Location:
Search - hook process
Search list
Description: 这个是本人上传的EXE所须的DLL,他是一个全局的钩子监视指定的API,捎做修改就是一个进程主入的东西-this is the upload EXE required DLL, He is a common hook surveillance designated API, because we do is a process of change into the main things
Platform: |
Size: 7168 |
Author: 于军亮 |
Hits:
Description: 驱动层Hook系统内核调用的,拦截对进程的操作的源码,提供7步tutorial,步步为营,教学驱动编程的绝好样例-Hook-driven system kernel called the interception of the process of operation of the source. provide seven-step tutorial and step-by-step business, teaching driven programming excellent example
Platform: |
Size: 251904 |
Author: 诚然 |
Hits:
Description: 文件监测钩子
注入DLL使用的是 CreateRemoteThread 跨进程建立对DLL 的加载-document monitoring hook into DLL using the inter-process CreateRemoteThread establish the right DLL loading
Platform: |
Size: 31744 |
Author: zhouyan |
Hits:
Description: 我在XP下用过detour,也是用钩子将dll注入到其他进程进行API拦截,当时拦截的是 ShowWindow以及文件操作的一些API,感觉没什么问题阿.你可以先用Detour拦截一下其他的API试试,比如 CreateProcess,这个API我拦截过,Detour能拦截的
-I used the XP detour. also used to hook dll injected into other processes API interception, then intercept the ShowWindow and some file manipulation API, A feeling no problems. You can use Detour to intercept a few other API try. For example CreateProcess, I intercept the API that can intercept the Detour
Platform: |
Size: 2048 |
Author: byron |
Hits:
Description: 如何安装钩子过程,如何编写全局钩子,动态连接库里的全局变量数据共享问题分析。ADO数据库编程。在VB中利用ADO控件和ADO对象访问数据库,在VC中利用ADO技术访问数据库。-process of how to install the hook, how to compile the overall hook. Dynamic Link 13-17 global variable data sharing analysis. ADO database programming. In VB using ADO and ADO Object Access database, the use of the VC ADO access to the database.
Platform: |
Size: 159744 |
Author: zhou |
Hits:
Description: LINUX系统调用mlock的代码分析,在LINUX中,每一个用户进程都可以访问4GB的线性虚拟内存空间。其中从0到3GB的虚拟内存地址是用户空间,用户进程可以直接对其进行访问。从3GB到4GB的虚拟内存地址为核心空间,存放仅供核心态访问的代码和数据,用户进程不可访问。当用户进程通过中断或系统调用对其访问时,就会触发处理器的特权级转换(从处理器的特权级3切换到特权级0),即从操作系统的用户态切换到核心态。-Linux system call mlock code analysis, LINUX, Each user process can visit the linear 4 GB of virtual memory space. Them from 0-3 GB of virtual memory address space users, users can direct the process of their visit. From 3 GB to 4 GB of virtual memory address space at the core, the core is for storing state visit to the code and data user process can not visit. When the user through the process of interruption or system call their visit, Processor will trigger the conversion privilege level (from the privileged class processors switched to the three-level privileges 0), from the operating system users switched to the core state.
Platform: |
Size: 114688 |
Author: liyu |
Hits:
Description: "process wide":
some demos about hooking APIs/code in your own process
OS independent
"system wide":
several demos about system wide API hooking (using hook dlls)
OS independent
"system wide - win9x only":
one demo which shows a special system wide hooking method
win9x only
-"wide process" : some demos about hooking APIs/code in your own p rocess OS independent "system wide" : several demos about system wide API hooking (us ing hook dlls) OS independent "system wide-win 9x only ": one demo which shows a special system wide hooki Vi only method win9x
Platform: |
Size: 1070080 |
Author: 万俟雅言 |
Hits:
Description:
1. 内容
2. 介绍
3. 挂钩方法
3.1 运行前挂钩
3.2 运行时挂钩
3.2.1 使用IAT挂钩本进程
3.2.2 改写入口点挂钩本进程
3.2.3 保存原始函数
3.2.4 挂钩其它进程
3.2.4.1 DLL注入
3.2.4.2 独立的代码
3.2.4.3 原始修改
4. 结束语-1. Content 2. Introduction 3. Linked to the former method of operation linked 3.1 3.2 Runtime 3.2.1 to enable linking IAT linked with the process of rewriting the point of entry 3.2.2 linked to the process of preserving the original function 3.2.3 3.2.4 linked to other DLL injection process 3.2.4.1 3.2.4.2 3.2.4.3 independent of the original code amendments changed four. Concluding remarks
Platform: |
Size: 11264 |
Author: flyfan |
Hits:
Description: 自己写的API-Hook。hook的函数是CreateProcessA和CreateProcessW。就是说可以检测进程创建。还有2处不完善。一个是创建程序的路径没能很好的显示。另一个退出时有点系统异常。-himself wrote the API- Hook. The hook function is CreateProcessA and CreateProcessW. Say can detect the creation process. There are two imperfect. One is to establish procedures for the path failed to show good. Another system to pull out a bit unusual.
Platform: |
Size: 142336 |
Author: 林风 |
Hits:
Description: 采用钩子所做的对Outlook Express增加工具按钮,OE与MS Outlook不同,不能使用插件的方法实现,本人开发的这个Hook程序是一个大系统的一部分改编的,有帮于对OE开发的朋友们。-done using the hook right Outlook Express tool to increase button OE with MS Outlook, may not be able to use the plug-in method. I Hook development of this process is a big part of the adaptation, to help in the development of OE friends.
Platform: |
Size: 338944 |
Author: 黄立波 |
Hits:
Description: 微软公司的拦截api开发包:
All Detours functions are compatible with all x86 version of Windows NT,
Windows 2000, and Windows XP. However, under Windows 95, Windows 98, and
Windows ME, the DetourFunction* APIS do not work unless the program is
running under a debugger (the process was created with the DEBUG_PROCESS flag
on the call to the CreateProcess* APIs). Since most programs are not typically
run under a debugger, the DetourFunction* APIs do not work for most programs
on Win9x platforms.-Microsoft's interception api development kits : All Detours functions are compatible with all x 86 version of Windows NT, Windows 2000, and Windows XP. However, under Windows 95, Windows 98 and Windows ME,* DetourFunction the APIS do not work unless the program is running under a debugger (the proces 's was created with the flag on the DEBUG_PROCESS call to the CreateProcess* APIs). Since most pr ograms are not typically run under a debugger. the DetourFunction* APIs do not work for most pr ograms on Win9x platforms.
Platform: |
Size: 529408 |
Author: 摩尔 |
Hits:
Description: 使用线程插入的键盘记录.可以在进程管理器中隐藏.-use of the keyboard thread insert records. In the process managers concealed.
Platform: |
Size: 26624 |
Author: lweorj |
Hits:
Description: 通过hook的方式的方式来写内存的例子:通常这一技术使用在外挂和内存注册机中,对初学hook的朋友有一定价值-hook through the modalities of the way to write the memory examples : Typically, the technology used in store and memory RI, on the hook when a friend has a certain value
Platform: |
Size: 90112 |
Author: Alan |
Hits:
Description: Visual.C++程序设计技巧与实例--配套光盘
第5章 消息映射与处理
本章共8个实例:
1. Mouse鼠标消息示例
2. KeyBoard键盘消息示例
3. Sender_Reveiver利用消息来实现内部进程通信
4. MouseHook鼠标钩子示例
5. SubClass通过子分类来重定向消息
6. SuperClass超分类示例
7. Test重载OnCmdMsg来截获和重定向消息
8. CmdFun使用命令范围来映射消息-Visual.C program design techniques and examples-- matching CD Chapter 5 news mapping and processing a total of this chapter 8 examples : 1. Mouse Mouse news two examples. Keyboard news KeyBoard three examples. Sender_Re veiver use of information to achieve internal process communication 4. MouseHook mouse hook examples 5. Su bClass adopted son classified information to redirect 6. SuperClass-seven examples of classification. Test Heavy OnCmdMsg to intercept and redirect news 8. CmdFun scope order to use mapping information
Platform: |
Size: 475136 |
Author: xixi |
Hits:
Description: 一个木马生成器,可盗取玩家登陆的游戏帐号 密码 游戏房间URL 随身钱数。无进程 通过80端口传递信息.主要是想让朋友们一起学习键盘钩子.老鸟就别看拉-a Trojan generator, landing the player can steal a game account passwords game rooms URL unaccompanied money. No process through 80 ports transmit information. The main aim is to make friends, learn the keyboard hook. Much Although on Rafah
Platform: |
Size: 1306624 |
Author: 林林 |
Hits:
Description: 实现令人满意的风格统一的软件界面确实很难, 象网友提到的MessageBox、FileDialog、FontDialog、目录选择对话框等MFC内部甚至系统DLL内的对话框,要想让它变脸可不容易。有人说HOOK技术可以,HOOK技术确实可以,HOOK可以说是无孔不入,但HOOK的使用效率却是令人难以满意的,从目前大多数采HOOK技术的换肤软件使用情况来看,完全可以证明这一点。今天我们将讨论另外一技术来实现FileDialog的变脸,这种技术叫替换窗口过程法-achieve satisfactory style reunification of the software interface is difficult. As netizen's MessageBox, FileDialog, FontDialog. Contents dialog, and other internal MFC DLL system even within the dialog box, in order to allow it faces no easy thing. Some say HOOK technology, the technology can really HOOK, HOOK can be said to be all-pervasive. However, the efficient use HOOK is unsatisfactory. from the most current mining technology HOOK skinnable software situation, we can prove this point. Today, we will discuss other technologies to achieve a FileDialog changing face of this technique is called window replacement process France
Platform: |
Size: 610304 |
Author: |
Hits:
Description: hHook 内核ntoskrnl sZwQuerySystemInformation隐藏任务管理器进程名-hHook kernel ntoskrnl sZwQuerySystemInforma tion task management device hidden from the process
Platform: |
Size: 172032 |
Author: 任晓枫 |
Hits:
Description: 获取其它进程中窗口的窗口过程
创建远程线程的方式,可以在其它进程内创建一个新的线程,并且可以指定这个线程的线程函数-access to other process window of the process of creating long-range window thread, in other processes to create a new thread, and can specify the function thread Thread
Platform: |
Size: 14336 |
Author: 张世民 |
Hits:
Description: 怎样让自己的程序进程不让别人强行关闭掉,拦截API函数,利用钩子拦截TerminateProcess这个API函数-how to let their own procedures process forced the closure of not allowing people to swap, intercepting API function, use the hook to intercept the TerminateProcess API
Platform: |
Size: 815104 |
Author: 无名 |
Hits:
Description: Hook编程。如何安装钩子过程,如何编写全局钩子,动态连接库里的全局变量数据共享问题分析。-Hook programming. How to install the hook process, how to compile the overall hook, 13-17 Dynamic Link global variable data sharing analysis.
Platform: |
Size: 31744 |
Author: huangzhifeng |
Hits:
«
1
2
3
45
6
7
8
9
10
...
26
»