Reverse Engineer – Page 2 – Nektra Blog – Software Development Company

Capturing Unencrypted HTTPS Requests and Responses (As Seen at BlackHat Arsenal)

Today Manuel Fernandez is presenting HookME at Black Hat USA Arsenal 2013. HookME is software designed for intercepting communications which uses the Nektra Deviare Engine for binary instrumentation. HookME can intercept unencrypted HTTPS web traffic. Many different proxy servers are used to intercept HTTP traffic. Fiddler is the most popular one for generic purposes. Burp Proxy is the leader for security testing. […]

Instrumenting Direct3D Applications to Capture Video and Calculate FPS

What is your computer’s maximum render quality, resolution, and frames per second for Battlefield 3? Hard core gamers are eager to show off their expensive, tuned setup at its full potential. Overclocked processors and computers cooled with liquid hydrogen are lovely parts of the gaming folklore. The source code below instruments Direct3D 9 applications to […]

SQL Server Interception and SQL Injection Attack Prevention

Note: we updated the code on August 23, 2013. The new code includes an “abort” feature, discussed in the article Instrumenting Microsoft SQL Server to Abort Dangerous Queries. Our Deviare hooking engine can be used to hook into Microsoft SQL Server 2012 RTM (11.00.2100.60) and 2014 CTP1 queries at the application level. Tools like WireShark use a […]

How to Identify Virtual Table Functions with the VTBL IDA Pro Plugin

VTBL is an IDA script which identifies all the virtual tables found in any module of a native process. The virtual tables can be related to a COM or a C++ class. Unlike other tools, ours does not depend on a specific compiler to obtain a virtual table. This makes it an essential tool for […]

Injecting a DLL in a Modern UI Metro Application

Dll injection is one of the oldest techniques used to run custom code inside a target application in Windows. It is usually used to intercept and modify normal application behavior or add new functionality. Injecting a DLL in a target process is a relatively easy task: you simply create a remote thread that calls LoadLibrary […]

Windows API Hooking in Python with Deviare

The code below uses Python to intercept the CreateFile function on the kernel32.dll to forbid opening certain files. It hooks the CreateFile function for the notepad.exe application. The Python code is very small and to the point, and you can customize it for your own purposes. For example, it can be used to sandbox an […]

Instrumenting Binary Applications with VBScript and Deviare

The VBScript script below shows how to intercept Win32 registry APIs such as RegOpenKey and RegQueryValue using the Deviare Interception Engine. Windows Internals’ Process Monitor, the tool most often used to monitor registry operations, cannot be customized. There is a large VBScript community that will benefit from adding intercepting options to scripts. Registry interception can […]

Controlling the Speed of YouTube, Flash, HTML5, and Desktop Videos with Deviare Hooks

Controlling Playback Speed Our Deviare Hooking Engine can be used to speed up or slow down a video during playback using the code available here (github repository). This code is pretty small and clearly shows how Deviare handles the complexities of API hooking. Although this sample code deals only with video it is also possible to […]

Cloud Development: the dictatorship of the mainstream services’ APIs

You can reverse engineer binary applications but you cannot reverse engineer the cloud. When Google deprecates a web service, Facebook eliminates an API, or Twitter imposes tougher API restrictions, all dependant services fall like dominoes. The weakest link in the chain is the cloud services that you can’t run or port anywhere: we no longer […]

Monitoring Printer Activity

Hooking spoolsv.exe Printers in an organization are an easy target for abuse. Developing an application to log printer activity requires expertise in Microsoft Windows internals. The simple code below allows you to quickly use our Deviare Interception Engine to log printer activity. The application runs on the computer the printer is connected to and logs […]

Nektra Blog – Software Development Company

Custom Software Development, Application Virtualization, Windows Internals and Add-Ons

Category: Reverse Engineer