I have been trying to get Maggotboy's V2 stealth code to work with the minGW gcc compiler--my thought was to introduce another compiler into the mix to increase our code diversity.
I don't have any success yet. I started with MisterSpock's LCC code, assuming it might be closer to GCC syntax than the MSVC++ version. With some changes I was able to compile and build using MinGW.
After that I got some errors (memory access violations) when testing it with iexplore.exe, then I made some more changes and the errors went away.
However, it appears to do absolutely nothing. I brought up DebugView and there are absolutely no messages being sent, I even tried some OutputDebugString statements into the very beginning of Dllmain (changed back from LibMain) and InstallHook, and even those didn't show up, so it appears to me that it isn't even beginning execution. I know Rundll32.exe is finding the dll, because if I misspell the dll name it complains.
I'm pretty sharp technically but I'm not a very experienced programmer so I don't know how much more headway I'll be able to make on my own, I've tried just about everything I can think of and find with searches. Unfortunately most of the minGW/gcc DLL examples I've found are very simplistic compared to this, for example I had to really dig to find out how do to a shared data segment.
I am developing and testing on W2K using minGW 2.0.0.3, and as recommended on the MinGW website I upgraded two packages:
binutils 2.13.90.20021006-2
w32api-2.1
I'm using Cygwin version 2.249.2.5 to make the development a bit more like Linux, but although Cygwin has its own compiler I set up the path to make sure I'm using the minGW bin executables (e.g., gcc, dllwrap), and I made sure I was using the minGW versions of the libraries that I linked to, so I'm hoping the Cygwin part is irrelevant to the end product.
I have attached 3 files:
mingwsniffer211.c
mingwsniffer211.def
Makefile
I'd really appreciate any help I can get making this work.
