>through. Doing so to GDI32 would be perfect. Unfortunately, Microsoft
>appears to have pulled said article. I know that it was from some
Ouch... I found the listing. It's pretty hairy, and it is in VB code,
which is not the way I would want to do this, but that's life, I guess...
The extremely short version is that it reaches into a DLL and patches the
Import Address Table so that whenever something tries to link to a function
in that DLL, it links to a function of your choosing instead. For the nice
people at VNC, this could be used for making the super fast WinVNC server.
For the evil hordes of virus writers, this is just another giant gaping
hole in Windows to be exploited for fun and/or profit. I suspect this is
why Microsoft pulled the main article, although anybody who wanted to do it
for evil intent already knew it, I'm sure. Dunno if this technique is
available in all versions of Windows or not. I would *hope* that under NT
and 2000 you would be unable to do this sort of patching from usermode.
The WinVNC service might still be able to do it with Administrator
privileges, however.
Oh well, I pass the link on in hopes that the information will be properly
mirrored and held in storage for the day when Microsoft remembers to delete
all the sidebars to that article...
http://msdn.microsoft.com/library/periodic/period99/jclista.htm
http://msdn.microsoft.com/library/periodic/period99/jcside2.htm
http://msdn.microsoft.com/library/periodic/period99/jcside1.htm
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
