Pete Finnigan's Oracle Security Weblog

I came across a good website for Windows internals tools and information. The site is www.internals.com and seems to be run by Yariv Kaplan. The site also seems a little dated as some of the copyright notices are for 2000 and 2002. Why am I interested in Windows internals? - well because Oracle runs on Windows and even if the database runs on Unix then clients and other processes such as reporting tools may run on Windows. Hackers can use internals knowledge of operating systems such as Windows to gain knowledge of how an application or the database may work and use that information to steal data such as passwords or critical application data or to exploit the application to gain control of the operating system and therefore the machine.

This, as I said is a slightly dated site but there are some useful tools and papers on there. The most useful is the APISpy32 utility that can be downloaded as a zip file called APISpy32. This utility can be used to spy on the internal structure of applications or the operating system itself. APISpy32 gets around some of the problems of similar tools such a breaking when used with large pieces of code. APISpy32 also monitors all API calls made by all active processes. It is dated and marked as supporting Windows 9x/NT/2000 and ME but I have had it running on XP.

There is also a good paper on how spying programs work. This paper is called "API Spying Techniques for Windows 9x, NT and 2000" and covers different methods for hooking API and DLL imported functions. This is an excellent detailed paper, again if a little dated.