Hi. New papers:.-Keylogging Using SetWindowsHookEx.-Hiding Loaded Drivers with DKOM.-Hiding Processes with DKOM .-Simple Mutation Engine / Win32 C API.-54,758 new malware samples (not uploaded yet). Papers are here:

In c++'s SetWindowsHookEx function #winapi #cpp

New Keylogger using win32 SetWindowsHookEx fn:. Code:

Another bug in lowlevel hooks [SetWindowsHookEx(WH_KEYBOARD_LL / WH_MOUSE_LL)]. Such hooks are handled via sending WM_HOOKMSG (0x314) to hooker thread [xxxCallHook2->xxxInterSendMsgEx], w/ timeout from HKCU (def 300ms). MSDN states hook removed if it times out. Not quite true.

As stated by Microsoft SetWindowsHookEx can be used to inject a DLL into another process. SetWindowsHookEx can be used to inject a DLL inside a remote process without any call to WriteProcessMemory, VirtualAllocEx or CreateRemoteThread. #redteam.❤

1\ #MalwareAnalysis: Window APIs typically called by keylogging malware:. Pulling data from clipboards:.> OpenClipboard.> GetClipboardData. Storing keystrokes:.> GetKeyState (check if key is pressed). >GetAsyncState. > GetKeynameText. Installing the hook: .> SetWindowsHookEx

hMouseHook = SetWindowsHookEx( WH_MOUSE_LL. -y lo dejé sin mouse?

My Maldev works and practices 2024 Final: . UAC Bypass cmstp: Win[10/11]: Lsass dump: Process Herpaderping: Keylogger using SetWindowsHookEx: ShellExec using CertEnumSystemStore

Window-Hijack . Exploring the Ingenious Utilization of Overwolf's Overlay Framework While Preserving its Native Window Flags. Employing SetWindowsHookEx for Acquiring Keyboard and Mouse Inputs. #infosec #pentesting #redteam

AV-TEST 2023年10月発表 標的型攻撃防御定期試験でPC MaticはTOPスコア獲得. 今回AV-TESTは、InlineExecute-Assembly、SetWindowsHookEx DLL Injection、Mavinject LOLBin、Binary Paddingといった最近流行するずる賢い攻撃方法の試験を行いました。.

AVG AntiVirus doesn't hook that many APIs. This doesn't make me feel safe 🤮. -Hooks functions invocations via SetWindowsHookEx (No App_Init presence), loads aswhook.dll .-Flags #PEsieve as malware 😭.-List of *some hooked APIs: 🤔

Here is my implementation of DLL injection by using SetWindowsHookEx in C#. Since Global Hooks are not supported in .NET (according to MS), you may find the implementation interesting. Inspiration taken from snoopwpf project. Src:

SetWindowsHookEx Leaks A Kernel Pointer – CVE-2019-1469

この方法なら引き続きversion.dllでも良かったと思うけど理由があるのだろうか❓. とりあえず、DLLリダイレクトは通じない模様なのでSystem32のdll書き換えちゃいましたという安直な方法. これならCallNextHookExやSetWindowsHookExを駆使した方がSystem32汚さなくて良くない？

作った方のブログに概要が載ってた. “SetWindowsHookEx で WH_MOUSE_LL を指定してマウスの低レベルメッセージをフックする”. “イベント発生ごとにタイムスタンプを取得して、差分を取って基準値以下だったら return TRUE”.

Win32 C/C++ - Modal 메시지 루프 내에서 SetWindowsHookEx를 이용한 Thread 메시지 처리 방법.; #oldnewthing.

My Maldev works and practices 2024 Final: . UAC Bypass cmstp: Win[10/11]: . Lsass dump: . Process Herpaderping: . Keylogger using SetWindowsHookEx:

publishしたexeからの実行だとSetWindowsHookExがエラー126を返す現象に悩んでたんだけど引数のhmodをしたらちゃんと動くようになった.

専用ソフトでオフにすれば良いだけ。マウスの編集、開く、削除も制限出来る。.↓.SetWindowsHookEx関数を使ってキーボードの入力イベ….

う～ん、人のプログラムにSetWindowsHookExで入り込むより、自分でDirectInput叩く方が楽だな。.