Still working on the "Real Time Tracer".

But now working on a super Win32 process hooking/tap/detour system unlike anything (publicly) available.

I've been doing a lot of things manually, making little assembly subs manually, directly patching code, etc.
Mainly because public/commercial hooking systems like: MS Detours, madCodeHook, ApiHooks just can't do these things.

They might be good at redirecting API's, but next to nothing in the areas of code patching/bypass/taping, etc.
They don't give you the return addresses, 'THIS' pointers, don't facilitate calling conventions like "fast call", Delphi, code, etc.

But my system does all these things generically, plus adds efficiently hooking/bypass/tap methods a lot of people don't even know exist.

Coming soon.. :-)





https://www.openrce.org/blog/view/924/Comming_soon!__Uber_process_hooking/detour_system!

Another one of my good idea, vaporware projects.
I actually put in over a month into this and pretty far into the project.
But I got a bit cold feet on releasing it since I got afraid of people using
HWBP hooks and so on for malware.
Not that anyone can't write their own of course..

That's a shame, I really don't think we should be afraid of such things, or we couldn't discuss anything here to begin with.

Like you say, anyone else could do it anyway, and put it in a malware, but with the only difference that much fewer of the good guys will then have seen it and read about it before, and thus be able to defend against it.

I hope you reconsider one day, it sounded like a really cool and useful tool.

And without a "warning," such as yours, they might not think to check this possibility!



Regards,