Location:
Search - hook process
Search list
Description: 最近一段时间由于使用MinHook的API挂钩不稳定,经常因为挂钩地址错误而导致宿主进程崩溃。听同事介绍了一款智能强大的挂钩引擎EasyHook。它比微软的detours好的一点是它的x64注入支持是免费开源的。不想微软的detours,想搞x64还得购买。
EasyHook提供了两种模式的注入管理。一种是托管代码的注入,另一种是非托管代码的注入。我是学习C++的,所以直接学习了例子中的非托管项目UnmanagedHook。里面给了一个简单的挂钩MessageBeep API的示例(Due to the instability of API hooks using MinHook in the recent period, the host process crashes often because of the hook address error. Listen to a colleague introduced a powerful and powerful hook engine EasyHook. It's better than Microsoft's detours that its x64 injection support is free open source. Don't want Microsoft's detours, want to make x64 have to buy.
Well, the gossip does not say much, first download the EasyHook development library, of course, interested students can download the source for learning. Download address: http://easyhook.codeplex.com/releases/view/24401. This is the 2.6 version I gave.
EasyHook provides two patterns of injection management. One is the injection of managed code, and the other is the injection of unmanaged code. I was learning C++, so I learned directly from the unmanaged project UnmanagedHook in the example. It gives an example of a simple hook MessageBeep API)
Platform: |
Size: 181248 |
Author: 850980771
|
Hits:
Description: 通过挂钩api达到进程防杀的效果,同时还使用了hook,对于初学者来说帮助还是挺大的(Through the hook API to achieve the effect of the process of anti - killing, and the use of hook, for beginners to help still very large)
Platform: |
Size: 4096 |
Author: 雪山张小凡 |
Hits:
Description: c++ 内存加载Dll
特点如下:
直接在内存中载入,无磁盘占用
支持加壳保护的dll , 平时用的最多的vmp ,其它壳子还请自己测试
无模块载入, 因为重写了loadlibary ,如需要请自己注册
支持注入到目标进程,前提请先使用相应权限打开目标
对原代码的修改如下:
使用内联汇编将原 c/c++的库调用 代替, 使得 注入代码可行
支持直接使用资源加载和注入
支持加载exe ,请自行 hook 某些函数 ,确保exe 正确运行
加入inline 注入方式
代码少量加花, 确保编译器最大优化无误
注入的示例代码(The characteristics are as follows:
Directly loaded in memory, diskless occupancy
Support shell protection DLL, usually the most used VMP, please own other shell test
No module loading, because loadlibary is rewritten, if necessary, please register yourself.
Support injection into the target process. First, use the corresponding permission to open the target.
The modifications to the original code are as follows:
The intranet assembly is used to replace the library call of the original c/c++, so that the injected code is feasible.
Support direct use of resource loading and injection
Support loading exe, please hook some functions to ensure that exe is running correctly.
Adding inline injection
Small amount of code is added to ensure maximum error of compiler.
Sample code injected)
Platform: |
Size: 8192 |
Author: 轩轩轩 |
Hits:
Description: 跨进程HOOK MessageBoxA(Cross-process HOOK Message Box A)
Platform: |
Size: 880640 |
Author: 人生若如出遇见 |
Hits:
«
1
2
...
21
22
23
24
25
26»