Lets get a Breakpoint set before the call so we can alter the data that is being passed to the function. We can set it before, after, and during and error or exception. Lets see if it works!ĪPI Monitor has this handy thing where we can set breakpoints and interrupt the data that is being passed to the call. Looking as this window shows us that the variables IpApplicationName, IpCommandLine, and IpCurrentDirectory will the be strings we can alter to change what launches. This window, gives us parameters of the function as well as the data types, and strings attached to it. Now lets look at the call we got a bit more closely. Change the API Filter to a narrowed down filter so we can get a more specific look at data calls. Look at that! It looks like CreateProcessW from the Kernel32.dll gives the string locations of where Steam launches the executable from. Since I'm going to be changing what Steam launches when it launches a game, I'll be working the System Services, Processes and Threads, Process, since it will mostlikely be able to find useful information. The first thing you must do is select a call you want and work down what you can exploit. For this example, Im going to target Steam and change the data of the call when it launches a game. To exploit an application using API Monitor, first a target process must be decided and what call you want monitored.
MCPIXEL DEMO HOW TO
(A walk through of how to set all of this up will be shown in the process of use.) Exploitation To set up the capturing of a packet it's as easy as selecting what API Filters you want enabled, which process or processes you want monitored, and seeing the resulting captures in summary when that call is issued. The 8 windows shown above are API Filter, Running Processes, Monitored Processes, Summary, Parameters, Call Stack, Hex Buffer, and Output. Once installed, API monitor may seem a bit cluttered at first which it's 8 windows open, but once you start using it, it gets much easier to navigate. However, API Monitor can also be used for much more too. API Monitor works by using monitoring Dll calls from a monitored process and showing the data caught from the call.
MCPIXEL DEMO 32 BIT
This is useful since programs can only be monitored based on bits, so a 32 bit program can only be monitored with Api Monitor x86.
MCPIXEL DEMO INSTALL
I would recommend downloading the portable version as it doesn't require an install and includes the x86 and 圆4 programs of Api Monitor. Its a powerful tool for seeing how applications and services work or for tracking down problems that you have in your own applications.įor this example, I will be using API Monitor to figureout what data is being passed when a program launches another program, and I will be using Frida to automatically change the program that will launch. API Monitor is a free software that lets you monitor and control API calls made by applications and services.
0 kommentar(er)
