David Goulet <dgou...@ev0ke.net> writes:
> On *nix system we LD_PRELOAD the program thus hijacking the necessary
> symbols to make sure all your TCP and DNS traffic goes through Tor. On
> Windows, I'm a bit clueless on how to proceed but for that I'm really
> looking for contributors to help. :)
I'd hotpatch all Winsock functions. Patch the prologue; do not patch
the IAT - this is not enough!
https://easyhook.codeplex.com/
https://research.microsoft.com/en-us/projects/detours/
Detours are pretty much the easiest and most applicable means to achieve
traffic redirection in user mode. Unfortunately a hostile application
can easily defeat ordinary detours by bypassing Winsocks or loading its
own copy of the Winsocks dll.
Filter drivers, anyone?
Christopher
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
