Journals

CodeBreakers Journal
Assembly Programming Journal

Journal Issues

Vol.1, No.1, 2007
Issue 9 (1998-2001)
Issue 8 (1998-2001)
Issue 7 (1998-2001)
Issue 6 (1998-2001)
Issue 5 (1998-2001)
Issue 4 (1998-2001)
Issue 3 (1998-2001)
Issue 2 (1998-2001)
Issue 1 (1998-2001)

Statistics

Members: 1925
News: 293
Web Links: 1
Visitors: 3811363

Who's Online

We have 2 guests online
Damn Vulnerable LinuxDamn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

T16-Recon2006-Joe_Stewart-OllyBonE.gif OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!
Home arrow About/Disclaimer
GetDriveType API Hooker (GUI)
User Rating: / 4
PoorBest 
Written by BoR0   


Well, as you can see a simple API Hooker with nice GUI. I was too lazy to comment all the code, but I left enough spaces for it to be readable for you guys. IMHO you will understand it easily since it's all APIs, no unusual algos or whatever. You can find all source files here. 
.386
.model flat, stdcall
option casemap :none
include masm32includewindows.inc
include masm32includekernel32.inc
include masm32includeuser32.inc
includelib masm32libuser32.lib
includelib masm32libkernel32.lib
WndProc    PROTO :HWND,:UINT,:WPARAM,:LPARAM
.data
theProgram    db "CDDISABLE", 0
appName       db "GetDriveType() hooker by BoR0", 0
thekernel     db "kernel32.dll", 0
getdrivetype  db "GetDriveTypeW", 0
tempbuffer    db 512 dup(0)
myprefix      db "0x%8X", 0
msg_1         db "The drive type cannot be determined.", 0
msg_2         db "The root directory does not exist.",0
msg_3         db "The drive can be removed from the drive.",0
msg_4         db "The disk cannot be removed from the drive.",0
msg_5         db "The drive is a remote (network) drive.",0
msg_6         db "The drive is a CD-ROM drive.",0
msg_7         db "The drive is a RAM disk.",0
err_1         db "Make sure you select an option first.", 0
err_2         db "Unable to create process. Make sure you", 13, 10,
"have access rights or check if the file exists.", 0
err_3         db "WriteProcessMemory failed due to unknown reason.",13,10,
"Terminating process...",0
soon          db "This feature soon to come, I was too lazy to code it ;-)", 0
succ          db "Successfully hooked GetDriveType() :-)", 0
toWriteresult db 0B8h, 10, 3 dup(0) ;MOV EAX, RESULTVALUE
db 0C2h, 4, 0 ; RET 4
Startup STARTUPINFO <>
processinfo PROCESS_INFORMATION <>
.data?
hInstance     dd ?
bytwrit       dd ?
sleepvar      dd ?
.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, ADDR theProgram, 0, ADDR WndProc, 0
WndProc proc hWin:DWORD, uMsg:DWORD, wParam:DWORD, lParam:DWORD
.if uMsg == WM_INITDIALOG
invoke LoadIcon, hInstance, 500
invoke PostMessage, hWin, WM_SETICON, ICON_BIG, eax
invoke LoadLibrary, ADDR thekernel
push eax
invoke wsprintf, ADDR tempbuffer, ADDR myprefix, eax
invoke SetDlgItemText, hWin, 11, ADDR tempbuffer
pop eax
invoke GetProcAddress, eax, ADDR getdrivetype
mov dword ptr [getdrivetype], eax ;first 4 bytes of getdrivetype will now contain the address of kernel32.getdrivetypew
invoke wsprintf, ADDR tempbuffer, ADDR myprefix, eax
invoke SetDlgItemText, hWin, 12, ADDR tempbuffer
invoke SetWindowText, hWin, ADDR appName
.elseif uMsg == WM_CLOSE
invoke ExitProcess, 0
.elseif wParam == 14
invoke MessageBox,hWin,ADDR soon,ADDR appName,MB_ICONERROR
.elseif wParam == 100
cmp byte ptr [toWriteresult+1], 10
jne @F
invoke MessageBox,hWin,ADDR err_1,ADDR appName,MB_ICONERROR
ret
@@:
invoke GetDlgItemText, hWin, 13, ADDR tempbuffer, 511
test eax, eax
jne @F
invoke MessageBox,hWin,ADDR err_2,ADDR appName,MB_ICONERROR
ret
@@:
invoke GetDlgItemInt, hWin, 15, 0, 0
mov sleepvar, eax
invoke CreateProcess, ADDR tempbuffer, 0, 0, 0, 0, 0, 0, 0, ADDR Startup, ADDR processinfo
test eax, eax
jne @F
invoke MessageBox,hWin,ADDR err_2,ADDR appName,MB_ICONERROR
ret
@@:
push eax
invoke Sleep,sleepvar
invoke WriteProcessMemory,processinfo.hProcess,dword ptr getdrivetype,ADDR toWriteresult,8,bytwrit
test eax, eax
jne @F
invoke TerminateProcess,processinfo.hProcess,0
invoke MessageBox,hWin,ADDR err_3,ADDR appName,MB_ICONERROR
@foo:
pop eax
invoke CloseHandle, eax
ret
@@:
invoke MessageBox,hWin,ADDR succ,ADDR appName,MB_ICONINFORMATION
jmp @foo
.elseif wParam == 200
invoke SetDlgItemText, hWin, 10, ADDR msg_1
mov byte ptr [toWriteresult+1], 0
.elseif wParam == 201
invoke SetDlgItemText, hWin, 10, ADDR msg_2
mov byte ptr [toWriteresult+1], 1
.elseif wParam == 202
invoke SetDlgItemText, hWin, 10, ADDR msg_3
mov byte ptr [toWriteresult+1], 2
.elseif wParam == 203
invoke SetDlgItemText, hWin, 10, ADDR msg_4
mov byte ptr [toWriteresult+1], 3
.elseif wParam == 204
invoke SetDlgItemText, hWin, 10, ADDR msg_5
mov byte ptr [toWriteresult+1], 4
.elseif wParam == 205
invoke SetDlgItemText, hWin, 10, ADDR msg_6
mov byte ptr [toWriteresult+1], 5
.elseif wParam == 206
invoke SetDlgItemText, hWin, 10, ADDR msg_7
mov byte ptr [toWriteresult+1], 6
.else
mov eax, FALSE
ret
.endif
mov eax, TRUE
ret
WndProc endp
end start