David Goulet <dgou...@ev0ke.net> writes: > On *nix system we LD_PRELOAD the program thus hijacking the necessary > symbols to make sure all your TCP and DNS traffic goes through Tor. On > Windows, I'm a bit clueless on how to proceed but for that I'm really > looking for contributors to help. :)
I'd hotpatch all Winsock functions. Patch the prologue; do not patch the IAT - this is not enough! https://easyhook.codeplex.com/ https://research.microsoft.com/en-us/projects/detours/ Detours are pretty much the easiest and most applicable means to achieve traffic redirection in user mode. Unfortunately a hostile application can easily defeat ordinary detours by bypassing Winsocks or loading its own copy of the Winsocks dll. Filter drivers, anyone? Christopher _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk