Sign in to follow this  
Followers 0
LinuZ

Reading file creation in kernel32.dll

9 posts in this topic

#1 ·  Posted (edited)

I saw a video on youtube.com about the hacking of the internet site bankofindia.com, and in the video the "producer" that filmed it had a sniffer program, that sniffed file creation and deletion and so on... Hope you get what I mean.

How to control the DLL file "kernel.dll" to read what files that is being created?

Edited by LinuZ

Share this post


Link to post
Share on other sites



If i understand you right then... i think is impossible to read an active state of any dll file or to scan what it is doing. The only way i think is to do a list of all files on a serwer and check for any changes. In the example board you goth few script almost done for doing that.


Share this post


Link to post
Share on other sites

No it is not really this I mean. I just searched some on wikipedia and I read that the DLL file "kernel.dll", is the one used to make files, and therefore I could be possible to read what it makes...

Anyone know how to use functions with the "kernel.dll" file?

Share this post


Link to post
Share on other sites

What do you need it for?


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

I had an idea to make a program that tracks for example:

File blahblah.tmp has been created

File blahblah2.tmp has been modified by program.exe

File blahblah3.tmp has been deleted

And so on...

I thought of it as a great security program, you can see what it is happening with your system, if you for example are infected by a trojan or a keylogger that arent in the antivirus signature database, you couldn't easier track them up.

Hope you get what I mean :)

Share this post


Link to post
Share on other sites

I had an idea to make a program that tracks for example:

File blahblah.tmp has been created

File blahblah2.tmp has been modified by program.exe

File blahblah3.tmp has been deleted

And so on...

I thought of it as a great security program, you can see what it is happening with your system, if you for example are infected by a trojan or a keylogger that arent in the antivirus signature database, you couldn't easier track them up.

Hope you get what I mean :)

And msdn2 offered no information on kernel32?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

It provides 6423 "topics" on it, but I wonder if you know which function? And if I now find the function, how can I use it?

Edited by LinuZ

Share this post


Link to post
Share on other sites

It provides 6423 "topics" on it, but I wonder if you know which function? And if I now find the function, how can I use it?

I'd suggest reading through a few of them to get an idea, you don't have to read all 6423 topics, you just have to read one or two to see how to do it.

No, I won't write it for you if that's what you are asking... I think it's best to get your hands dirty, then if you get stuck, to post what you had done to that point.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Oki :/

I see many weeks trying to figure out what all of it means xD

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0