Click here to Skip to main content
11,639,554 members (59,736 online)
Click here to Skip to main content

Secure Windows API Access

, 29 Feb 2004 42.5K 539 17
Rate this:
Please Sign up or sign in to vote.
One way to provide secure Windows API access and usage.

Introduction

Have you ever wanted to have secure APIs access without using a single static linked API? This may seem like a daunting task for many, but I have tamed the wild beast! So first thing, this is aimed at advanced users. I will not be explaining everything in depth if you happen to be an advanced programmer, and if something went over your head, reply and I will try to clear it up for you.

Protection Development

When I began this task, I had no idea as to how I was going to do it. Without touching a single static linked import, this was troublesome. After looking around the net for some kernel stuff, I found a nice assembly gem which allowed the caller to lookup kernel32’s base address without any API usage whatsoever. This was indeed a break through for me. Now that I had this, I began to brainstorm on what this little should and should not have. I knew that address displace and pre-encrypted were a must for it to be truly (nothing is unable to be cracked, I admit this) secure. Security of the system was at the top of my list. I could have cared less about the other, so I wrote my security classes which would be the wrappers around import pointer's address, displacement, and strings. The displacement of addresses was no trouble at all, but when I looked at string, I was quite stumped for a time when trying to think of a way to remove XREFs and strings stored in data section of the given PE file. So I was disappointed by failure left and right, until I decided to try pre-encrypted string which basically appear as BYTE arrays. This worked on first, but I still had the biggest problem which I had tried: to avoid XREFs. So in trying to solve this problem, I looked back on my other code review what had worked so well for its displacement! After some testing and some more failure, I did it: made a great class using pre-encrypted that didn’t leave any XREFs. Only way they could be traced was registers and the stack which I knew could not be avoided. There were other classes made, they all use the same code: CDynamicCrc32, CDisplacementTable, and CCPolynomialTable.

Kernel and Windows System Module Development

After finishing the protection classes and fixing the code a bit up, I moved to this stage of my project. In this stage, I wanted to work on import table and PE format for reading and getting the data needed. I had to fully support every API provided by system DLLs. This made the task at hand harder because I have never had to handle forwarded imports. So after some trial and error, I got my BuildExportTable function working as I had wanted it to. I first had to build a single table without forwarder support, grab GetModuleHandle entry, clear the current table, and rebuild with forwarder support. Most of this was done in the CKernelModule class which mainly is just the Kernel32 address and all its exports. This class is used to provide a derived class CWinModule access to basic secure APIs needed to support other system DLLs. CWinModule is almost the same class as CKernelModule except that it gets a few kernel exports needed to load any system DLLs. After this loads, the selected system DLL builds it an export table. It also provides a GetProcAddress like function for callers just like CKernelModule. There really isn’t much else to explain or go into depth about.

API Class Development

When I started this class, I had no idea what to do as I wanted something that could wrap each API in class and protect its entry. I saw no easy or good path at first, then macros came to hand. I used macros to define the API objects, given the name, parameters, return type, and if it was a void or returning function. So, the macros create the class in CWindowsApi as private and the object as public, prefixing an ‘x’ to the beginning of the name so the compile doesn’t barf on us. These macros are great because the user only needs to basically know the function type definition. These are easy to get from using the scope (::) operator or MSDN. So the macros wrap everything and provide a nice operator ( ) for calling the function without accessing any member or using ‘.’ operator which is just great.

Closing

In the end, I like to say that I have enjoyed writing this code and the project over all. Also, I provided some new stuff with this update: protected string maker and CRC32 string project. Have fun. Comment on my work please, I want feedback!!! Smile | :) .

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

RetarT
United States United States
I am 19 years olds and live in ohio. I have been programming for about 2 years. A game mainly got me into programming, Half-life Counter-Strike being the game. I started out trying to write cheats/hacks for the game later learning that programming isn't just something you pick up and can do. So I stopped me cheating ways(for the time being) and took my time to learn C++ and asm. Which took about a year then I returned to creating hacks/cheats for Counter-Strike. This was fun for a time, but I later realized i had more talent. So I have moved once again to learning as much as I can. Which lead me to this lovely site Smile | :) .

You may also be interested in...

Comments and Discussions

 
GeneralNew Example Soon Pin
RetarT9-Jun-04 12:58
memberRetarT9-Jun-04 12:58 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web01 | 2.8.150731.1 | Last Updated 1 Mar 2004
Article Copyright 2004 by RetarT
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid