Cheat Engine

[NoMercy]

Hello,

I would like to code something as Sandboxie, but a little bit different. The intrestest part is that it CANNOT connect to the internet, if it does it should pop up something witt: from where to where etc.

How should I start with this? I've actually no clue how this is be done, loading all windows .dll which ahs to do with internet connection and hook the Major functions? I know that the code I'm checking has no drivers or something so I don't need to dive into the kernel right?

Grz

[n0 m3rcY]

Basically you will need to research a lot into windows hooks, then an easy way is just to hook a bunch of common malware / other calls whatever you deem to be noteworthy, then you can log/block any of them if you want. I'm assuming you want something a la anubis that shows you what is happening to the system.

Your specific situation would be hooking things like OpenInternetFileURL or whatever it is, and other calls such as WinSock commands.

Here's one alternative to making a system-wide hook (which would be a pain in the ass), a trainerspy-style dll that you can just use a loader for and hook a bunch of calls, log to a file, then close the app? skilinium. com/blog/?p=75 If it's malware you're talking about, just use sandbox or an alternative (which a lot of malware detect and can get around anyways), an up-to-date proffessional app is better than what you will be making / have time to make.

[Dark Byte]

Also, keep in mind that an application can execute an external program like telnet and send data with that. No need to use the winsock api or any api at all

[n0 m3rcY]

[NoMercy]

Thanks all, but what can I do if the program is an .exe, I just place IAT hooks everywhere and check if it's from that current process?

I don't understand the startup method yet, if someone injects a .dll, how can I be sure that I check it well enough?

Also if I hook the Winsock and the Internet stuff, there are no other API that can be used or any little tricks like telnet?