Jump to content

Hooking system calls


Recommended Posts

OK I know I am going out on a limb asking this. I see everyone get flamed for asking about kelogging. However, before you ask, I AM NOT MAKING A KEYLOGGER!!

I need to know you can hook system calls with autoit somehow. Here is what I am trying to do. I want to make an app that will sit in the background and look for certain system calls. I want it to intercept when another app looks to see if a smartcard is inserted and return the message that there is one there. Even if it is not present.

Sort of a very specialized rootkit if you will (please don't flame me for saying that word). If anyone has any experience with this, please let me know. I have a feeling I need a lower level language like maybe delphi or something.

Thanks in advance!

Link to comment
Share on other sites

I have a feeling I need a lower level language like maybe delphi or something.

your feelings are going in the right direction....

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Link to comment
Share on other sites

your feelings are going in the right direction....

...can someone explain to me where is the fun into doing that kind of stuff in AutoIT at the first place? (hidden malicious stuff, game bots to "cheat" in games and such)

No wonder why some devs want to keep sensitive functionnalities out of AutoIT with that kind of users around :-/

Sorry to say it that bluntly, but I'm discouraged more and more frequently as I read threads on the forum these days...

If someone really want to do a keylogger or other type of stupid thing, why not learning the real thing and code it in C instead?

My big concern is that AutoIT might be eventually flagged as a malicious piece of software.

AutoIT really helps me in my daily (repetitive) tasks as an admin. I gave a few contributions already. I invested a lot of time building fairly complex scripts that does USEFUL things.

And I would be really p...-off if suddenly my employer tells me to stop using my scripts because AutoIT acquired a "hacker's tool" reputation.

I know lots of punks here will say "who cares about that guy anyways?" - but I really had to let this out ;-)

Link to comment
Share on other sites

I want it to intercept when another app looks to see if a smartcard is inserted and return the message that there is one there. Even if it is not present.

this would result in a program being given a false positive and running when it shouldn't. and would pose a rather high security risk.

the term "no-cd" comes to mind, only in this case, with something that could be used for malicious intent.

Link to comment
Share on other sites

OK I know I am going out on a limb asking this. I see everyone get flamed for asking about kelogging. However, before you ask, I AM NOT MAKING A KEYLOGGER!!

I need to know you can hook system calls with autoit somehow. Here is what I am trying to do. I want to make an app that will sit in the background and look for certain system calls. I want it to intercept when another app looks to see if a smartcard is inserted and return the message that there is one there. Even if it is not present.

Sort of a very specialized rootkit if you will (please don't flame me for saying that word). If anyone has any experience with this, please let me know. I have a feeling I need a lower level language like maybe delphi or something.

Thanks in advance!

I'm just wondering why you would want the program to say a smartcard is present when it isn't.

If it's for a smartcard as you say, doing that won't do any good, if the app can't get the credentials it needs.

SciTE for AutoItDirections for Submitting Standard UDFs

 

Don't argue with an idiot; people watching may not be able to tell the difference.

 

Link to comment
Share on other sites

this would result in a program being given a false positive and running when it shouldn't. and would pose a rather high security risk.

the term "no-cd" comes to mind, only in this case, with something that could be used for malicious intent.

using a smartcard does not mean to simply check if it is plugged in. It involves cryptographic operations ON the chip of the smartcard. So, pretending there is a smartcard is annoying for other applications, but it is not a very high security risk.

__________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...