c++ Inject dll to cmd.exe monitoring commands
Question
I try to inject a dll to cmd.exe which will hook the input commands and save them to file. i managed to do the injection and get some of the info i want using hook on WH_KEYBOARD.
how can i hook the input of cmd.exe process by other way rather then hook keyboard event?
1 answers
solution1
2 2016-06-25 09:18:04
You can look through the WinAPI calls cmd.exe makes and find one that takes the command string as argument and hook it, eg with Microsoft Detours . You could also hook cmd.exe 's internal functions but this is less portable.
I loaded the cmd.exe I have on my Windows system (Windows 10 v1511 x86_64) into x64dbg and there are two calls to ReadConsoleW . The first one:
Address=00007FF6331A29CC
Disassembly=call qword ptr ds:[<&ReadConsoleW>]
Destination=cmd.&ReadConsoleW
is called after processing every command entered via the console.
Per x64 fastcall convention , its second argument (The buffer) is pointed to by rdx . While it's formally an output parameter, prior to calling the function it points to a CRLF terminated copy of the entered command.
You can either hook that call or trace back from there and find a more suitable place to hook.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.