NtOpenProcess Hook (ASM + VB.NET)

1.00/5 (1 vote)

See more:

So I hook NtOpenProcess from VB.NET with this instruction:

C++

MOV EAX, C0000022
RETN 8

Injected with WriteProcessMemory written in hex:

Dim HookCode() As Byte = {&HB8, &H22, &H0, &H0, &HC0, &HC2, &H8, &H0}

But that will make NtOpenProcess return access denied when trying to get a handle on ANY process, I want it to only return access denied when parsing my own ProcessID ?

What HookCode do I need?

Posted 9-Oct-14 10:56am

Member 11142020

Updated 9-Oct-14 12:30pm

Add a Solution

Comments

Sergey Alexandrovich Kryukov 9-Oct-14 18:08pm

How is that related to .NET? A compiled .NET assembly uses JIT, it does not contain any native code, only IL code.
You did not show any .NET code anyway, and no code which would do anything. Not clear what did you try to do.
—SA

Member 11142020 9-Oct-14 18:18pm

That is why it says ASM + VB.NET
I'm hooking from a .NET application the ntdll's ntopenprocess function of a foreign process, pretty obvious

Sergey Alexandrovich Kryukov 9-Oct-14 18:38pm

Yes, but as you have problems with that, you need to show how you do it. Also pretty obvious.
—SA

Member 11142020 9-Oct-14 19:22pm

I already told how I do it, by using WriteProcessMemory.
There's nothing wrong with how I do it, it works fine.
I just want a hookcode which does something different.

Get function address to NtOpenProcess, overwrite with jmp to my allocated memory where I have my hookcode stored.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Last 24hrs

This month

Pete O'Hanlon	115
OriginalGriff	85
Dave Kreskowiak	75
Andre Oosthuizen	45
Graeme_Grant	35

Pete O'Hanlon	1,790
OriginalGriff	1,315
Graeme_Grant	810
Richard Deeming	743
Dave Kreskowiak	634

NtOpenProcess Hook (ASM + VB.NET)

Add your solution here

Preview 0

NtOpenProcess Hook (ASM + VB.NET)

Add your solution here

Preview 0

Existing Members

...or Join us