Description: 我在XP下用过detour,也是用钩子将dll注入到其他进程进行API拦截,当时拦截的是 ShowWindow以及文件操作的一些API,感觉没什么问题阿.你可以先用Detour拦截一下其他的API试试,比如 CreateProcess,这个API我拦截过,Detour能拦截的
-I used the XP detour. also used to hook dll injected into other processes API interception, then intercept the ShowWindow and some file manipulation API, A feeling no problems. You can use Detour to intercept a few other API try. For example CreateProcess, I intercept the API that can intercept the Detour Platform: |
Size: 2312 |
Author:byron |
Hits:
Description: 如果您对IE4.0熟悉的话,你将知道在Internet Settings高级设置中有一个选项:“在新的进程中浏览(英文:Browse in a New Process)”,如果你把它前面的对钩去掉,然后运行IE,并打开任务管理器查看所有进程,你将会发现没有新的IExplorer.exe进程出现。反之,则新的IExplorer.exe进程出现。
当我们需要许多数据在程序实例之间共享的时候,这种能使多个实例运行在同一个进程空间的程序是非常有用的。它的实现很简单,众所周知,启动任何一个应用程序有两种途径,要么通过浏览器要么通过API调用诸如CreateProcess。首先侦察特定的窗口类是否存在,如果不存在,就创建一个新的窗口类,如果存在,那么使最近创建的进程发送一个消息到已存在的窗口,并使新近运行的实例窗口处于激活状态,先前的程序实例将启动一个单独的线程。
在此示例中,作者采用了一个MFC MDI程序,即使有多个程序实例在运行,任务管理器或者进程查看器(Process Viewer)将只会显示一个进程,当如果用WINDOWS自带程序SPY++查看,您将会发现该进程拥有许多线程,并且不同的MDI窗口集合分别属于不同的线程-seemed familiar with the case, You will know that the Internet Advanced Settings, there is a choice : "In the new process here (in English : Browse in a New Process)" If you put it right in front of the hook removed, and then run IE, and open the Task Manager View all process, You will find no new IExplorer.exe process. Instead, the new IExplorer.exe process. When we needed the procedure much of the data shared between the examples, This can run multiple instances of a process in the same space procedure is very useful. It is very simple to achieve, as we all know, launching an application of any two channels either through the browser or through API calls such as CreateProcess. First reconnaissance particular window class existence, if they do not exist, create a new window type Platform: |
Size: 47300 |
Author:苏语 |
Hits:
Description: 我在XP下用过detour,也是用钩子将dll注入到其他进程进行API拦截,当时拦截的是 ShowWindow以及文件操作的一些API,感觉没什么问题阿.你可以先用Detour拦截一下其他的API试试,比如 CreateProcess,这个API我拦截过,Detour能拦截的
-I used the XP detour. also used to hook dll injected into other processes API interception, then intercept the ShowWindow and some file manipulation API, A feeling no problems. You can use Detour to intercept a few other API try. For example CreateProcess, I intercept the API that can intercept the Detour Platform: |
Size: 2048 |
Author:byron |
Hits:
Description: 自己写的API-Hook。hook的函数是CreateProcessA和CreateProcessW。就是说可以检测进程创建。还有2处不完善。一个是创建程序的路径没能很好的显示。另一个退出时有点系统异常。-himself wrote the API- Hook. The hook function is CreateProcessA and CreateProcessW. Say can detect the creation process. There are two imperfect. One is to establish procedures for the path failed to show good. Another system to pull out a bit unusual. Platform: |
Size: 142336 |
Author:林风 |
Hits:
Description: 微软公司的拦截api开发包:
All Detours functions are compatible with all x86 version of Windows NT,
Windows 2000, and Windows XP. However, under Windows 95, Windows 98, and
Windows ME, the DetourFunction* APIS do not work unless the program is
running under a debugger (the process was created with the DEBUG_PROCESS flag
on the call to the CreateProcess* APIs). Since most programs are not typically
run under a debugger, the DetourFunction* APIs do not work for most programs
on Win9x platforms.-Microsoft's interception api development kits : All Detours functions are compatible with all x 86 version of Windows NT, Windows 2000, and Windows XP. However, under Windows 95, Windows 98 and Windows ME,* DetourFunction the APIS do not work unless the program is running under a debugger (the proces 's was created with the flag on the DEBUG_PROCESS call to the CreateProcess* APIs). Since most pr ograms are not typically run under a debugger. the DetourFunction* APIs do not work for most pr ograms on Win9x platforms. Platform: |
Size: 529408 |
Author:摩尔 |
Hits:
Description: 如果您对IE4.0熟悉的话,你将知道在Internet Settings高级设置中有一个选项:“在新的进程中浏览(英文:Browse in a New Process)”,如果你把它前面的对钩去掉,然后运行IE,并打开任务管理器查看所有进程,你将会发现没有新的IExplorer.exe进程出现。反之,则新的IExplorer.exe进程出现。
当我们需要许多数据在程序实例之间共享的时候,这种能使多个实例运行在同一个进程空间的程序是非常有用的。它的实现很简单,众所周知,启动任何一个应用程序有两种途径,要么通过浏览器要么通过API调用诸如CreateProcess。首先侦察特定的窗口类是否存在,如果不存在,就创建一个新的窗口类,如果存在,那么使最近创建的进程发送一个消息到已存在的窗口,并使新近运行的实例窗口处于激活状态,先前的程序实例将启动一个单独的线程。
在此示例中,作者采用了一个MFC MDI程序,即使有多个程序实例在运行,任务管理器或者进程查看器(Process Viewer)将只会显示一个进程,当如果用WINDOWS自带程序SPY++查看,您将会发现该进程拥有许多线程,并且不同的MDI窗口集合分别属于不同的线程-seemed familiar with the case, You will know that the Internet Advanced Settings, there is a choice : "In the new process here (in English : Browse in a New Process)" If you put it right in front of the hook removed, and then run IE, and open the Task Manager View all process, You will find no new IExplorer.exe process. Instead, the new IExplorer.exe process. When we needed the procedure much of the data shared between the examples, This can run multiple instances of a process in the same space procedure is very useful. It is very simple to achieve, as we all know, launching an application of any two channels either through the browser or through API calls such as CreateProcess. First reconnaissance particular window class existence, if they do not exist, create a new window type Platform: |
Size: 47104 |
Author:苏语 |
Hits:
Description: 这是一个非常好的内核级HOOK API的例子,想看看效果里面的bin文件夹可以有编译好的程序,其中内核监视没有实现,进程和注册表监视已经完成。这个代码绝对可以成功编译,因为hookzwcreateprocess里的代码是驱动设备程序的,所以编译环境的设置比较复杂,所以在这个压缩包里也包含了一个小教程,教你去搭建vc 6.0中开发驱动设备程序的环境,并且带了个样本。声明:这个程序运行XP下,在2000下会造成蓝屏-This is a very good kernel-level HOOK API examples, I would like to look at the effects inside the bin folder can be compiled procedures, which did not materialize to monitor the kernel, processes and registry monitoring has been completed. This code is absolutely able to successfully compile, because the code is hookzwcreateprocess in process-driven equipment, so the compiler set up the environment more complex, so in this compression bag also contains a small tutorial to teach you to build in vc 6.0 device driver development program environment, and带了个samples. Statement: This program runs under XP, in 2000 will cause a blue screen Platform: |
Size: 81920 |
Author:zhenbiao |
Hits:
Description: 这是一个运行在Windows CE上的API监测工具,可以HOOK系统API,当前Hook了CreateFile, CreateProcess, Loadlibary函数,用户可以很方便的添加自己希望Hook德函数-This is a run on Windows CE on the API monitoring tool, you can HOOK system API, the current Hook the CreateFile, CreateProcess, Loadlibary function, users can easily add your own hope Tak Hook function Platform: |
Size: 4239360 |
Author:ChenMin |
Hits:
Description: IAT HOOK I just try to hook a api call with John Chamberlain s source code. The code works, but nothing happen when i call CreateProcess in an other application. Why Platform: |
Size: 2048 |
Author:RDGMax |
Hits:
Description: API Hook,实现了对CreateProcess的挂钩,可以监视进程的创建。-API Hook, to achieve the linking of CreateProcess, you can create a monitoring process. Platform: |
Size: 5688320 |
Author:北冥之鱼 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor Platform: |
Size: 3696640 |
Author:接收 |
Hits:
Search - CreateProcess Api Hook