Description: 微软提供的截取Win32 API函数的开发包和例子1.5版本-SDK and example in 1.5 version of hooking Win32 API which are provided by Microsoft Platform: |
Size: 605184 |
Author:站长 |
Hits:
Description: 一、Detours库的来历及下载: Detours库类似于WTL的来历,是由Galen Hunt and Doug Brubacher自己开发出来,于99年7月发表在一篇名为《Detours: Binary Interception of Win32 Functions.》的论文中。基本原理是改写函数的头5个字节(因为一般函数开头都是保存堆栈环境的三条指令共5个字节:8B FF 55 8B EC)为一条跳转指令,直接跳转到自己的函数开头,从而实现API拦截的。后来得到MS的支持并在其网站上提供下载空间:
-Detours origins of the library and download: Detours library similar to the origins of the WTL developed by Galen Hunt and Doug Brubacher, published on July 99 in an article entitled "Detours: Binary Interception of the Win32 Functions." The papers. The basic principle is that the first five bytes of the rewrite function (three instructions to save the stack environment since the beginning of the general function of 5 bytes: 8B FF 55 8B EC) for a jump instruction to jump directly to the beginning of the function , enabling API interception. Later MS support and download the space provided on its website:
Platform: |
Size: 49152 |
Author:田戈 |
Hits: