WinAppDbg helper script to catch API calls
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.txt
pymon_data.py
pymon_helper.py
pymon_hooked_funcs.py
spooky-hook.py

README.txt

SpookyHook
-------------

Spooky-hook.py is an API call hooking tool based on WinAppDbg for the Windows
platform. It is derived from a script written by Michael Ligh published in the
Malware Analyst's Cookbook [1]


[1] https://code.google.com/p/malwarecookbook/source/browse/trunk/11/12/pymon.py

Catching data
-------------

I had some trouble to get the data from an API call and it required several
tries to get it working. Thus, the script is a mess. However, the hooked
send() API call serves as an example, but please note that this still requires
a cleanup.

Status
-------------

The script is not finished, yet, but might serve as a template for API hooking tests.

License
-------------

Since the original script is published aunder the GNU General Publi
License >= Version 3, this script is it, too.