Description: Start.exe 安装 Insert.dll 中的 WH_GETMESSAGE 钩子.在钩子回调函数中
判断当前进程ID是否先前 Start.exe 查找到的 Explorer进程ID, 是的话,则
再次LoadLibrary(Insert.dll),并定位到其中ThreadPro函数. 此时创建一个
新线程,线程函数就是ThreadPro,该新线程首先往Start.exe消息队列放置一个线
程退出消息 WM_QUIT,导致其消息循环结束. 此时插入线程完成..可以看到屏幕
左上角不断变化的数字..说明我们的代码正在执行.进程列表却没有Start.exe,
用进程管理观察,可发现Explorer进程,的确多了个线程,且来自Insert.dll ..
如果希望插入Explorer的线程结束,按 Alt+L 即可... :)-Start.exe Insert.dll installation of WH_GETMESSAGE hook. in the hook callback function to judge whether the current process ID prior to the search Start.exe Expl orer process ID, the answer is yes, then again LoadLibrary (Insert.dll) and the positioning of which ThreadPro function. At this time the creation of a new thread, Thread is ThreadPro function, The first new thread to Start.exe Message Queue placed a thread from the news WM_QUIT. lead to the end of the news cycle. At this point, insert threads completed .. can see the screen in the upper left corner evolving digital note .. Our code is being implemented. List of the process did not Start.exe with process management observation, Explorer process can be found, it is true, of a thread, and from Insert.dll .. If you want to insert the Platform: |
Size: 26257 |
Author:pangguigao |
Hits:
Description: 1. 发卡服务端:Server
项目文件:autojet.prj
2. 计费客户端:Client
项目文件:internet.prj
Explorer.prj
先启动Explorer.exe, 再启动internet.exe
3. 数据库脚本 INIT(原版).SQL 和 New init.sql(新版),数据库名 NetBar
4. 动态连接库: NETBAR.dll hookdll.dll
5. 大学生公寓城System ID为5046
其余程序说明全在程序内的文本文件中说明-1. round card service end: Server project document: Autojet.prj
2. costs the customer end: Client project document:
Internet.prj Explorer.prj
First starts Explorer.exe, then starts internet.exe
3. databases scripts INIT (first edition) SQL and New init.sql
(new edition), database NetBar
4. dynamic connections storehouses: NETBAR.dll hookdll.dll
5. university students lodgings city System ID is 5,046 other
procedures explained all explained in the procedure text documents
Platform: |
Size: 2728960 |
Author:陈万通 |
Hits:
Description: Start.exe 安装 Insert.dll 中的 WH_GETMESSAGE 钩子.在钩子回调函数中
判断当前进程ID是否先前 Start.exe 查找到的 Explorer进程ID, 是的话,则
再次LoadLibrary(Insert.dll),并定位到其中ThreadPro函数. 此时创建一个
新线程,线程函数就是ThreadPro,该新线程首先往Start.exe消息队列放置一个线
程退出消息 WM_QUIT,导致其消息循环结束. 此时插入线程完成..可以看到屏幕
左上角不断变化的数字..说明我们的代码正在执行.进程列表却没有Start.exe,
用进程管理观察,可发现Explorer进程,的确多了个线程,且来自Insert.dll ..
如果希望插入Explorer的线程结束,按 Alt+L 即可... :)-Start.exe Insert.dll installation of WH_GETMESSAGE hook. in the hook callback function to judge whether the current process ID prior to the search Start.exe Expl orer process ID, the answer is yes, then again LoadLibrary (Insert.dll) and the positioning of which ThreadPro function. At this time the creation of a new thread, Thread is ThreadPro function, The first new thread to Start.exe Message Queue placed a thread from the news WM_QUIT. lead to the end of the news cycle. At this point, insert threads completed .. can see the screen in the upper left corner evolving digital note .. Our code is being implemented. List of the process did not Start.exe with process management observation, Explorer process can be found, it is true, of a thread, and from Insert.dll .. If you want to insert the Platform: |
Size: 25600 |
Author:pangguigao |
Hits:
Description: Hook Explorer SourceCode
支持查找系统内的全局钩子
VB完整源代码
VB编写的反hook代码比较少见 这个是难得的一个精品-Hook Explorer SourceCode support system to find the overall integrity of the hook VB source code VB code to prepare the anti-hook relatively rare this is a rare quality Platform: |
Size: 63488 |
Author:张京 |
Hits:
Description: Start.exe 安装 Insert.dll 中的 WH_GETMESSAGE 钩子. 当任何一个进程从
消息队列取消息时, Insert.dll 都将被装入其空间. Insert.dll在入口代码
中判断当前进入的进程模块名, 如果是 Explorer则建立一个线程, 并发消息
通知 Start.exe退出. 这个时候建立的新线程, 当然是属于Explorer进程的,
这就是关键之所在了. 另外, 该线程还建立了一个窗体, 可以设定IE首页. :~)-Start.exe installation of Insert.dll hook WH_GETMESSAGE. When any one process from the message queue check news, Insert.dll will be put into its space. Insert.dll at the entry code to enter the process to determine the current module name, if is the Explorer is the creation of a thread, and发消息Start.exe quit notice. this time the new thread, of course, is the Explorer process, and this is the key to a. In addition, the thread has also set up a form, can set the IE homepage.: ~) Platform: |
Size: 29696 |
Author:hss |
Hits:
Description: 这是本人做的屏幕取词,取词成功率93 。在2000下稳定运行,在XP下跟explorer进程有点冲突。可以取到网页、WORD、PDF目录、360界面。测试表明,卡巴斯基检测不到钩子这种行为。-This is the Screen I do taking the success rate of 93 of the word. Under the stable operation in 2000, in XP a bit of conflict with the explorer process. Can be taken to the page, WORD, PDF catalog, 360 interface. Test showed that Kaspersky hook such acts could not be detected. Platform: |
Size: 5783552 |
Author:cyy |
Hits:
Description: windows API(清华大学冉林仓编著)源代码,包括8章。本书在介绍Win 32 API函数调用的基础上,重点介绍如何使用Windows SDK API开发Win 32动态链接库和应用程序,并结合进程管理、进程通信、钩子函数、窗口子类化、API HOOK、Internet Explorer开发、网络编程等介绍了API函灵敏在这些方面的综合应用。
本书中的实例源代码可通过 本书主要面向熟悉Windows开发且有一定编程基础的中高级用户,旨在帮助用户提高系统编程的能力。-windows API (Tsinghua University, Ran Lin Cang ed) source code, including Chapter 8. This book describes Win 32 API function calls, based on highlighting how to use the Windows SDK API Developer Win 32 dynamic link libraries and applications, combined with process management, process communications, hooks, window subclassing, API HOOK, Internet Explorer development, network programming and other sensitive letter describes the API integrated applications in these areas. The source code examples in this book may be targeted by this book are familiar with Windows development and programming based on a certain high-class users, designed to help users to improve system programming capabilities. Platform: |
Size: 5554176 |
Author:云飞扬 |
Hits:
Description: Purpose: - Implement remote code injection
- Usermode hook (Ntdll->NtQueryDirectoryFile)
Note: This is only POC that will hide file explorer.exe
Hidding file via usermode code injection to explorer.exe
You can restart explorer.exe to unhook-Purpose: - Implement remote code injection
- Usermode hook (Ntdll->NtQueryDirectoryFile)
Note: This is only POC that will hide file explorer.exe
Hidding file via usermode code injection to explorer.exe
You can restart explorer.exe to unhook Platform: |
Size: 7168 |
Author:nofear0720 |
Hits:
Description: Hook技术在软件应用中非常广泛,发一个HookExplorer的源代码-Hook in a wide range of software applications, made the source code of a HookExplorer Platform: |
Size: 250880 |
Author:panda |
Hits:
Description: IFileOperation COM HOOK代码实例
WIN7系统在explorer.exe中操作文件都是调用IFileOperation COM接口,因此通用方法HOOK Win32 API 如DeleteFile就失去了作用
该实例成功HOOK到了NewItem、RenameItem、RenameItems、MoveItem、MoveItems、CopyItem、CopyItems、DeleteItem、DeleteItems等接口
备注:
google您可以找到有关com hook代码实例,但存在两大问题:
1、只能hook一次,并且操作文件将失效
2、反注入后,explorer.exe直接奔溃
该版本未修复这两个问题
如果需要完整版本,请访问:http://www.csto.com/case/show/id:51-The IFileOperation COM HOOK code instance WIN7 system operating in the explorer.exe in file to call IFileOperation COM interface, therefore, universal method HOOK Win32 APIs such as DeleteFile will lose the role of the instance successfully HOOK to NewItem RenameItem, RenameItems MoveItem, MoveItems CopyItem Remarks CopyItems, DeleteItem, DeleteItems interface: google you can find com, hook code examples, but there are two major problems: 1 hook only once, and manipulating files will fail, anti-implantation, explorer.exe directly Ben collapse version did not fix these two problems if you need the full version, please visit: http://www.csto.com/case/show/id:5177 Platform: |
Size: 74752 |
Author:海盗医生 |
Hits:
Description: Small component for TWebBrowser hook file system.
Limitation:
- Internet Explorer 7.0 or higher.
last fix:
- Support XE5
- Store files in DataSet.
- Use internal *.css files with my.
- Add property - Enabled.
- Component completed for XE3.
- Set 0 position, when reload. Platform: |
Size: 177152 |
Author:robt |
Hits:
Description: 利用Hook在Explorer进程插入一个线程,只需一个DLL, 98、2k、XP 通用.
-Hook inserted Explorer process utilizing a thread, just a DLL, 98,2k, XP generic. Platform: |
Size: 28672 |
Author:hello |
Hits: