Jump to content
Sign in to follow this  
PhaseX

Quick question about hooks and autoit

Recommended Posts

PhaseX

Hi,

I'm quite new with autoit, but have some programming experience (a little bit of java, python c). I'm trying to get into some windows automation, so I'd like to be working with the windows API's eventually.

My question is if some process has been hooked and modified one of the api's in user32.dll lets say some malware changes one the functions. Is it still possible for my autoit program to use that function? If so would I need a separate copy of user32.dll in the folder where my autoit program is?

Thanks for your help.

Share this post


Link to post
Share on other sites
Jos

This is a vague question for a first timer to say the least.

What exactly do you want to do with Autoit3?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
PhaseX

Well I've been playing around with AHK, but it is not as robust as autoit. This is more of a learning project for me.

For my program to be:

  • I'd like to specifically know when a program is loaded if a specific api or set of api's has been hooked and modified
  • Find out which process did the hooking.

Now in some extreme cases (this is much later),

Let's say we have a trojan/malware that has infected us and is hidden. I'd like to be able to still find it. I know this may be a little out there for a beginner, but most malware/trojans would usually hook certain api's to return false values to task manager and or other programs. I'm wondering if its possible to check for these API's since they've already been hooked and modified?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.