Location:
Search - find hook
Search list
Description: vc+mapx 有需要的赶快下载哦 献给用vc开发gis又找不到例程的人-vc MapX need quickly downloaded using vc oh dedicated to the development and gis to find the routines
Platform: |
Size: 1764352 |
Author: songxu |
Hits:
Description: Hook Explorer SourceCode
支持查找系统内的全局钩子
VB完整源代码
VB编写的反hook代码比较少见 这个是难得的一个精品-Hook Explorer SourceCode support system to find the overall integrity of the hook VB source code VB code to prepare the anti-hook relatively rare this is a rare quality
Platform: |
Size: 63488 |
Author: 张京 |
Hits:
Description: 使用系统IAT表查找要Hook的函数地址,然后进行挂钩。本代码Hook的是TextOut函数。-IAT table to find using the system to Hook a function of address, and then proceed to link. Hook this code is the TextOut function.
Platform: |
Size: 37888 |
Author: 骆爽 |
Hits:
Description: 很多网友来信反应说之前发布的源代码文件包里缺少文件,我下载打开一看果真如此,实在惭愧之极啊,现请更新过来,您现在将要下载的是更新后没有问题的源代码。
利用蓝牙(Bluetooth) APIs 编写的多种方式进行蓝牙设备查找、服务发现启动,蓝牙虚拟串口的通信,支持16进制和字符串两种方式。
你可以任意修改复制本代码,但请保留这段文字不要修改。
希望我能为中国的软件行业尽一份薄力!
◆◆◆ 作者 ◆◆◆
谢红伟 · chrys · chrys@163.com · http://www.viction.net
◆◆◆ 日期 ◆◆◆
2008年06月24日 17点11分-Many netizens said that a letter from the reaction before the release of source code files bag lack of paper, I download what we can see in the case, it is extremely ashamed ah, please update them, you will now have to download the update no problem with the source code. Bluetooth (Bluetooth) APIs prepared a variety of ways to find Bluetooth device, service discovery start, Bluetooth virtual serial port communications, to support the 16-band and string in two ways. You can modify a copy of any code, but please do not modify this text retained. I hope I can fulfill China s software industry thin edge! ◆ ◆ ◆ ◆ ◆ ◆ Author谢红伟chrys chrys@163.com http://www.viction.net ◆ ◆ ◆ Date ◆ ◆ ◆ 2008 on 24 day 06 years 17 point 11 hours
Platform: |
Size: 110592 |
Author: 谢红伟 |
Hits:
Description: QQ游戏之对对碰外挂,
功能:
1.能够自动提示能够消除的对对碰
2.能够模拟鼠标自动消除
3.可以加快速度
4.自动开始
虽然此程序仅仅是一个小外挂,但也使用到了一些技术.
1.线程的使用
2.程序窗口查找
3.dll注入技术
4.api hook 技术
5.单进程全局热建钩子
6.不通过特定颜色判断相同方格的方法
7.模拟鼠标的两种方法,mouse_event(鼠标光标会移动)和PostMessaga(鼠标光标不移动)
8.文件捆绑和分解
-QQ games plug right right touch, function: 1. Can automatically prompted to eliminate the right right touch 2. Can be used to simulate the mouse automatically eliminate 3. Can accelerate the speed of 4. Automatically start this procedure although only a small plug-in, but also used to a number of technical .1. the use of 2 threads. 3.dll Find window injection technique 4.api hook technology 5. single process overall heat build hook 6. do not pass a specific color to judge the same way to the box 7. simulation of the two mouse methods, mouse_event (mouse cursor will move) and PostMessaga (mouse cursor does not move) 8. paper bound and decomposition
Platform: |
Size: 150528 |
Author: 明 |
Hits:
Description: 一个dll注入的源代码,通过找窗口句柄,HOOK,热键呼出封装在dll中的窗体-A dll into the source code through to find window handle, HOOK, exhaled hotkey is packaged in a form in dll
Platform: |
Size: 349184 |
Author: 我是人 |
Hits:
Description: ssdt钩子检测,利用查找ntkrnlpa.exe中导出的ssdt的起始地址和大小,比较实际的ssdt地址表中的内容,找出钩子-ssdt hook detection, the use of export ntkrnlpa.exe Find ssdt the start address and size, a more realistic ssdt address the contents of the table to find out hook
Platform: |
Size: 6144 |
Author: john smith |
Hits:
Description: Rootkit detector to find system hook and user code hooks, hidden driver, hidden files, hidden proccess.
Platform: |
Size: 22528 |
Author: sis-2kx |
Hits:
Description: 一般网上找到的都是需要Ring3传输需要补丁的地址过去...
002就是直接用最标准的方法进行SSDT定位以及修复的
支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook)
基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯
-Generally find on the Internet are required Ring3 address transmission needs a patch in the past ... 002 is the direct use of most standard approach to SSDT locate and repair support for multi-core systems, of course, 003 (add shadow ssdt hook), 004 (adding inline hook) is basically the recovery is now the most stable way, and we can use KMDLoader test. loaded on decoupling. does not require communication
Platform: |
Size: 515072 |
Author: 按时飞 |
Hits:
Description: 强制删除文件,无注入无驱动无hook,原理就是查找文件的锁定句柄,然后关闭句柄。-Force delete a file, no injection of non-driven non-hook, locking principle is to find the file handle, and then close the handle.
Platform: |
Size: 13312 |
Author: clzzy |
Hits:
Description: Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
Platform: |
Size: 102400 |
Author: __Genius__ |
Hits:
Description: Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle is to find the function by address jump. So long as the original forged an SSDT, you can make SSDT-HOOK invalid.
Platform: |
Size: 5120 |
Author: 何耀彬 |
Hits:
Description: Hook winsocks and redirect calls to where you want them to go..i am going to use this to make ypager.exe login to my own proxy to make clone of ytunnel..with out using the proxy settings built into meseger ..this is a powerfull tool..and hard to find ..i found this gem and wanted to share..now you can easly packet sniff any aplication that uses then net ..or redirect those anoying banner adds to goto somehere else-Hook winsocks and redirect calls to where you want them to go..i am going to use this to make ypager.exe login to my own proxy to make clone of ytunnel..with out using the proxy settings built into meseger ..this is a powerfull tool..and hard to find ..i found this gem and wanted to share..now you can easly packet sniff any aplication that uses then net ..or redirect those anoying banner adds to goto somehere else..
Platform: |
Size: 13312 |
Author: Mimi |
Hits:
Description: 本程序为天书奇谈起点专区辅助工具,内有自动战斗(调用游戏本身自动功能,可有效减少操作时间),人物一键加药,宠物一键加药,挂机采集这几个功能。
文件说明:
HH.exe为主程序(必要文件)
config.ini为配置文件(必要文件)
cjfb.edb为存放采集封包的数据(必要文件)
外挂作坊1.5-第六版.ec,Super-EC_3.0.ec,外挂海万能模块1.7贺岁版.ec三个为模块(只需要用工具的可以删除)
HH.e为易语言源码(只需要用工具的可以删除)
程序使用的易语言功能:
设置呼出窗口(线程钩子类)[超级模块免费版]
读配置项(ini配置文件操作)[易语言系统核心支持库]
创建线程(线程相关)[超级模块免费版](外挂作坊的也有,不过我用的是超级模块里面的)
安装send(拦截send)[外挂作坊1.5第六版]
安装recv(拦截recv)[外挂作坊1.5第六版]
send(发送封包)[外挂作坊1.5第六版]
字节集还原(把文本转成字节集)[外挂海万能模块]
取字节集指针[外挂作坊1.5第六版]
取字节集长度[易语言系统核心支持库]-Starting point for the bible adventures in this program area aids in automatic battle (the game itself is called automatic function, which can effectively reduce the operating time), a key figure dosing, dosing pet a key, hang up collecting these functions.
File Description:
HH.exe the main program (necessary documents)
config.ini is the configuration file (necessary documents)
cjfb.edb for storing collected data packets (necessary documents)
Plug-in 1.5-sixth edition of the workshop. Ec, Super-EC_3.0.ec, plug-in module 1.7 Hesuiban universal sea. Ec three for the module (just use the tool to remove)
HH.e for the easy language source code (just use the tool to remove)
Program easy to use language features:
Set outgoing window (thread hook type) [Super Module Free Edition]
Reading configuration item (ini configuration file operations) [core of the system easy language support library]
Create a thread (thread-related) [Super Module Free Edition] (there are also plug-i
Platform: |
Size: 1230848 |
Author: 邹志平 |
Hits:
Description: 使用微软件的detours的LIB库WinAPI函数监控,-AppWizard has created this DetourDll DLL for you.
This file contains a summary of what you will find in each of the files that
make up your DetourDll application.
Platform: |
Size: 151552 |
Author: 郑汉武 |
Hits:
Description: 信息隐藏亮点之一: 将rootkit作为资源隐藏于用户模式程序之中
亮点之二: 将这个用户程序代码作为生成密钥的引子,可以有效地防止逆向后,隐藏信息被纰漏,因为只有逆向后生成的
代码,跟原作者的代码丝毫不差,将来才能打开其隐藏至深的下载者链接及代码。
亮点之三:用一个固定的KEY,通过某种运算,产生出1024个密钥组成的数组。
然后用这个密钥组与用户代码进行运算,最终生成一个4字节的解码KEY。
利用解码KEY,在从加载到内存的驱动中,找出隐藏在其资源中的那份肮脏的
下载者代码及名单解析出来,返回用户程序,用户程序用它来做坏事,并且最后
还要把痕迹擦得一干二净。
亮点之四:修改idt 0e号中断,让他指向一个无效地址,从而在调试的时候让你蓝屏,起到
反调试的功能。-nformation hiding one of the highlights: the rootkit as a resource hidden in the user program into
Highlights of the two: the user code will be generated key as a primer, can effectively prevent the reverse, the hidden information is flawed, because only generated after reverse
Code, the code with the original author no less, to open its hidden deep in the future who download link and code.
Highlight three: with a fixed KEY, by some calculations, to produce an array of keys 1024.
Then use this key group and the user code operation, and ultimately generate a 4-byte decoding KEY.
By decoding KEY, loaded into memory from the drive, find hidden in their share of dirty resources
The list of those who download the code and parse out and return the user program, the user program to do bad things with it, and finally
But also to trace polished completely.
Highlights of the four: No change idt 0e interrupted, so that he points to an invalid address, so when debugging your blue s
Platform: |
Size: 11264 |
Author: wu |
Hits:
Description: delphi hook内存读写,可以拦截其他程序的读写操作以及读写数据,比如有些外挂可以用此工具找出他对游戏的具体操作,从而自己可以写一个功能和他一样的外挂出来-delphi hook memory read and write, can intercept and read and write operations of other programs to read and write data, for example, some plug-in can use this tool to find out his specific operation of the game, so they can write a function like him out of the plug-in
Platform: |
Size: 48128 |
Author: wangyong |
Hits:
Description: Hook 了以下函数:
NtUserFindWindowEx FindWindow
NtUserGetForegroundWindow GetForegroundWindow
NtUserQueryWindow GetWindowThreadProcessId
NtUserWindowFromPoint WindowFromPoint
NtUserBuildHwndList EnumWindows
NtUserSetWindowLong SetWindowLong
经XP/Win 2003/Vista/Win7测试可用. 获取ShadowTable表的方法是自己调试出来的玩意,不太清楚稳定性.
-Hook the following functions: NtUserFindWindowEx FindWindow NtUserGetForegroundWindow GetForegroundWindow NtUserQueryWindow GetWindowThreadProcessId NtUserWindowFromPoint WindowFromPoint NtUserBuildHwndList EnumWindows NtUserSetWindowLong SetWindowLong after XP/Win 2003/Vista/Win7 test available. Ways to get ShadowTable table out of their own debugging stuff, is not clear stability if the instability can go online to find a way to get ShadowTable.
Platform: |
Size: 384000 |
Author: TianSin |
Hits:
Description: 一个简单的系统钩子,代码是书上找的,经过修改调试,能在VC++6.0上执行。-A simple system hook, the code book to find a modified debugging can be performed in VC++6.0.
Platform: |
Size: 4540416 |
Author: ychl |
Hits:
Description: Hook KiFastCallEntry监控系统调用
这是一个监控特定进程系统调用的小程序,整理硬盘时找到的,发出来跟大家分享。原理很简单,通过hook KiFastCallEntry实现,很老的技术了。-The monitoring system Hook KiFastCallEntry call this is a small program to monitor specific process system calls, finishing hard disk when you find the issue to share with you. The principle is very simple, by hook KiFastCallEntry achieve very old technology.
Platform: |
Size: 176128 |
Author: ljh |
Hits: