Jump to content
Tuts 4 You

How to prevent redirections of functions to AcLayers.dll?


Recommended Posts

Hi guys,

so I was just coding around a little and testing my stuff in OllyDBG and was wondering why I could not find the CreateProcess function in my intermodular calls list. Then I was checking out my IAT of my app and there could also not found the CreateProcess function and just found a address to AcLayers address which seems to be on top before calling the function. Just wanna know why and of course why? :) Is it just a on top protection function or something? Is it needed to use it by Windows and is there a way to prevent / disable that and is there also a function list what APIs are affected from those OnTop AcLayers PRE calls? Why that injection? Below my IAT part..

0045C108 >77175980  KERNEL32.ExitProcess
0045C10C >77173830  JMP to KERNELBA.DeleteFileA
0045C110 >6E1018A0  AcLayers.6E1018A0  <---- CreateProcessA inside call
0045C114 >77173800  JMP to KERNELBA.CreateFileA
0045C118 >77167D40  KERNEL32.CompareStringA
0045C11C >771735B0  JMP to KERNELBA.CloseHandle


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...