neology

How to hook the kernel?

31 posts in this topic

I'm working on my project to develop a tool that notify me the hidden activities in my computer such as copying file, moving file,renaming file,open file,close file and etc.. My friend told me that by hooking the kernel, we can get those information. Now, I'm looking for the script to hook the kernel. Somebody who know this, please help me..thank you in advanced..

Share this post


Link to post
Share on other sites



AutoIt can't access the kernel, try with Assembler or any other low-level language.

Share this post


Link to post
Share on other sites

I'm working on my project to develop a tool that notify me the hidden activities in my computer such as copying file, moving file,renaming file,open file,close file and etc.. My friend told me that by hooking the kernel, we can get those information. Now, I'm looking for the script to hook the kernel. Somebody who know this, please help me..thank you in advanced..

This might give you some insight: http://www.autoitscript.com/forum/index.php?showtopic=84936


Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites

Sorry to raise this topic again. But has anything changed since that time? I mean is it possible to hook kernel?

Share this post


Link to post
Share on other sites

This topic is 6 1/2 years old and all participants have been offline for quite some time now.
Do you really expect an answer?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Sure, I know :)

I think there should have changed anything about the topic

Share this post


Link to post
Share on other sites

Why do you want to hook the kernel?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I have some persistent malicious application installed on my pc- nothing can stop it and nothing can kill its processes

I tried processhacker though and it worked for  a while. Now the application has updated itself and even processhacker cant kill its process. The processclose() doesnt work at all!

I understand that the app is catching my comands via kernel and I thought if this app could have used kernel to hook my comands, why can't I do the same?

Share this post


Link to post
Share on other sites

AutoIt can't access the kernel, try with Assembler or any other low-level language.

​As Pain suggested.
Or reinstall your PC to get rid of the malicious app.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

Boot from a Jumpdrive image and clean the installation on your disk instead of trying to fix/fight it while it is running.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

you can modify it through registry, this "malicious app" :P

Edited by 232showtime

ill get to that... i still need to learn and understand a lot of codes graduated.gif

Correct answer, learn to walk before you take on that marathon.

Share this post


Link to post
Share on other sites

you can modify it through registry, this "malicious app" :P

​It is controlling the registry! Sends access denied

What is the malicious application?

​McAfee security center - but I never installed it by myself!

​As Pain suggested.Or reinstall your PC to get rid of the malicious app.

​I am thinking about solution which can help not only to me but, I want to make a "remedy" application which will serve to other people as well!

Boot from a Jumpdrive image and clean the installation on your disk instead of trying to fix/fight it while it is running.

Jos

​Sounds interesting. What do you think can I make it as series of apps run and then return to a normal boot, so that for the user it will be "one click soltuion"?

Share this post


Link to post
Share on other sites

I know there is AV called MacAfee but it is a malicious clone which is continuously asking for money:'(

Share this post


Link to post
Share on other sites

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

McAfee real will continue to ask you for money because it is not free.

Also, you cannot uninstall security software if you did not install it, that is the nature of security software.

​I think we are all here to solve such types of questions, otherwise it is easier to say "We are helpless" ? Please correct me if I am wrong

​Great thanx, will check it out

Share this post


Link to post
Share on other sites

think we are all here to solve such types of questions, otherwise it is easier to say "We are helpless" ? Please correct me if I am wrong

No, we are here to solve AutoIt related questions ;) (at least in this forum).


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

:ILA2:

Share this post


Link to post
Share on other sites

​It is controlling the registry! Sends access denied

​are you unable to access the registry??? because of this malicious app?


ill get to that... i still need to learn and understand a lot of codes graduated.gif

Correct answer, learn to walk before you take on that marathon.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now