Sign in to follow this  
Followers 0
PhaseX

Quick question about hooks and autoit

4 posts in this topic

Hi,

I'm quite new with autoit, but have some programming experience (a little bit of java, python c). I'm trying to get into some windows automation, so I'd like to be working with the windows API's eventually.

My question is if some process has been hooked and modified one of the api's in user32.dll lets say some malware changes one the functions. Is it still possible for my autoit program to use that function? If so would I need a separate copy of user32.dll in the folder where my autoit program is?

Thanks for your help.

Share this post


Link to post
Share on other sites



Well I've been playing around with AHK, but it is not as robust as autoit. This is more of a learning project for me.

For my program to be:

  • I'd like to specifically know when a program is loaded if a specific api or set of api's has been hooked and modified
  • Find out which process did the hooking.

Now in some extreme cases (this is much later),

Let's say we have a trojan/malware that has infected us and is hidden. I'd like to be able to still find it. I know this may be a little out there for a beginner, but most malware/trojans would usually hook certain api's to return false values to task manager and or other programs. I'm wondering if its possible to check for these API's since they've already been hooked and modified?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0