I am trying to develop a WebSite Filter,through Code Injection technique.
Whenever somebody tries to enter "www.xxxx.com",then using GetHostByName API
Hooking log the Site Address and Access Time in a Log File.
Also,one can keep some Website addresses for Blocking.So that whenever these site name is entered,it
must not function and a MessageBox should Result.

ie:I must go through the Blocked addresses(In a File) and compare it with the entered site address and
if it's Ok then a MsgBox saying "You have no Right to enter here". then Exit

I am able to get the entered Site address in a variable.
But, as i am working in the Injected code, lot of errors aridsing.
The problem is how could i call another procedure from within an INJ.CODE
code goes just like,


Inj_Code: ;new gethostbyname...

pushfd ;preserve regs and flags...
pushad

call get_delta_1
get_delta_1:
pop ebp
sub ebp,offset get_delta_1 ;ebp = delta offset

; ------------------- Log the call to API here -------------------------------
----------------------------------------------------------------------
---------Code for Opening the Log file is here------------------
-----------------------------------------------------------------------

; push ecx -------------\
; pushfd ---------------\ |
; pushad -------\ | |
; | | |
lea ebx,[ esp + sizeof PUSHA_STRUCT + 4 + 4 + 4 ];ebx -> ;argument of API
mov ebx,[ ebx ] ;ebx = 1st argument: website name

push ebx ;save pointer to site name first...


Here i want to compare this value in 'ebx' with site names contained in another file.
There..the site names were previously enterd as follows


[url]www.sex.com[/url]
[url]www.fu**.com[/url]
[url]www.sc**t.com[/url]


Please give a suggestion how to do that in Injected Code.
Posted on 2004-01-25 13:18:47 by zakham
Hi, zakham :)

My 0.02:

I don't usually work with code injection, actually the only technique I know is through a hook library (the only documented way I know of). In that case things are much simpler, since code doesn't have to be relocatable -but installing global hooks is a priviledged operation on NT and 2K. Since it's a legit application you might want to support this technique as well... and use another one if for some reason you can't have a global hook.
Posted on 2004-01-25 15:26:36 by QvasiModo
I have tested injection and posted a demo on the board in this thread.

Hope it can be of guidance.
Posted on 2004-01-25 16:43:35 by minor28