Hi everybody,

I want to introduce to you a new API Monitor (freeware for non-commercial use) that is written entirely in win32asm. Visit our page to download and test it. I hope you will like it.

KaKeeware
http://www.kakeeware.com
Posted on 2004-12-15 19:18:09 by kakeeware
kakeeware:

thanks you provide the tool.

Kam is a refinement and perfection tool.
kb_ie.exe is only 3k, but running as iexplore.exe(91k) fine.


regards.
Posted on 2004-12-16 05:00:02 by dcskm4200
Considering the UPX license at http://upx.sourceforge.net/upx-license.html and the fact that I cannot use "upx -d" to uncompress kam.exe, you are violating the UPX license. If you further read the UPX license, this effectively makes your program GPL. So either release the source, stop making the exe uncompressable, or find another exe packer.
Posted on 2004-12-16 09:53:54 by f0dder
Hi,

yeah, you were right - I just didn't check it as I assumed UPX could handle it. Now it's fixed. Thx for pointing it out!

KaKeeware
http://www.kakeeware.com
Posted on 2004-12-16 14:46:23 by kakeeware
No problem. Better having me mention it, rather than some insane GPL zealot...
Posted on 2004-12-16 14:50:52 by f0dder
F0dder.. buttom line.. who cares.. upx.. uncompressed or not...
big deal.. u can't uncompress the file.. wow end of the world..
than unpack it manually with a debugger.. 8)

geesh ppl making mountain from nothing.. go figure.. :roll:
Posted on 2004-12-16 14:58:53 by wizzra
Considering the UPX license at http://upx.sourceforge.net/upx-license.html and the fact that I cannot use "upx -d" to uncompress kam.exe, you are violating the UPX license. If you further read the UPX license, this effectively makes your program GPL. So either release the source, stop making the exe uncompressable, or find another exe packer.


Hypocritical to say:


GPL: as free as a police state
GNU: Generally Not Usable


then accuse others of violations, no?
Posted on 2004-12-17 20:47:39 by archphase
Would it be improper to alert my enemy of theft by a third?

Triangles can be played many ways:

1) Tell enemy to remove future suspicion

2) Blackmail third

3) Remain quiet to leverage 1 or 2 later

f0dder's choice seems a rather favorable one - commendable even! Additionally, it seems he wanted to take a look before running the program which is preferred practice among many.
Posted on 2004-12-17 21:40:14 by bitRAKE
The monitor seems to have problems: my program uses it to load a dll, but monitor doesn't show any references to it. Interestingly, apimon from http://www.rohitab.com/apimonitor/ has the same problem.

You can find the program here: http://ry.pl/~omega/asm/cpuid.zip (NASM source, includes are at http://ry.pl/~omega/asm/inc.zip).
Posted on 2004-12-18 05:26:16 by omega_red
archphase, no. It would be hypocritical if I myself violated the GPL, but I don't. I'm not going to touch any source under the GPL license.


Additionally, it seems he wanted to take a look before running the program which is preferred practice among many.

Exactly, bitRAKE. I don't like running executable code I haven't had a look at first. Not that UPX is hard to unpack manually, but whatever :)
Posted on 2004-12-18 06:45:10 by f0dder
The monitor seems to have problems: my program uses it to load a dll, but monitor doesn't show any references to it. Interestingly, apimon from http://www.rohitab.com/apimonitor/ has the same problem.

You can find the program here: http://ry.pl/~omega/asm/cpuid.zip (NASM source, includes are at http://ry.pl/~omega/asm/inc.zip).


actually, your DLL is not present in the cpuid.zip package ;) - the monitor is unable to show any reference to the files that are not loaded into memory

I just created a dummy omega.dll library and here's what KAM shows after your program is started (hook is set on LoadLibraryA, LoadLibraryW, LoadLibraryExA and LoadLibraryExW):

00401016 LoadLibraryA, WinBase.h, kernel32.dll, DWORD
- 0040200F = Omega.dll
77E805D5 LoadLibraryExW, WinBase.h, kernel32.dll, DWORD
- 7FFDEC00 = Omega.dll
- 00000000 (0)
- 00000000 (0)
Module Omega.dll accessed at 10000000

KaKeeware
http://www.kakeeware.com
Posted on 2004-12-18 13:35:55 by kakeeware
Oops, I knew I forgot something ;)
And I'm blind apparently, maybe because searching for LoadLibrary didn't show anything. ;)
Nice work!
Posted on 2004-12-18 15:46:34 by omega_red