» DLL

Things to do for the next days …

carrumba — Fri, 01 Oct 2010 11:27:33 +0000

I’m still struggling to make SkypeTap (skype interception module) work on Win7. This week things just don’t go as smoothly as expected :/ As soon as I have a result (may it be positive or negative) I’ll let you know.

If it works I think a further post would be appropriate that shows in detail how to inject *something* into a process and what different approches exist to do that.

Watching encrypted Skype traffic with SkypeDLLInjector

carrumba — Tue, 04 Aug 2009 12:30:22 +0000


Tool name :	SkypeDLLInjector version 0.1

Description :	SkypeDLLInjector is a tool to demonstrate how DLL injection works. In this proof of concept it is applied to the Skype application. It consists of a loader application which remains running in the background and a DLL which will be injected into every newly started program via a system wide Windows hook. All what this tool does is interception the function calls recv() and send() to inspect the network data skype is sending and receiving. Because Skype traffic is encrypted only a small portion of the traffic is readable. But it could inspire you to create your own tools which eavesdrop other calls to intercept sensitive data (as the username and password for example).

Tested on :	Windows XP

Feedback :	In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.

Downloads :	Binary \| Source

DLL injection by modifying an executable file.

carrumba — Fri, 03 Jul 2009 16:43:53 +0000

This is a newer document from 2009 that explains DLL injection. Instead of using the often used Windows hooking method to inject a DLL into a running process in this example the author modifies the binary itself and loads the DLL when starting the executable file.

Download it here.