malware analysis and research


Preface and Introduction

Using this website as a means to document my learning experience and perhaps share insights which may be helpful for other enthusiasts. For now, I am primarily interested in learning more about the Windows internals and the topic of malware analysis, specifically Windows malware.

WinAPI hooking and DLL injection

Recently, I've been researching ways which I can intercept Windows API calls- Googling for a bit. I encountered some helpful information which pointed me to a library created by Microsoft called Detours. Initially, I did not want to program my application using the Virtual Studio IDE. After attempting to install code from GitHub repositories and wrestling with some of the configurations I had made, I eventually gave in. I think what really convinced me to transition to Virtual Studio was the ease at which VS users could create DLL files. A lot of repositories seem to use vcpkg, so I will simply go with what's is more convenient here.

I am currently in the process of attempting to intercept API calls used to create files on Windows. I am using the library MinHook which is written in C and can be easily installed in Visual Studio. MinHook functions will be used within my DLL library which I have setup to be injected into a process. These functions will attempt to intercept the existing functions aka hooking them.

Will upload results and code later. Wonder if there's a GitHub module on here.