DCCD Posted January 21, 2011 Share Posted January 21, 2011 How can made safer application that is not detect by antivirus, This does not mean AutoIt Specifically, but all languages C++ VB ..etc. [setWindowsHookEx] Function i'd like to use this func It's probably a bad idea, but Does AV software detect this func as a threat?. Any comments are welcome. . [u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group Link to comment Share on other sites More sharing options...
Ace08 Posted January 21, 2011 Share Posted January 21, 2011 Hi there im a bit lost at what you wanted but this might Work smarter not harder.My First Posted Script: DataBase Link to comment Share on other sites More sharing options...
DCCD Posted January 21, 2011 Author Share Posted January 21, 2011 Hi there im a bit lost at what you wanted but this might Did you even read my post? [u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group Link to comment Share on other sites More sharing options...
Ace08 Posted January 21, 2011 Share Posted January 21, 2011 (edited) hmmmm.... lets put it this way would i reply to your post if i didn't read it? sorry if this isn't the one you need.... nvm my post Edited January 21, 2011 by Ace08 Work smarter not harder.My First Posted Script: DataBase Link to comment Share on other sites More sharing options...
Manko Posted January 21, 2011 Share Posted January 21, 2011 Hi! Some antivirus will detect such behavior. But since alot of software do hook functions that way, it is largely allowed... The big problem though with hooking this way is that in worst case you will be taking away your/someoneelses virus selfprotection. That is one of the reasons we are often adviced not to run multiple similar protection systems, with the missguided idea that protection will double/trippel or quadrouple... What specifically do you want to hook and what end are you trying to achieve? There are many other ways to achieve any one goal. /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Manko Posted January 21, 2011 Share Posted January 21, 2011 (edited) Hi!Some antivirus will detect such behavior. But since alot of software do hook functions that way, it is largely allowed...The big problem though with hooking this way is that in worst case you will be taking away your/someoneelses virus selfprotection.That is one of the reasons we are often adviced not to run multiple similar protection systems, with the missguided idea that protection will double/trippel or quadrouple... What specifically do you want to hook and what end are you trying to achieve?There are many other ways to achieve any one goal./MankoOooops! Sorry! These are windows-messages-hooks... so long since i worked these things, so I confused things...I REALLY don't think antivirus will be complaining much about these... Well, there's that infamous technique that injects a dll into most gui-apps... Might be stopped by some... Again, though... What do you wanna do? It can probably be done in many other ways...Well... Sorry about the mixup...Also, unlike the thing I was thinking of, this is safe to do./Manko Edited January 21, 2011 by Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
DCCD Posted January 22, 2011 Author Share Posted January 22, 2011 thank you for your reply, I ask this question because If you use the FileInstall function! A lot of antivirus software will detect this func as a warm. It does not matter if "false positive", For me, if my best friend gave me a file and my antivirus detect it as a warm i'll ask myself "why my best friend gave me a virus", about me I know it's a false positive, but what about someone that don't know much about "false positive" he'll say IT'S A VIRUS. that's why i'm here i need any information about "SetWindowsHookEx" func NB:even i don't use UPX, that's all, Thanks Again. . [u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group Link to comment Share on other sites More sharing options...
Manko Posted January 22, 2011 Share Posted January 22, 2011 that's why i'm here i need any information about "SetWindowsHookEx" funcDepends if you do malicious-like stuff...WH_KEYBOARD_LL might be stopped by some and flagged by some... (Spyware/keylogger)...and if you push .dll into other apps, heuristics will get known bad .dlls...I'm NO expert on what VIRUS-proggys do or dont do though...(Am still qurious what you're trying to do...)/Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now