Description: 我在XP下用过detour,也是用钩子将dll注入到其他进程进行API拦截,当时拦截的是 ShowWindow以及文件操作的一些API,感觉没什么问题阿.你可以先用Detour拦截一下其他的API试试,比如 CreateProcess,这个API我拦截过,Detour能拦截的
-I used the XP detour. also used to hook dll injected into other processes API interception, then intercept the ShowWindow and some file manipulation API, A feeling no problems. You can use Detour to intercept a few other API try. For example CreateProcess, I intercept the API that can intercept the Detour Platform: |
Size: 2312 |
Author:byron |
Hits:
Description: 如果您对IE4.0熟悉的话,你将知道在Internet Settings高级设置中有一个选项:“在新的进程中浏览(英文:Browse in a New Process)”,如果你把它前面的对钩去掉,然后运行IE,并打开任务管理器查看所有进程,你将会发现没有新的IExplorer.exe进程出现。反之,则新的IExplorer.exe进程出现。
当我们需要许多数据在程序实例之间共享的时候,这种能使多个实例运行在同一个进程空间的程序是非常有用的。它的实现很简单,众所周知,启动任何一个应用程序有两种途径,要么通过浏览器要么通过API调用诸如CreateProcess。首先侦察特定的窗口类是否存在,如果不存在,就创建一个新的窗口类,如果存在,那么使最近创建的进程发送一个消息到已存在的窗口,并使新近运行的实例窗口处于激活状态,先前的程序实例将启动一个单独的线程。
在此示例中,作者采用了一个MFC MDI程序,即使有多个程序实例在运行,任务管理器或者进程查看器(Process Viewer)将只会显示一个进程,当如果用WINDOWS自带程序SPY++查看,您将会发现该进程拥有许多线程,并且不同的MDI窗口集合分别属于不同的线程-seemed familiar with the case, You will know that the Internet Advanced Settings, there is a choice : "In the new process here (in English : Browse in a New Process)" If you put it right in front of the hook removed, and then run IE, and open the Task Manager View all process, You will find no new IExplorer.exe process. Instead, the new IExplorer.exe process. When we needed the procedure much of the data shared between the examples, This can run multiple instances of a process in the same space procedure is very useful. It is very simple to achieve, as we all know, launching an application of any two channels either through the browser or through API calls such as CreateProcess. First reconnaissance particular window class existence, if they do not exist, create a new window type Platform: |
Size: 47300 |
Author:苏语 |
Hits:
Description: 如果您对IE4.0熟悉的话,你将知道在Internet Settings高级设置中有一个选项:“在新的进程中浏览(英文:Browse in a New Process)”,如果你把它前面的对钩去掉,然后运行IE,并打开任务管理器查看所有进程,你将会发现没有新的IExplorer.exe进程出现。反之,则新的IExplorer.exe进程出现。
当我们需要许多数据在程序实例之间共享的时候,这种能使多个实例运行在同一个进程空间的程序是非常有用的。它的实现很简单,众所周知,启动任何一个应用程序有两种途径,要么通过浏览器要么通过API调用诸如CreateProcess。首先侦察特定的窗口类是否存在,如果不存在,就创建一个新的窗口类,如果存在,那么使最近创建的进程发送一个消息到已存在的窗口,并使新近运行的实例窗口处于激活状态,先前的程序实例将启动一个单独的线程。
在此示例中,作者采用了一个MFC MDI程序,即使有多个程序实例在运行,任务管理器或者进程查看器(Process Viewer)将只会显示一个进程,当如果用WINDOWS自带程序SPY++查看,您将会发现该进程拥有许多线程,并且不同的MDI窗口集合分别属于不同的线程-seemed familiar with the case, You will know that the Internet Advanced Settings, there is a choice : "In the new process here (in English : Browse in a New Process)" If you put it right in front of the hook removed, and then run IE, and open the Task Manager View all process, You will find no new IExplorer.exe process. Instead, the new IExplorer.exe process. When we needed the procedure much of the data shared between the examples, This can run multiple instances of a process in the same space procedure is very useful. It is very simple to achieve, as we all know, launching an application of any two channels either through the browser or through API calls such as CreateProcess. First reconnaissance particular window class existence, if they do not exist, create a new window type Platform: |
Size: 47104 |
Author:苏语 |
Hits:
Description: 这是一个运行在Windows CE上的API监测工具,可以HOOK系统API,当前Hook了CreateFile, CreateProcess, Loadlibary函数,用户可以很方便的添加自己希望Hook德函数-This is a run on Windows CE on the API monitoring tool, you can HOOK system API, the current Hook the CreateFile, CreateProcess, Loadlibary function, users can easily add your own hope Tak Hook function Platform: |
Size: 4239360 |
Author:ChenMin |
Hits:
Description: 这个是一个全局钩子,挂钩CreateProcess 函数,可以监控系统内所有启动的程序-This is a global hook, hook CreateProcess function, the system can monitor all programs launched Platform: |
Size: 343040 |
Author:多萨 |
Hits:
Description: 本程序可以自动获取公网IP然后上传到指定网络地址空间上,而且支持和本机IP变动同步更新IP数据上传到地址空间,开机自动运行,全局快捷键。
本程序是适应中国动态IP而制作,假如有人想在自己机器上架设服务器,但IP是动态的 也就是IP会经常变动,但本程序可以实现IP动态绑定,从而给用户感觉是静态IP的感觉。
本程序在运行中会自己生成一个网页(包含本机IP),上传到指定的网络地址空间,当用户在网络上浏览该网页 该网页会自动转向到本机IP,这一切的一切都是程序自动完成。用户只需要进行简单的网络地址空间设定。
还有一点就是 必须有自己的网络地址空间。:)
本程序运用到 SETTIMER HOOK REG 等相关知识。比如 SetWindowsHookEx RegOpenKey RegQueryValueEx Process32First SHGetFileInfo CreateProcess 等函数。 -The program can automatically obtain the public network and then uploaded to the specified network IP address space, but also support and synchronized changes in the local IP data uploaded to the IP address space, to start automatically, the global shortcut keys.
This procedure is to adapt to the dynamic IP that is made in China, if someone wants to set up servers on their machine, but the IP is dynamic, that is, IP will change frequently, but the program can be IP dynamic binding, giving the impression that the static IP of the user feeling.
The program is running on their own to generate a page (containing the local IP), uploaded to the specified network address space on the network when users visit the page that page will automatically turn to the local IP, that everything is automatically completed. Users need only a simple set of network address space.
Another point that must have its own network address space. :)
This procedure applied to the SETTIMER HOOK REG and Platform: |
Size: 16384 |
Author:峰回路转 |
Hits:
Description: visual c++ hook createprocess.监控进程 控制进程的运行,运用钩子技术,hook住createprocess,很适合学习。-visual c++ hook createprocess. monitor the operation of the process control process, the use of hook technology, the hook to live createprocess, very suitable for learning. Platform: |
Size: 6144 |
Author:古意 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,杀进程、杀线程、卸载模块等功能
2.内核驱动模块查看,支持内核驱动模块的内存拷贝
3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、Classpnp、Atapi、Acpi、SCSI、IDT、GDT信息查看,并能检测和恢复ssdt hook和inline hook
4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除
5.端口信息查看,目前不支持2000系统
6.查看消息钩子
7.内核模块的iat、eat、inline hook、patches检测和恢复
8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除(1. process, thread, process module, process window, process memory information view, kill process, kill thread, unload module and so on
2. kernel driver module view, support the memory module of the kernel driver module
3.SSDT, Shadow, SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT, information view, and can detect and restore SSDT, hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego and other Notify Routine information view, and support for the deletion of these Notify Routine
5. port information, currently 2000 systems are not supported
6. view message hook
7. kernel module of IAT, eat, inline, hook, patches detection and recovery
8. disk, volume, keyboard, network layer filter driver detection, and support deletion) Platform: |
Size: 6559744 |
Author:aa77ss55dd
|
Hits:
Search - hook createprocess