Find Jobs
Hire Freelancers

Study/Reverse specific File/Registry hooks on NTDLL

$250-750 USD

Κλειστή
Αναρτήθηκε πάνω από 7 χρόνια πριν

$250-750 USD

Πληρωμή κατά την παράδοση
Hi, I need someone who is able to study some hooks (on specific file/registry functions on NTDLL) and report a "detailed" description of what the hook is doing. Specifically they are the hooks performed by a tool that allows bundling files/dlls into a single EXE, so the files are not visible on disk and the file operations are hooked to know when the access is performed in any of the bundled files. So in case that the application is accessing to a bundled file, it reports a "fake" handle and “manually” maps the file on memory. If the file is not bundled, the hook just passes control to the original function. The similar do when accessing to “bundle” registry keys. I need someone who can do a detailed report of each hook. I don’t need something exactly to the original source code, but just a description of the steps performed in the hook but with internal details. Of course, if you feel better creating an approximate C pseudo code, that’s better than describing it with words. Example of an expected description for “Hook #1: NtCreateFile” (or you might be feel more confortable writing it a pseudo/C code) • First the hook waits that no other process is executing the hook. It performs a “WaitForSingleObject” • The hook reads an structure which contains all the files bundled. The structure has the following format (bundle_file_structure) LPBYTE: pointer to bundled file (in UNICODE format) HANDLE: fake handle for the bundle file DWORD: number of references to HANDLE • Compare the filename parameter (located at POBJECT_ATTRIBUTES->ObjectName) with all the bundled files names • If the file is found in “bundle_file_structure” it creates a fake handle. To create the fake handle it creates a temporal file and use that handle to store it in the HANDLE field in the bundled_file_structure. • If the “FileAttributtes” parameter from NtCreateFile is FILE_ATTRIBUTE_NORMAL then bla, bla, bla • Etc, etc. • Etc, etc….. As you can see, the decription contains detailed information about specific values in structures with the expected field names from NtDLL. It’s *not* correct to write something like “if [esp + 8] is 12 then exit”. The correct is “if FileAttributtes == FILE_ATTRIBUTTES_NORMAL then exit” Please, feel free to contact me to send you an example file and/or more detailed information.
Ταυτότητα εργασίας: 11664367

Σχετικά με την εργασία

6 προτάσεις
Απομακρυσμένη Εργασία
Ενεργός/ή 7 χρόνια πριν

Ψάχνεις τρόπο για να κερδίσεις μερικά χρήματα;

Πλεονεκτήματα πλειοδοσίας στο Freelancer

Καθόρισε τον προϋπολογισμό σου και το χρονοδιάγραμμα
Πληρώσου για τη δουλειά σου
Περίγραψε την πρόταση σου
Η εγγραφή και η πλειοδοσία σε εργασίες είναι δωρεάν
6 freelancers δίνουν μια μέση προσφορά $1.003 USD για αυτή τη δουλειά
Avatar Χρήστη
Dear client, how are you? Seems task is appropriate for me. Please check my "Profile & Work List" and tell me details if my skill is in your concern. Looking forward to your response. Thanks.
$2.000 USD σε 20 ημέρες
5,0 (32 αξιολογήσεις)
6,7
6,7
Avatar Χρήστη
===========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================
$1.722 USD σε 40 ημέρες
5,0 (7 αξιολογήσεις)
4,5
4,5
Avatar Χρήστη
I've mastered software reverse engineering/C/C++/C#/Java/Win API/Assembly programming and helped many customers. Especially, I've rich experiences of unpacking Themida/WinLicense, VmProtect, and other packing modules. I've also ever worked for online game maintenance, bug's fixing, and cheat and anticheat developing. And I have cracked a lot of dongle key(USB, Parallel, and etc) protection mechanisms. I'm sure I can fulfill your job successfully. I hope our collaboration to produce a good outcome that makes u happy. Best regards.
$684 USD σε 3 ημέρες
5,0 (2 αξιολογήσεις)
3,3
3,3
Avatar Χρήστη
Hello, rtm2k! It sounds like an interesting challenge and very good fit. I have great experience with reverse engineering, so it will be done in a very professional way. Please share your example file and let me know when you are OK to discuss. Thank you. Best regards, -Mike
$500 USD σε 7 ημέρες
5,0 (1 αξιολόγηση)
3,1
3,1
Avatar Χρήστη
hi I experienced with IDA, Cheatengine, API hooking. I have a lot of sample. Please send me detailed project. Thanks
$555 USD σε 10 ημέρες
0,0 (0 αξιολογήσεις)
0,0
0,0
Avatar Χρήστη
Nice to meet you. I am reverse engineer for 6 years ago. Meanwhile, I have developed many bot programs. I can know you important technique such as hooking or cracking for reverse programs. Skype : kb88313
$555 USD σε 10 ημέρες
0,0 (0 αξιολογήσεις)
0,0
0,0

Σχετικά με τον πελάτη

Σημαία της SPAIN
Jerez de la Frontera, Spain
5,0
66
Επαληθευμένη μέθοδος πληρωμής
Μέλος από Σεπ 22, 2004

Επαλήθευση Πελάτη

Ευχαριστούμε! Σου έχουμε στείλει ένα email με ένα σύνδεσμο για να διεκδικήσεις τη δωρεάν πίστωση σου.
Κάτι πήγε στραβά κατά την προσπάθεια αποστολής του email σου. Παρακαλούμε δοκίμασε ξανά.
Εγγεγραμμένοι Χρήστες Συνολικές Αναρτημένες Δουλειές
Freelancer ® is a registered Trademark of Freelancer Technology Pty Limited (ACN 142 189 759)
Copyright © 2024 Freelancer Technology Pty Limited (ACN 142 189 759)
Φόρτωση προεπισκόπησης
Δόθηκε πρόσβαση για Geolocation.
Η σύνδεση σου έχει λήξει και τώρα έχεις αποσυνδεθεί. Παρακαλούμε συνδέσου ξανά.