The bad news first. Skype on Windows 7, according my experience, protects its binary that way that API hooking is not feasible anymore :/
I’ll check an other source that can either confirm that or hopefully prove the opposite. But I’m quite sure they closed the leak.
The good news is : gtalk has the same symptoms as Skype had once. I’ll invest the remaining time to analyse the leak on gtalk…
But anyway … after finishing the gtalk stuff I’ll put my focus back on Skype. I’m sure there is an other way to do it. We just have to look a level lower closer to the hardware.
correct. they don’t use the usual libs anymore. but what else except DSound and WinMM is available? did you do further tests? new findings?
hello.
i experiment with http://www.nektra.com/products/spystudio-api-monitor/ on win7 with skype. I think that skype not use directsound in their 5 version. and they not use wavein (waveout) API. Is exist any ay to get sound on win7?
“protects its binary that way that API hooking is not feasible anymore”
if set hook to createfile from kernel32 spystudio do hook.
Sorry for my english
you can find the hooking functions in the source. never worked with detours but maybe i shoud give it a try as soon as i have a little time spare.
Are you using the Microsoft detours SDK?
Felix
well, the app behaves as if there are no hooks at all. i dont know in detail how they did it but yes … i think with an other approach, withouth windows hooks, we are a step ahead again. let me first finish the other IM hooking apps and i’ll check it out…
Do you have any more details on what is being done to detect hooking? Scans for jumps at the beginning of APIs? Or checksums?
Greetings
Felix