Location:
Search - hook driver
Search list
Description: 原理 1 截取屏幕,从而取得方块数据,然后搜索算法. 2 通过鼠标键盘钩子发送消息来消去. 3 腾讯反外挂作的很牛,连连看程序在接到鼠标点击消息的同时从驱动层判断有没有 点击消息,所以把0x00403291地址的内存锁定为0x00就可以让腾讯的凡外挂系统失效。 4 在消除过程中因为烟雾等特效的影响,中途按F9键分析结果很可能错误,谁有办法 解决这个问题一定要告诉我啊! 最好能取消动画特效,直接消去. 5 因为时间仓促,利用周末匆匆写完这个程序,所以代码极不规范,还请大家谅解.-screen, thereby obtaining the data block, then search algorithm. 2 hook through a mouse and keyboard to send messages eliminated. Tencent three anti - pylon for the very cattle, in the 1000 block of Terry Avenue procedures mouse clicks received information from the driver layer judgment has to click on, and hence to 0x00403291 the site of the 0x00 memory lock on the Tencent allow any external system failure. 4 in the elimination process because of the effects of smoke and other effects, halfway by F9 key results of the analysis may mistake, who has a solution to this problem must tell me ah! The best animation effects can be canceled, direct elimination. 5 because of the limited time, finished a weekend rush this process, substituting yards were highly irregular, please understanding.
Platform: |
Size: 218456 |
Author: 地地地 |
Hits:
Description: 基于费尔的Ndis Hook技术的网络监控系统 目录列表: TGuard 应用程序目录 TGuard_sys For 2k的驱动程序 Release 存放应用程序 Def 应用程序和驱动共用的一个定义文件 Tools 工具 安装: 将.sys文件放到\\windows\\system32\\driver目录下,导入Tools目录中installHook.reg,重启. 注意点: 支持winRoute,Winxp带的ics共享,isa Server, 不支持sygate. 对网卡无限制.-Ndis Hook Technology Network Monitoring System directory listings : TGuard application directory TGuard_sys For 2k Driver Release storage applications Def applications and drive a shared definition document Tools installation tool :. Sys documents into \\ windows \\ system32 \\ driver directory, import Tools directory installHook.reg restart. attention : winRoute support, with the ICs Winxp sharing, isa Server, does not support Sygate. NIC unrestricted right.
Platform: |
Size: 506906 |
Author: 孙卫平 |
Hits:
Description: 这是网络版的Rip版,版本号为2.1,基于费尔的Ndis Hook技术.
相比正式版,除了去掉了无关紧要的注册和升级,其余一字未改.
目录列表:
TGuard 应用程序目录
TGuard_sys For 2k的驱动程序
Release 存放应用程序
Def 应用程序和驱动共用的一个定义文件
Tools 工具
从Ndis Hook技术改为基于DDK带的passthru.-This is the Internet version of Rip version, version 2.1, Based on the Fil Ndis Hook technology. compared to the official version, in addition to expelling irrelevant to the registration and upgrading, the rest of the word etched. directory listings : TGuard application directory TGuard_sys For 2k driver retention Release Fang applications Def applications and drive a common definition files from the Tools Tools Ndis Hook DDK-based technology to bring the passthru.
Platform: |
Size: 507563 |
Author: cdw |
Hits:
Description: 该代码为我学习winnt内核时所写,主要功能是在ring3下通过DeviceIoControl与驱动进行通信,获取内核的数据以及sdt,idt信息等。并实现了hook NtQuerySystemInformation函数来实现进程隐藏的功能-The code for the kernel, I am learning winnt wrote, Its main function is in ring3 through DeviceIoControl communication with the driver. access to the kernel and sdt data, the information loop. And the achievement of the hook function to achieve NtQuerySystemInformation implicit process possession of the function
Platform: |
Size: 55181 |
Author: 左手 |
Hits:
Description: Filter-Hook Driver防火墙程序设计,用vc编制对从事网络安全工作的同事有重要的帮助.-Filter-Hook Driver firewall program design, with vc the preparation work of colleagues in network security are important to help.
Platform: |
Size: 2952192 |
Author: 陈勇 |
Hits:
Description: hook ssdt的驱动的实现,隐藏进程。-hook driver
Platform: |
Size: 701440 |
Author: 张继辉 |
Hits:
Description: 可将系统允许的数据通过该防火墙,而将其他的信息过滤掉-The data can allow the system through the firewall, and other information will be filtered out
Platform: |
Size: 3570688 |
Author: 李平 |
Hits:
Description: API钩子系统一般框架
通常,我们把拦截API的调用的这个过程称为是安装一个API钩子(API Hook)。一个API钩子基本是由两个模块组成:一个是钩子服务器(Hook Server)模块,一般为EXE的形式;一个是钩子驱动器(Hook Driver)模块,一般为DLL的形式。
钩子服务器主要负责向目标进程注入钩子驱动器,使得钩子驱动器运行在目标进程的地址空间中,这是关键的第一步,而钩子驱动器则负责实际的API拦截处理工作,以便在我们所关心的API函数调用的之前或之后能做一些我们所希望的工作。一个比较常见的API钩子的例子就是一些实时翻译软件(像金山词霸)中必备的的功能:屏幕抓词。它主要是对一些Win32 API中的GDI函数进行了拦截,获取它们的输入参数中的字符串,然后在自己的窗口中显示出来。
针对上述关于API钩子的两个部分,有以下两点需要我们重点考虑的: 选用何种DLL注入技术,以及采用何种API拦截机制。
本篇文章来源于 黑基网-中国最大的网络安全站点 原文链接:file:///C:/Documents 20and 20Settings/jingtianzi/桌面/最新资料/黑客编程:hook系统函数-学院-黑基网.mht-General framework for API hook system
Usually, we called this process intercept API calls is to install an API hook (API Hook,). An API hooks basically consists of two modules: one is the hook server (Hook, Server) module, generally in the form of EXE a hook drive (Hook Driver) module, generally in the form of a DLL.
Hook server is mainly responsible to the target process inject hook driver device, hook-driven devices running on the target process address space, a critical first step, while the hook-driven device is responsible for the actual API to intercept processing so that in we are concerned with API functions before or after the call to do something we want. Example of a common API hook is some real-time translation software (such as necessary.) Function: screen grab word. It is mainly to intercept some of the Win32 API GDI functions to obtain the string in the input parameters, and then displayed in its own window.
For the two parts of the API hook, the following two ke
Platform: |
Size: 555008 |
Author: 刘永 |
Hits:
Description: 易语言驱动源码模版.对ssdt hook 的处理-Yi language driver source code templates. SSDT hook handle
Platform: |
Size: 6144 |
Author: 月下 |
Hits:
Description: 易语言 ssdt shadow hook 保护窗口,挂钩多个函数,兼容X86 XP~2008所有32位操作系统。包含调用和驱动源代码,使用sys边源包可编译-The easy language ssdt shadow hook Protection window, linked to more than one function, compatible with X86 XP ~ 2008 all 32-bit operating system. Contains call and driver source code can be compiled to use sys side source package
Platform: |
Size: 384000 |
Author: 学俊 |
Hits:
Description: 驱动级键盘钩子所用的源代码,对需要做键盘钩子有帮助。-Dynamic library for keyboard hook driver source code, the need for keyboard hook to help.
Platform: |
Size: 139264 |
Author: chenlx |
Hits:
Description: VC++ 驱动层Hook系统内核调用 VC++ driver Hook kernel system call VC++ driver Hook kernel system ca-VC++ driver Hook kernel system call
Platform: |
Size: 77824 |
Author: 刘杰 |
Hits:
Description: 通过对本文的学习,可以深刻了解NDIS技术,在分析介绍网络驱动程序的基础上,提出了一种基于NDIS技术实现防火墙
驱动程序的方法。它无需重新启动操作系统就能生效,由于它
工作在网络层,可以对所有进出计算机的数据包进行过滤,因此可以更方便有效地保护用户信息安全。-: In the analysis introduced+-./01 (2 34 platform network drivers on the basis of proposed based on the 56789//: technology Firewall Driver. Existing 56789-based//: driver design methods, it does not need to restart the operating system will be able to take effect, because it works at the network layer, all out of the computer packet filtering, so you can more easily and effectively protect user information security.
Platform: |
Size: 111616 |
Author: 123 |
Hits:
Description: hook 登陆器 在游戏没加载驱动保护的瞬间 注入外挂dll 安全稳定注入d-instant hook landers in the game did not load the driver dll plug-injection protection
Platform: |
Size: 1406976 |
Author: 王鹏飞 |
Hits:
Description: This driver is designed to collect metadata about securable objects such as
// Process, File, Event, and Section objects. The metadata is used to construct
// a chronological object log which conveys information about object definitions
// and uses. When an object is defined or used, metadata is logged about the
// environment in which the object is created including the security context,
// call stack, object name information, and the security descriptor assigned to
// the object.
-This driver is designed to collect metadata about securable objects such as
// Process, File, Event, and Section objects. The metadata is used to construct
// a chronological object log which conveys information about object definitions
// and uses. When an object is defined or used, metadata is logged about the
// environment in which the object is created including the security context,
// call stack, object name information, and the security descriptor assigned to
// the object.
//
Platform: |
Size: 1446912 |
Author: maysam |
Hits:
Description: windows冲在内核 hook ntopenproce-hook ntopenprocess windows reloadkernel
Platform: |
Size: 3072 |
Author: Xavier |
Hits:
Description: hook硬盘序列号的驱动,支持win7、xp、2000等操作系统-support win7 system
Platform: |
Size: 98304 |
Author: my name |
Hits:
Description:
基于WFP模型的网络防火墙设计实现
WFP(Windows Filter Platform)是为网络过滤应用开发平台提供支持的API和系统服务的集合。WFP允许开发者编写代码和操作系统的网络协议栈
交互。网络数据可以在到达目的地之前被过滤和修改。通过提供简单的开发平台,WFP被用于取代以前的TDI过滤,NDIS过滤,以及LSP(Winsock
Layered Service )。在Visita及以后的系统火墙钩子,过滤钩子驱动将不再适用。
-Model-based network firewall designed to achieve WFP WFP (Windows Filter Platform) is a collection that provides support for network filtering application development platform API and system services. WFP allows developers to write interactive network protocol stack and operating system code. Network data can be filtered and modified before reaching the destination. By providing a simple development platform, WFP is used to replace the previous TDI filter, NDIS filter, and LSP (Winsock Layered Service). Visita systems in and beyond the firewall hook, the filter hook driver will no longer apply.
Platform: |
Size: 350208 |
Author: 注册会员 |
Hits:
Description: // NtDeviceIoControlFile的HOOK函数
// ws2_32.dll的send , recv最终会调用到mswsock.dll内的数据发送函数
// mswsock.dll会调用NtDeviceIoControlFile向TDI Client驱动发送Send Recv指令
// 我们在这里做拦截,可以过滤所有的TCP 收发包(UDP之类亦可,不过要更改指令)
// Hook mswsock.dll导出表的Ntdll!NtDeviceIoControlFile
// 并过滤其对TDI Cilent的请求来过滤封包
// 稳定,隐蔽,RING3下最底层的包过滤~(HOOK / NtDeviceIoControlFile function
Ws2_32.dll / send, recv will call to the data transmitting function in mswsock.dll
/ / mswsock.dll will call the NtDeviceIoControlFile to the TDI Client driver sends the Send Recv command
Here we do / / intercept, can filter all receive TCP packets (like UDP but also to change the directive)
Mswsock.dll / / Hook export table Ntdll! NtDeviceIoControlFile
And the request of TDI / / Cilent filter to filter packets
/ / stability, concealment, packet filtering at the bottom of the RING3.)
Platform: |
Size: 2048 |
Author: q1356047
|
Hits:
Description: 用于对指定设备驱动的信息分发调用序列的记录。(Driver's Dispatch Routines Hooking
The driver allows you to log dispatch routines calls (and their relative sequence) for given device object(s).)
Platform: |
Size: 15360 |
Author: jun888jun888 |
Hits: