Location:
Search - HOOK Memory
Search list
Description: 内存空间不能跨进程访问的原因主要在于不同进程都有自己的页目录和页表。进程切换的很大一块也就是切换掉页目录。
Windows自己的ReadProcessMemory最终也是通过KeStackAttachProcess附加到目标进程空间执行拷贝的。但是中间的N个内核函数调用现在被很多保护系统Hook掉并保护起来了,所以要通过这层层关卡读到东西还是不那么简单的。
Platform: |
Size: 2589 |
Author: sdlylz |
Hits:
Description: const WM_UNSUBCLASS = WM_USER + 2001 //卸载子类化消息 WM_SENDDATA = WM_USER + 2003 //收到要发送新数据包的消息 type PMyDLLVar = ^TMyDLLVar //用来共享的内存数据结构 TMyDLLVar = record SubClass: Boolean //是否已经子类化 HookWindow, SpyWindow: LongWORD //要安装HOOK的窗口及用于接收消息的窗口 hHook: LongWORD //HOOK句柄 OldWndProc: pointer //旧的窗口过程 end-const WM_UNSUBCLASS = WM_USER 2001 / / Uninstall subclass of news WM_SENDDATA = WM_USER 2003 / / received new data to be sent information packets type PMyDLLVar = ^ TMyDLLVar / / used to share memory data structure TMyDLLVar = record SubClass : Boolean / / if the child class of HookWindow, SpyWindow : LongWORD / / HOOK to install a window for receiving news and the window hHook : LongWORD / / handle OldWndProc HOOK : pointer / / old process end window
Platform: |
Size: 199137 |
Author: 黄春标 |
Hits:
Description: const WM_UNSUBCLASS = WM_USER + 2001 //卸载子类化消息 WM_SENDDATA = WM_USER + 2003 //收到要发送新数据包的消息 type PMyDLLVar = ^TMyDLLVar //用来共享的内存数据结构 TMyDLLVar = record SubClass: Boolean //是否已经子类化 HookWindow, SpyWindow: LongWORD //要安装HOOK的窗口及用于接收消息的窗口 hHook: LongWORD //HOOK句柄 OldWndProc: pointer //旧的窗口过程 end-const WM_UNSUBCLASS = WM_USER 2001// Uninstall subclass of news WM_SENDDATA = WM_USER 2003// received new data to be sent information packets type PMyDLLVar = ^ TMyDLLVar// used to share memory data structure TMyDLLVar = record SubClass : Boolean// if the child class of HookWindow, SpyWindow : LongWORD// HOOK to install a window for receiving news and the window hHook : LongWORD// handle OldWndProc HOOK : pointer// old process end window
Platform: |
Size: 198656 |
Author: 黄春标 |
Hits:
Description: 使用vs.net,c#开发的外挂程序, 利用全局键盘钩子激活外挂, 通过进程内存读写技术,实现扫雷和连连看3的外挂功能。-use vs.net, c# development of the external procedure, and use the keyboard hook overall external activation, through the process of reading and writing memory technology, and the 1000 block of Terry Avenue mine three of the external function.
Platform: |
Size: 83968 |
Author: 稷下剑圣 |
Hits:
Description: 内存搜索及修改源代码VB源代码,希望给从事外挂编程的朋友带来启示。-memory search and modify the source code to VB source code, hoping to engage external programming friend brought enlightenment.
Platform: |
Size: 110592 |
Author: 张扬 |
Hits:
Description: DLL内存映射HOOK示例代码v1.0.rar-DLL memory mapping HOOK sample code v1.0.rar
Platform: |
Size: 81920 |
Author: guweijie |
Hits:
Description: Cheat Master 0.1 For DevHook with src, Real In-Game Search/Modify!
--------------------------------------------------------------------------------
Intro
=====
This is a prx mod written for DevHook 0.4+, which is used to search and
modify/lock data in memory while playing game.
HOWTO Install
=============
1. Copy directory CheatMaster to root of your PSP memorystick.
2. Modify /dh/2xx/flash0/kd/pspbtcnf_game.txt, which 2xx means your emulated
firmware directory (e.g. 271 for 2.71 firmware directory), add one line:
ms0:/CheatMaster/CheatMaster.prx
after the line:
ms0:/dh/kd/devhook.prx
3. Start game, press [Volume DOWN] + [Note] button to call up the menu.
2006-08-08 v0.1
[+] First public version
[+] Search, modify and lock functions
[+] Address table, with save/load functions
[+] Memory dump functions
[o] Memory searching may write results with large amount to disk, so keep at least 10MB free space on memorystick if you want to search values smaller than 256 with auto or byte modeCheat Master 0.1 For DevHook with src, Real In-Game Search/Modify!-------------------------------------------------------------------------------- Intro ===== This i prx's a mod written for DevHook 0.4, which is used to search and modify/lock data in m emory while playing game. HOWTO Install ======= ======= 1. Copy directory CheatMaster to root o f your PSP memorystick. 2. Modify/dh/2xx/flas h0/kd/pspbtcnf_game.txt. 2xx which means your emulated firmware directo ry (e.g. 271 for 2.71 firmware directory) add one line : ms0 :/CheatMaster/CheatMaster.prx after the line : ms0 :/dh/kd/devhook.prx 3. Start game, press [Volume DOWN] [Note] button to call up the menu. 2006-08-08 v0.1 [] First public version [ ] Search, modify and lock functions [] Address table. with save/-Cheat Master 0.1 For DevHook with src, Real In-Game Search/Modify!-------------------------------------------------------------------------------- Intro ===== This i prx's a mod written for DevHook 0.4, which is used to search and modify/lock data in m emory while playing game. HOWTO Install ======= ======= 1. Copy directory CheatMaster to root o f your PSP memorystick. 2. Modify/dh/2xx/flas h0/kd/pspbtcnf_game.txt. 2xx which means your emulated firmware directo ry (e.g. 271 for 2.71 firmware directory) add one line : ms0 :/CheatMaster/CheatMaster.prx after the line : ms0 :/dh/kd/devhook.prx 3. Start game, press [Volume DOWN] [Note] button to call up the menu. 2006-08-08 v0.1 [] First public version [ ] Search, modify and lock functions [] Address table. with save/
Platform: |
Size: 10240 |
Author: zb |
Hits:
Description: LINUX系统调用mlock的代码分析,在LINUX中,每一个用户进程都可以访问4GB的线性虚拟内存空间。其中从0到3GB的虚拟内存地址是用户空间,用户进程可以直接对其进行访问。从3GB到4GB的虚拟内存地址为核心空间,存放仅供核心态访问的代码和数据,用户进程不可访问。当用户进程通过中断或系统调用对其访问时,就会触发处理器的特权级转换(从处理器的特权级3切换到特权级0),即从操作系统的用户态切换到核心态。-Linux system call mlock code analysis, LINUX, Each user process can visit the linear 4 GB of virtual memory space. Them from 0-3 GB of virtual memory address space users, users can direct the process of their visit. From 3 GB to 4 GB of virtual memory address space at the core, the core is for storing state visit to the code and data user process can not visit. When the user through the process of interruption or system call their visit, Processor will trigger the conversion privilege level (from the privileged class processors switched to the three-level privileges 0), from the operating system users switched to the core state.
Platform: |
Size: 114688 |
Author: liyu |
Hits:
Description: 这是截包和发包的小工具(用到ws_32.dll和hook技术、共享内存。。),其中SendUdp.dll本来想用delphi写的因为vc++指针操作快,-This is the cut-off delivery of the package and small tools (used ws_32.dll hook and technology, shared memory. .) , SendUdp.dll which had wanted to use delphi write because vc pointer operation soon,
Platform: |
Size: 389120 |
Author: song |
Hits:
Description: 通过hook的方式的方式来写内存的例子:通常这一技术使用在外挂和内存注册机中,对初学hook的朋友有一定价值-hook through the modalities of the way to write the memory examples : Typically, the technology used in store and memory RI, on the hook when a friend has a certain value
Platform: |
Size: 90112 |
Author: Alan |
Hits:
Description: 以malloc hook的方式检测内存泄漏的工具
-malloc hook to the memory leak detection tools
Platform: |
Size: 179200 |
Author: chen |
Hits:
Description: IDT Hook 检测及恢复
此程序在 Ring3 下打开物理内存对象取得当前内存中的 IDT,再用打开对应的原始内核文件进行比较。带恢复功能。
此程序适用于 XP/2003。采用特征码搜索方式查找。注释详细,代码规范-IDT Hook detection and recovery procedures in this Ring3 to open the physical memory object to obtain the current memory of IDT, and then open the corresponding document to compare original kernel. With recovery. This procedure applies to XP/2003. Using signature search search. Notes detailed specification code
Platform: |
Size: 6144 |
Author: 张京 |
Hits:
Description: 很久没写与工作无关的代码了。这是截包和发包的小工具(用到ws_32.dll和hook技术、共享内存。。),其中SendUdp.dll本来想用delphi写的因为vc++指针操作快,所以就-Long time no write has nothing to do with the work of the code. This is the cut-off packet and contracting of small tools (used ws_32.dll and hook technology, shared memory..), Which SendUdp.dll had wanted to use delphi write because vc++ Pointer to operate faster, so
Platform: |
Size: 389120 |
Author: hjt15000 |
Hits:
Description: 内存空间不能跨进程访问的原因主要在于不同进程都有自己的页目录和页表。进程切换的很大一块也就是切换掉页目录。
Windows自己的ReadProcessMemory最终也是通过KeStackAttachProcess附加到目标进程空间执行拷贝的。但是中间的N个内核函数调用现在被很多保护系统Hook掉并保护起来了,所以要通过这层层关卡读到东西还是不那么简单的。-Inter-process memory space should not visit the main reason is because a different process has its own page directory and page table. The process of switching is a big switch off pages directory. Windows own ReadProcessMemory ultimately KeStackAttachProcess attached to the target through the process of implementation of copy space. However, N Central core function call is now a lot of protection systems and protect up Hook off, so going to pass this, each having something to read or not as simple as that.
Platform: |
Size: 2048 |
Author: sdlylz |
Hits:
Description: VBAPIHooker - API拦截类(这是主角,它需要用到以下三个类)
VBMemoryAllocator - 内存分配管理类
VBPEFnLocator - PE文件导入/导出函数定位类
VBMiniWindow - 迷你消息窗口类-VBAPIHooker- API interception type (which is the main character, it needs to use the following three categories) VBMemoryAllocator- memory allocation and management VBPEFnLocator- PE file import/export function category positioning VBMiniWindow- mini-message window class
Platform: |
Size: 60416 |
Author: soul |
Hits:
Description: hook read/write process memory
本程序可以监视一些进程外的内存操作行为。可以用来分析某些内存修改器,内存补丁的动作。
附上VC6源代码,hookapi核心部分用的使用detours库,不懂可以baidu一下
作者:毕飞-hook read/write process memory of the program can monitor the operation of some process of memory behavior. Can be used to analyze changes in some memory devices, memory patch action. Attached VC6 source code, hookapi the use of detours with the core library, do not know what could be baidu Authors: Fei Bi
Platform: |
Size: 93184 |
Author: 123 |
Hits:
Description: JJ斗地主封包的截获与解密函数,使用勾子,消息,内存共享.-JJ Landlords packet interception and decryption function, using the hook, the message, the memory sharing.
Platform: |
Size: 2048 |
Author: hjf |
Hits:
Description: SYSENETER是一条汇编指令,它是在Pentium® II 处理器及以上处理器中提供的,是快速系统调用的一部分。SYSENTER/SYSEXIT这对指令专门
用于实现快速调用。在这之前是采用INT 0x2E来实现的。INT 0x2E在系统调用的时候,需要进行栈切换的工作。由于Interrupt/Exception Handler的
调用都是通过 call/trap/task这一类的gate来实现的,这种方式会进行栈切换,并且系统栈的地址等信息由TSS提供。这种方式可能会引起多次内存访
问(来获取这些切换信息),因此,从PentiumII开始,IA-32引入了新指令:SYSENTER/SYSEXIT。有了这两条指令,
从用户级到特权级的堆栈以及指令指针的转换,可以通过这一条指令来实现,并且,需要切换到的新堆栈的地址,以及相应过程的第一条指令的位
置,都有一组特殊寄存器来实现,这类特殊寄存器在IA-32中称为MSR(Model Specific Register)。这里牵涉到3个特殊寄存器-SYSENETER is a compilation of instructions, it is in the Pentium ® II processor or above processor provided as part of a fast system calls. SYSENTER/SYSEXIT This specialized instruction
For fast calls. Before this is achieved using INT 0x2E. INT 0x2E in the system call when the work required to switch the stack. The Interrupt/Exception Handler s
Calls through call/trap/task to implement this type of gate, and in this way would be to switch the stack and system stack address and other information provided by the TSS. This approach may lead to memory access times
Q (to obtain the switching information), therefore, start from the PentiumII, IA-32 introduces a new command: SYSENTER/SYSEXIT. With these two instructions,
From the user level to privilege level of the stack and instruction pointer conversion, achieved through the instructions, and the need to switch to the new stack address, and the corresponding bits in the first instruction of the process
Home, there is a spec
Platform: |
Size: 30720 |
Author: wu |
Hits:
Description: delphi hook内存读写,可以拦截其他程序的读写操作以及读写数据,比如有些外挂可以用此工具找出他对游戏的具体操作,从而自己可以写一个功能和他一样的外挂出来-delphi hook memory read and write, can intercept and read and write operations of other programs to read and write data, for example, some plug-in can use this tool to find out his specific operation of the game, so they can write a function like him out of the plug-in
Platform: |
Size: 48128 |
Author: wangyong |
Hits:
Description: HOOK内存读写,可用于过大多数游戏的检测-HOOK memory reader can be used to detect over most of the game
Platform: |
Size: 165888 |
Author: 张哲 |
Hits: