Jump to content

Reading file creation in kernel32.dll

LinuZ

By LinuZ
in AutoIt General Help and Support

 Share

Recommended Posts

LinuZ Wayfarer

LinuZ

Posted
Posted (edited)

I saw a video on youtube.com about the hacking of the internet site bankofindia.com, and in the video the "producer" that filmed it had a sniffer program, that sniffed file creation and deletion and so on... Hope you get what I mean.

How to control the DLL file "kernel.dll" to read what files that is being created?

Edited by LinuZ
Uriziel01 Universalist

Uriziel01

Posted
Posted

If i understand you right then... i think is impossible to read an active state of any dll file or to scan what it is doing. The only way i think is to do a list of all files on a serwer and check for any changes. In the example board you goth few script almost done for doing that.

LinuZ Wayfarer

LinuZ

Posted
  • Author
Posted

No it is not really this I mean. I just searched some on wikipedia and I read that the DLL file "kernel.dll", is the one used to make files, and therefore I could be possible to read what it makes...

Anyone know how to use functions with the "kernel.dll" file?

  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

What do you need it for?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

LinuZ Wayfarer

LinuZ

Posted
  • Author
Posted

I had an idea to make a program that tracks for example:

File blahblah.tmp has been created

File blahblah2.tmp has been modified by program.exe

File blahblah3.tmp has been deleted

And so on...

I thought of it as a great security program, you can see what it is happening with your system, if you for example are infected by a trojan or a keylogger that arent in the antivirus signature database, you couldn't easier track them up.

Hope you get what I mean :)

  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

I had an idea to make a program that tracks for example:

File blahblah.tmp has been created

File blahblah2.tmp has been modified by program.exe

File blahblah3.tmp has been deleted

And so on...

I thought of it as a great security program, you can see what it is happening with your system, if you for example are infected by a trojan or a keylogger that arent in the antivirus signature database, you couldn't easier track them up.

Hope you get what I mean :)

And msdn2 offered no information on kernel32?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

LinuZ Wayfarer

LinuZ

Posted
  • Author
Posted (edited)

It provides 6423 "topics" on it, but I wonder if you know which function? And if I now find the function, how can I use it?

Edited by LinuZ
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

It provides 6423 "topics" on it, but I wonder if you know which function? And if I now find the function, how can I use it?

I'd suggest reading through a few of them to get an idea, you don't have to read all 6423 topics, you just have to read one or two to see how to do it.

No, I won't write it for you if that's what you are asking... I think it's best to get your hands dirty, then if you get stuck, to post what you had done to that point.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...