VTBL is an IDA script which identifies all the virtual tables found in any module of a native process. The virtual tables can be related to a COM or a C++ class. Unlike other tools, ours does not depend on a specific compiler to obtain a virtual table. This makes it an essential tool for […]
In Spy Studio: Solving an Issue on IE6 we troubleshot an issue that happens while virtualizing an Internet Explorer 6 (IE6) layer for Japanese using Symantec Workspace Virtualization. IE6 worked when IE8 was installed as the base operating system but not when the base was IE9. In the following screenshot we show how Spy Studio’s trace […]
The Deviare Interception Engine includes a feature that allows developers to add plugins to hooks. When a hooked API is called, it will raise the OnFunctionCalled method of all attached plugins to allow the reading and writing of parameters, and passing custom parameters to the INktSpyMgr object. Since the method is called in the context […]
More Binary Instrumentation Alternatives Deviare now has custom hooks to improve hooking performance. With custom hooks, two “OnFunctionCall” events are triggered: one in the SpyMgr process, and the other within the agent. The custom hook can send data, or custom parameters. to the SpyMgr process. The custom Deviare modules running in the agent have access […]
One of the top uses of our Windows Live Mail API is integrating a vendor antivirus to the Windows Live Mail desktop client. For example, Trend Micro’s Titanium Security Solutions uses it to integrate with Windows Live Mail and recognize viruses. The C# code sample below uses the nClam library to interface with an open […]
The VBScript script below shows how to intercept Win32 registry APIs such as RegOpenKey and RegQueryValue using the Deviare Interception Engine. Windows Internals’ Process Monitor, the tool most often used to monitor registry operations, cannot be customized. There is a large VBScript community that will benefit from adding intercepting options to scripts. Registry interception can […]
Controlling Playback Speed Our Deviare Hooking Engine can be used to speed up or slow down a video during playback using the code available here (github repository). This code is pretty small and clearly shows how Deviare handles the complexities of API hooking. Although this sample code deals only with video it is also possible to […]
Hooking spoolsv.exe Printers in an organization are an easy target for abuse. Developing an application to log printer activity requires expertise in Microsoft Windows internals. The simple code below allows you to quickly use our Deviare Interception Engine to log printer activity. The application runs on the computer the printer is connected to and logs […]
Download Deviare Download Sourcecode Download PDF Contents Introduction Research Direct Sound Capturing Monitoring Skype Conversations Implementation Deviare Python Wrappers Wave Tools COM Type Libraries Virtual Table Finder Hooking Direct Sound Running Sound Capture Easy Steps Registration What’s next Optimizations Wave API Hooking Hook DirectSoundCapture And Listen To Full Conversations Inspect More COM Interfaces Introduction Today […]
Download messagespy_demo.zip – 250 KB Download messagespy_src.zip – 249 KB Contents Introduction So, what’s the good news? Deviare Message Spy Finding a Window: The Spy++ Style Window Finder Hooking The XML The Cast Using Deviare Message Spy Requirements Known Issues Resources Introduction This article presents you with a different perspective of how to inspect window […]