Start
News
About libemu
compiling libemu
Gallery
Manpage
API
Hacking
Examples
dionaea
nepenthes
honeytrap
libemu
liblcfg
Hooking calls to (supported) windows dll's is very easy.
Look at sctest within the examples section to see how the user_hook_ExitThread is implemented and gets installed.
Currently libemu uses a static approach which dlls can be loaded, as they are hardcoded within the win32 environment.
To support a new dll, you have to have a copy of the dll, load the dll into process memory in windows, and dump the required sections.
Then, these required sections have be written to memory in libemu once the dll gets loaded.
If you want to support a different dll, contact us, we will add support for the dll and extend this guide to allow others supporting 'their' dll's too.