SQL Server Interception and SQL Injection Attack Prevention

Note: we updated the code on August 23, 2013. The new code includes an “abort” feature, discussed in the article Instrumenting Microsoft SQL Server to Abort Dangerous Queries. Our Deviare hooking engine can be used to hook into Microsoft SQL Server 2012 RTM (11.00.2100.60) and 2014 CTP1 queries at the application level. Tools like WireShark use a […]

Benchmarking IE6 Virtualization: VMware ThinApp vs. Symantec Workspace Virtualization

Introduction Our Application Packaging Services team wanted to measure the performance of different virtualization products. Below we use SpyStudio to compare ThinApp and Workspace Virtualization performance. Both Symantec and VMware highlight the use of application virtualization to run legacy web applications. There is a huge number of mission critical web applications that only run correctly on Internet […]

Improving Deviare Hooking Performance with Custom Hooks

More Binary Instrumentation Alternatives Deviare now has custom hooks to improve hooking performance. With custom hooks, two “OnFunctionCall” events are triggered: one in the SpyMgr process, and the other within the agent. The custom hook can send data, or custom parameters. to the SpyMgr process. The custom Deviare modules running in the agent have access […]

Automating Google’s Doodles: 4.9 Second Record on Hurdles

And now for something completely different. The AutoIt script below will make you run Google’s hurdles doodle faster than Usain Bolt: 4.9 seconds is our automation record. Can you improve it? Surely there is room for more records before the London 2012 Olympics end. We deal with AutoIt on a daily basis since we use […]

Windows Live Mail API Anti-Virus Example

One of the top uses of our Windows Live Mail API is integrating a vendor antivirus to the Windows Live Mail desktop client. For example, Trend Micro’s Titanium Security Solutions uses it to integrate with Windows Live Mail and recognize viruses. The C# code sample below uses the nClam library to interface with an open […]

Windows API Hooking in Python with Deviare

The code below uses Python to intercept the CreateFile function on the kernel32.dll to forbid opening certain files. It hooks the CreateFile function for the notepad.exe application. The Python code is very small and to the point, and you can customize it for your own purposes. For example, it can be used to sandbox an […]

Instrumenting Binary Applications with VBScript and Deviare

The VBScript script below shows how to intercept Win32 registry APIs such as RegOpenKey and RegQueryValue using the Deviare Interception Engine. Windows Internals’ Process Monitor, the tool most often used to monitor registry operations, cannot be customized. There is a large VBScript community that will benefit from adding intercepting options to scripts. Registry interception can […]