API Hooking - wrong approach

Discussion in 'Game Development (Technical)' started by Indiepath, May 15, 2006.

  1. Indiepath

    Indiepath New Member

    Joined:
    Aug 22, 2004
    Messages:
    999
    Likes Received:
    0
    I know this is not strictly to do with games but it is related.

    I've been experimenting with a Sandbox system, it works great by hooking the windows API and intercepting NtWriteFile requests for the Sandboxed app.

    Now I would like to implement this as a function of igLoader but I'm also aware that API hooking widely used by spyware type apps. So you think this would bring a tonne of crap and should I just forget this idea alltogether?

    THanks

    Tim.
     
  2. illume

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    206
    Likes Received:
    0
    Will your code affect other programs?

    Ie, are you modifying system libraries? If you are modifying them, I wouldn't because it'd be hard to make sure your changes work, and then keep working each time the system libraries need to be updated.
     
  3. Indiepath

    Indiepath New Member

    Joined:
    Aug 22, 2004
    Messages:
    999
    Likes Received:
    0
    What happens is a small library is injected into the process I wish to monitor, it will not affect the operation of any other applications running or installed. The system Libs are not changed the functions are simply intercepted. The only process I will be monitoring is the one launched by igLoader. I will be denying access to the WriteFile, DeleteFile, CreateFile, CreateProcess and registry writing functions.
     
  4. Greg Squire

    Original Member

    Joined:
    Aug 5, 2004
    Messages:
    848
    Likes Received:
    0
    I think what you are trying to do is admirable. You are creating a sandbox for the game or other program that is launched, thus protecting the user's system if igLoader was used to launch a trojan or other spyware app. I think that's a good idea because if igLoader was used to launch something malicious (even though you had nothing to do with it) it would taint your reputation. Worse, it could taint other's using igLoader as well, and could eventually lead to "igLoader" (and anything using it) being branded as spyware. So I think that's something that is definately needed.

    On the flip side, I'm not sure if anti-spyware programs can detect if a program is using API-hooking? If so, then they might detect igLoader as spyware (when in fact, it's trying to do just the exact opposite). If that's the case then you might be in a "catch-22". However I still think it would be safer to try and do the right thing by creating a safe sandbox for the launched app to run in. That would be in everyone's best interest in my mind.
     
  5. Indiepath

    Indiepath New Member

    Joined:
    Aug 22, 2004
    Messages:
    999
    Likes Received:
    0
    The feedback I'm getting from several sources suggests I should go down the sandbox route. I'm quite sure as long as I document the reason for implementing the sandbox technology I should avoid any future issues.

    For those who have already licensed igLoader and need filesys write functionality we will have a white listing process. A white listed app will have full system access.
     
  6. Larry Hastings

    Original Member

    Joined:
    Jul 27, 2004
    Messages:
    213
    Likes Received:
    0
    Just a thought

    You better intercept GetProcAddr or else people can just sidestep you.
     

Share This Page

  • About Indie Gamer

    When the original Dexterity Forums closed in 2004, Indie Gamer was born and a diverse community has grown out of a passion for creating great games. Here you will find over 10 years of in-depth discussion on game design, the business of game development, and marketing/sales. Indie Gamer also provides a friendly place to meet up with other Developers, Artists, Composers and Writers.
  • Buy us a beer!

    Indie Gamer is delicately held together by a single poor bastard who thankfully gets help from various community volunteers. If you frequent this site or have found value in something you've learned here, help keep the site running by donating a few dollars (for beer of course)!

    Sure, I'll Buy You a Beer