How to hook the kernel?

[neology]

I'm working on my project to develop a tool that notify me the hidden activities in my computer such as copying file, moving file,renaming file,open file,close file and etc.. My friend told me that by hooking the kernel, we can get those information. Now, I'm looking for the script to hook the kernel. Somebody who know this, please help me..thank you in advanced..

[Pain]

AutoIt can't access the kernel, try with Assembler or any other low-level language.

[WeMartiansAreFriendly]

I'm working on my project to develop a tool that notify me the hidden activities in my computer such as copying file, moving file,renaming file,open file,close file and etc.. My friend told me that by hooking the kernel, we can get those information. Now, I'm looking for the script to hook the kernel. Somebody who know this, please help me..thank you in advanced..

This might give you some insight: http://www.autoitscript.com/forum/index.php?showtopic=84936

[topten]

Sorry to raise this topic again. But has anything changed since that time? I mean is it possible to hook kernel?

[water]

This topic is 6 1/2 years old and all participants have been offline for quite some time now.
Do you really expect an answer?

[topten]

Sure, I know

I think there should have changed anything about the topic

[water]

Why do you want to hook the kernel?

[topten]

I have some persistent malicious application installed on my pc- nothing can stop it and nothing can kill its processes

I tried processhacker though and it worked for  a while. Now the application has updated itself and even processhacker cant kill its process. The processclose() doesnt work at all!

I understand that the app is catching my comands via kernel and I thought if this app could have used kernel to hook my comands, why can't I do the same?

[water]

AutoIt can't access the kernel, try with Assembler or any other low-level language.

​As Pain suggested.
Or reinstall your PC to get rid of the malicious app.

[JohnOne]

What is the malicious application?

[Jos]

Boot from a Jumpdrive image and clean the installation on your disk instead of trying to fix/fight it while it is running.

Jos

Edited June 7, 2015 by Jos

[232showtime]

you can modify it through registry, this "malicious app"

Edited June 7, 2015 by 232showtime

[topten]

you can modify it through registry, this "malicious app"

​It is controlling the registry! Sends access denied

What is the malicious application?

​McAfee security center - but I never installed it by myself!

​As Pain suggested.Or reinstall your PC to get rid of the malicious app.

​I am thinking about solution which can help not only to me but, I want to make a "remedy" application which will serve to other people as well!

Boot from a Jumpdrive image and clean the installation on your disk instead of trying to fix/fight it while it is running.

Jos

​Sounds interesting. What do you think can I make it as series of apps run and then return to a normal boot, so that for the user it will be "one click soltuion"?

[topten]

I know there is AV called MacAfee but it is a malicious clone which is continuously asking for money

[JohnOne]

McAfee real will continue to ask you for money because it is not free.

Also, you cannot uninstall security software if you did not install it, that is the nature of security software.

[Jos]

I know there is AV called MacAfee but it is a malicious clone which is continuously asking for money

​Google is your friend:

• http://www.techrepublic.com/blog/five-apps/five-portable-antivirus-and-antimalware-tools-to-carry-with-you-at-all-times/
• http://www.pcworld.com/article/2021326/turn-your-flash-drive-into-a-portable-pc-survival-kit.html
• etc...

Jos

[topten]

McAfee real will continue to ask you for money because it is not free.

Also, you cannot uninstall security software if you did not install it, that is the nature of security software.

​I think we are all here to solve such types of questions, otherwise it is easier to say "We are helpless" ? Please correct me if I am wrong

​Google is your friend:

• http://www.techrepublic.com/blog/five-apps/five-portable-antivirus-and-antimalware-tools-to-carry-with-you-at-all-times/
• http://www.pcworld.com/article/2021326/turn-your-flash-drive-into-a-portable-pc-survival-kit.html
• etc...

Jos

​Great thanx, will check it out

[water]

think we are all here to solve such types of questions, otherwise it is easier to say "We are helpless" ? Please correct me if I am wrong

No, we are here to solve AutoIt related questions (at least in this forum).

[topten]

[232showtime]

​It is controlling the registry! Sends access denied

​are you unable to access the registry??? because of this malicious app?