/*===================================
Win32 Global API Hooking - 
===================================*/

ȳϼ? API ŷ¸ ϰ ִ Դϴ.
 ó ¸ Ҷ   е  Ŷ  ߾ϴ. ¶ 
ǿܷ  е ɰ  ֽô ѹٸ 𸣰ڱ. ü ° ʹ  ߹ݺη 
 ִµ.  鿡  亯ϱⰡ ġʾ,  Ͽ  亯  
⿡ ؼ ˷帮   ϴ.

ϴ   õش޶  ҽϴ. Ʒ  Ͽ, ״ 
Ͻñ ٶϴ. (   ְ Ǵܿ Դϴ)

1) Advanced Windows NT, Jeffrey Richter
:  ʿ Windows ýα׷ ̺, ýα׷ ͵ ˴ϴ. 
̼  ýα׷ ַ ٷ ֽϴ.

2) Debugging Applications, John Robbins 
: MSJ  ÷ "Bugslayer"  Numega Software ý Ͼ John Robbins , 
    ýα׷    , ǹ ٷ Ҽ 
ִ     ҰǾֽϴ.

3) ı ,    輺 
:  ¿  Ұ ֽϴ.  ũμƮ  ýŷ ÷ 
 Ⱓ,  ȯ濡 ŷ     ̷ο  Ǿֽϴ.

4) ũ  , Ȳ 
:   ʿ  ʵ,  8Ʈ  32Ʈ   ٷ
 ֽϴ. ϴ ȾƳ ʿҶ Ͻø ?

5) System Programming for Windows 95, Walter Oney 
: Win9x ̹̽ VxD ٷ , VxD ̺ Ҹ   åԴϴ. 
  ߰ ڵȭ  ȫö  ͳݿ Ҽ ֽϴ. 

6) Programming Microsoft Windows Driver Model, Walter Oney
: 5å, System Programming for Windows 95  Walter Oney WDM ߼Դϴ.  α 
  Ҽ ֵ ü  ߵǾ ִ NT/2000 ̹̽  WDM 
   ֽϴ.

7) Inside Microsoft Windows 2000, David A. Solomon & Mark E. Russinovich
: Windows 2000 ý۰ α ؼ  ٷ Win2K ýα׷ ʵ  
 ֽϴ.

 ڵ  å   о ߰ ̰Ϳܿ  å  ִ° ˰ 
ֽϴٸ   ٴ   Դϴ.  ̶̺ Ҹ ǥ
 å κ  ִ ̹Ƿ    (^^)   Ѵ 
ϼż   ؾȵǴ κ   ϴ  Ͻø ȿϰ 
ϴ.(  ǽŴٸ...  ý α׷ ó̽ö  о ǥ  
  д   ϴ.(и ó ι°  ٸԴϴ.)  
 ڷ   ʿ ( ǹ   ٰ ϴ.) ʿ
 κ  ãƺ  ⺻ 信 ؼ ؾ߸ մϴ.  ܿ
 ͳ̳  ϴ°͵ ϳ ̶   ְ.

 ̸,  ġ Ǵ  ̹̽ ʺٴ ý ø̼
 ü ϱ   ̹̽ ٷԽϴ. ̱ аô κ 
   ϵ ü ϱ   ̹̽ٴ Ϲ ø
 Ұ ۾ ؼ ̹̽ ÷ е κϰŶ Ǵ±. 
  ൵  ߽  ڽϴ.

Ѱ ̹̽ óϽô ̶ VxD ǥǴ Win9x迭 ̹̽ٴ 
WDM̳ NT Ŀε̹ ʿ  ΰ θ Ͻô°  ̴ϴ. (   ƽ? 
 9x ô  ϱ...)

 Ұ ϰ ̳  ̴ּ е  ؼ  ҸѰ͵ ٷ
ڽϴ.
(... DB ڵ鸵̳ Ʈ α׷ Ͻ е  ˼ϰԵ  ¿ ϴٰ 
ǴܵǾ 亯 帮  ֽñ ٶϴ.)

1. WH_CALLWNDPROC   μ  ħϱ

(potpry) ǰ, WH_CALLWNDPROC   μ ּҰ Ĩϱ⿡   ־
.  ϼ̴ó    ִ  ܷ Ϸ ߽ϴٸ, ǰ ֽ
е ô  ٷ ϰڽϴ. (ǰֽ Բ ٽѹ   ϸ...)

ϴ WH_CALLWNDPROC   ƽô´ ν ä Դϴ.   ν
  μ ε ʾҴٸ ý ڵ ν  ִ dll μ
 νŵϴ. (dll εŲٴ .)   翬 DLL и ATTACHǴ μ ּҰ
 ۾Ѵٴ  ǽ  ,   κп 츮 ϴ μ   
 ۾ ϴٴ Դϴ.  Matt Pietrek MSJ ÷ Api Hijacking ̶ ̸ 
 Դϴ. ׷ ̹ ߴٽ      ֽϴ.

, ν  ʴ α׷ ,   ٴ   ŷ(explicit link)
 ũ DLL Ǵٽ Ʈ Լ ó  Դϴ. ν ä ̴ 
ŭ ν  α׷ Ҽ ٴ  ݷ  ٵ, ι°  
մϴ.  PE мغ̴ٸ Ʈ Լ  ּҸ ȣϴ  APIȣ
 ̷ ʴ´ٴ  ƼԴϴ.  μ jmp + API Լּ  Ǿ
 Ʈ̺  ϸ,  α׷ API  call ϴ  ƴ϶ ̺ 
 callϴ · ȯ˴ϴ. ׷  ׷ Ʈ ⿡  ٽ Ʈ  Լ
 ŷϴ Դϴ.  ϸ USER32.DLL  KERNEL32.DLL Ʈϰ ִµ ̷
 Win9x ڸ忡 ý DLL Ʈ̺   Ƿ ǻ ŷ Ұ
ϴ.  APIο API ȣϴ 쿡       ϳ  ǰ
ϴ. ¶ Ʈ̺   API ŷ ϱ⿡   Ƿ  
츮 ̷    Դϴ.

2.  9x NT/2K API ŷ ٹ ޶ ϳ?

  Ͻź Ͻ Դϴ.(^^)  Ҷ ڼϰ 帮  9x NT/2K
迭  API ŷ ٸ ۼǾ ϴ ϰ ص帮ڽϴ.  Ŀٶ ̴ 
ۿ ϴ ޸ ( 0x80000000, 2GB ̻)  μ  ϴ
 Դϴ.  2° ¿ ǽغҴ ޸𸮿 9x 2GB̻  
ġ NT/2K 2GB ʿ ġϴ    ֽϴ.  NT/2K  ּҰ ּ
 ٸ μ ȿϰ Ǿ  ٴ  Դϴ. ̰ ޸𸮻 ƴ
  ýۿ Ǵ ý DLL ڵ(ٸ ̽巹)̳ Լּҵ 
Դϴ.  9x  ٸ  ؾ߸ ϸ ̵  9x ϰ մϴ.  
 DLL  Ϸ RING0 Ҹ ü  ƯǷ  ϴµ 9x 
ڷ(RING3)  RING0 ȹҼ ( Win9x ޹(?)̶ մϴ.) NT/2K
 ̹̽ ʰ RING0   ִ  ° ˷ ֽϴ. CIH
 ù(?) ̷ WinNT/2K    ٷ ⿡ ֽϴ. ࿡ NT/2K ȯ
濡 ڷ(RING3) RING0 ȹϴ  ˰ôٸ ̷  
 ȰϽñ ٶϴ. (ڿԵ ˷ֽø ... ^^) ¶ NT/2K 9x   
 ü̸  Ŀٶ ߿ ϳ ý ϴ  ޸𸮿 ڷ 
ϴ° Ģ ϰ ֽϴ.  κп   ڼ   NT/2K ̹̽
 ٷ궧 ٽѹ ٷ絵 ϰڽϴ.

3.    Ǵ α׷ ƾ ǳʶٸ鼭  ۾   ֳ?

α׷ ٸ ƾ ܼ ˻ƾ(Լ)ó Ǿ ִٸ 󸶵 ũŷ 
մϴٸ ¿ ȵ Ƽ ڵ  Ѵٸ ũŷϱⰡ 
 ʰ. ׹ۿ ũŷ  ̳ ̷       Ư
 찡 ƴ̻  ʴ° ˰ ֽϴ. ´ ũ° ƴϹǷ ̻  
帮 ʰڽϴ.

...
 ¿ Ѵ Win9x ̹̽  VxD ؼ ٷڽϴ. Ƹ ſ 
ŸƮ  Ǿ ٵ ̷кٴ   ΰ  Դϴ. ڼ  
 帰  Ͻô°  ׿.

<⼳>

ֿ  Ʒ ޴ ⿡ ٿԾµ  (Ʒ ̴ϱ) ϱ 
.    ڿ °͵  ... е鵵  տ ɾư 
  ̶ ö󰡺ñ...