`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* LoadLibrary() -- Importeer biblioteek`
			`* GetProcAddress() -- Importeer biblioteek`
			`* CreateToolhelp32Snapshot() -- Lys lopende prosesse`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`* GetDC() -- Skermskoot`
			`* BitBlt() -- Skermskoot`
			`* InternetOpen(), InternetOpenUrl(), InternetReadFile(), InternetWriteFile() -- Toegang tot die Internet`
			`* FindResource(), LoadResource(), LockResource() -- Toegang tot hulpbronne van die uitvoerbare`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`## Malware Tegnieke`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### DLL Inspuiting`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`Voer 'n arbitrêre DLL binne 'n ander proses uit`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`1. Vind die proses om die kwaadwillige DLL in te spuit: CreateToolhelp32Snapshot, Process32First, Process32Next`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`2. Maak die proses oop: GetModuleHandle, GetProcAddress, OpenProcess`
			`3. Skryf die pad na die DLL binne die proses: VirtualAllocEx, WriteProcessMemory`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`4. Skep 'n draad in die proses wat die kwaadwillige DLL sal laai: CreateRemoteThread, LoadLibrary`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander funksies om te gebruik: NTCreateThreadEx, RtlCreateUserThread`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### Reflektiewe DLL Inspuiting`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`Laai 'n kwaadwillige DLL sonder om normale Windows API-oproepe te doen.\`
			`Die DLL word binne 'n proses gemap, dit sal die invoeradresse oplos, die herlokasies regmaak en die DllMain-funksie aanroep.`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### Draad Hijacking`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`Vind 'n draad van 'n proses en laat dit 'n kwaadwillige DLL laai`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`1. Vind 'n teiken draad: CreateToolhelp32Snapshot, Thread32First, Thread32Next`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`2. Maak die draad oop: OpenThread`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`3. Suspend die draad: SuspendThread`
			`4. Skryf die pad na die kwaadwillige DLL binne die slagoffer proses: VirtualAllocEx, WriteProcessMemory`
			`5. Herbegin die draad wat die biblioteek laai: ResumeThread`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### PE Inspuiting`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:35:49 +00:00			`Portabele Uitvoering Inspuiting: Die uitvoerbare sal in die geheue van die slagoffer proses geskryf word en daarvandaan uitgevoer word.`
GitBook: [master] one page modified 2021-09-07 00:15:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`### Proses Hollowing`
intruder 2023-09-02 23:48:41 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`Die malware sal die wettige kode uit die geheue van die proses onttrek en 'n kwaadwillige binêre laai`
intruder 2023-09-02 23:48:41 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`1. Skep 'n nuwe proses: CreateProcess`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00			`2. Ontkoppel die geheue: ZwUnmapViewOfSection, NtUnmapViewOfSection`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`3. Skryf die kwaadwillige binêre in die proses geheue: VirtualAllocEc, WriteProcessMemory`
			`4. Stel die ingangspunt in en voer uit: SetThreadContext, ResumeThread`
GitBook: [#3165] No subject 2022-05-01 16:32:23 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`## Hooking`
GitBook: [#3165] No subject 2022-05-01 16:32:23 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`* Die SSDT (System Service Descriptor Table) wys na kernfunksies (ntoskrnl.exe) of GUI bestuurder (win32k.sys) sodat gebruikersprosesse hierdie funksies kan aanroep.`
Translated ['README.md', 'crypto-and-stego/hash-length-extension-attack. 2024-09-04 13:35:49 +00:00			`* 'n Rootkit kan hierdie punte na adresse wat hy beheer, verander`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`* IRP (I/O Request Packets) stuur stukke data van een komponent na 'n ander. Byna alles in die kern gebruik IRP's en elke toestel objek het sy eie funksietabel wat gehook kan word: DKOM (Direct Kernel Object Manipulation)`
			`* Die IAT (Import Address Table) is nuttig om afhanklikhede op te los. Dit is moontlik om hierdie tabel te hook om die kode wat aangeroep sal word, te kap.`
			`* EAT (Export Address Table) Hooks. Hierdie hooks kan vanaf userland gedoen word. Die doel is om geexporteerde funksies deur DLL's te hook.`
			`* Inline Hooks: Hierdie tipe is moeilik om te bereik. Dit behels die verandering van die kode van die funksies self. Miskien deur 'n sprongetjie aan die begin hiervan te plaas.`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`{% hint style="success" %}`
			`Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`<details>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`<summary>Ondersteun HackTricks</summary>`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`* Kyk na die [subskripsie planne](https://github.com/sponsors/carlospolop)!`
			`* Sluit aan by die 💬 [Discord groep](https://discord.gg/hRep4RUj7f) of die [telegram groep](https://t.me/peass) of volg ons op Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Deel hacking truuks deur PRs in te dien na die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Translated ['README.md', 'forensics/basic-forensic-methodology/partition 2024-03-09 13:18:39 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:15:11 +00:00			`{% endhint %}`