Redirect Registry or Rootkit

Discussion in 'Application Software' started by KNARZ, Jul 23, 2015.

  1. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    872
    457
    30
    #1 KNARZ, Jul 23, 2015
    Last edited: Jul 23, 2015
    I'm still searching for a glitch or people that can reverse engineer a little. (signature).

    I'm wondering if somebody knows or has an idea how to redirect registry keys (values) to some other locations.
    The top notch solution would be detecting through read/write and than redirect the query/write to some chosen/monitored key.

    like: writing: redirects to reg-location 1, reading: redirect to reg-location 2.
    the best solution would be to implement this as a driver as this approach is somehow kernel related.


    The other approach would be something like a loader (daz) or realtime patching (in memory). I'm thinking of a tool like "konboot" but I'm not interessted in hacking login as more in manipulate/glitching some kernel protect (yes, not permissions) registry value.

    If you have an idea or willing to help, please contact me...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,080
    60
  3. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    872
    457
    30
    No, pretty much the same, but as you all can see Microsoft restricts more an more... [as I said months ago]
    New Windows maybe new motivation?!
    I'm trying to get the xrm-ms files clear (the relations and so on)

    As discussed in the non public group I still have a package to unprotect protected applications (maybe helpfull)

    The described approach would be new and should bypass nearly everything without hurting the system. (in theory)
    Unfortunatly I don't have the skills for reverse engineering or programming at all. I'm more into finding workarounds.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,080
    60
    What you need is a C or CPP programmer who has knowledge of hooking. Us lowly .NET guys cannot help much. Wonder if secr9tos old W7 driver source would be useful.