Location:
Search - hook register
Search list
Description: basic_hook_cr0,一个hook cro寄存器源代码,有很重要的参考价值-basic_hook_cr0, a hook tis Register source code, a very important reference value
Platform: |
Size: 3084 |
Author: freducn2002 |
Hits:
Description: basic_hook_cr0,一个hook cro寄存器源代码,有很重要的参考价值-basic_hook_cr0, a hook tis Register source code, a very important reference value
Platform: |
Size: 3072 |
Author: freducn2002 |
Hits:
Description: ring0--hook NtContinue+source_code
ring0下面hookNtContinue 使用drx7寄存器实现的hook
this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7)
so NtContinue called from ring3 cannot alter drX registers...
This hook will only PREVENT drX clearing from SEH (kiuser->ntcontinue)
and will not alter debugging using ring3 debuggers (olly->SetThreadContext)
mainly developed for personal reasearch and as anti-bpm...
Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll.dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =)
Its use for some targets such as armadillo... but never posted code...
by deroko-ring0- hook NtContinue+ source_codering0 use the following hookNtContinue register drx7 realize the hook this code hooks ntoskrnl! NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers ... This hook will only PREVENT drX clearing from SEH (kiuser-> ntcontinue) and will not alter debugging using ring3 debuggers (olly-> SetThreadContext) mainly developed for personal reasearch and as anti-bpm ... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll. dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo ... but never posted code ... by deroko
Platform: |
Size: 6144 |
Author: 张京 |
Hits:
Description: 本例子介绍如何用 IURLSearchHook 接口来定义自己的URL协议。当浏览器企图去打开一个未知协议的URL地址时,浏览器首先尝试从这个地址得到当前的协议,如果不成功,浏览器将创建在系统中注册的URL Search Hook对象并调用每一个对象的Translate方法,直到地址被转换或所有的URL Search Hook都尝试过。-This example describes how to interface with IURLSearchHook define your own URL protocol. When a browser attempts to open a URL address unknown protocol, the browser first of all try to get this address from the current agreement, if unsuccessful, the browser will create in the system register the URL Search Hook objects and call each object Translate method, until the address is converted or all of the URL Search Hook were tried.
Platform: |
Size: 34816 |
Author: pudncom12 |
Hits:
Description: 本例子介绍如何用 IURLSearchHook 接口来定义自己的URL协议。当浏览器企图去打开一个未知协议的URL地址时,浏览器首先尝试从这个地址得到当前的协议,如果不成功,浏览器将创建在系统中注册的URL Search Hook对象并调用每一个对象的Translate方法,直到地址被转换或所有的URL Search Hook都尝试过。
-This example describes how to interface with IURLSearchHook to define your own URL protocol. When a browser attempts to open a URL address unknown protocol, the browser first of all try to get this address from the current agreement, if unsuccessful, the browser will create in the system register the URL Search Hook objects and call each object Translate method, until the address is converted or all of the URL Search Hook were tried.
Platform: |
Size: 48128 |
Author: 李彬 |
Hits:
Description: 黑客技术
键盘记录
钩子,隐藏进程,注册系统服务
-Hook keyloggers hacking technology, hidden processes, system services register
Platform: |
Size: 58368 |
Author: 林冲 |
Hits:
Description: 适用MCU: TI MSP430 5XX
适用ucos-ii版本:2.86
编译环境:IAR4.11B
主要的工作:
在MICRIUM网站上430移植代码的基础上进行了修改:5XX系列PC寄存器为20位,堆栈的宽度仍为16位,因此在对PC和SR的压栈处理上做了修改;另外在汇编程序里调用HOOK函数的CALL XXX 改成 CALLA XXX
-Applicable MCU: TI MSP430 5XX applicable ucos-ii version: 2.86 build environment: IAR4.11B main work: 430 in the Micrium website transplantation based on the code was revised: 5XX series PC register for the 20, the width of the stack is still 16, so in the PC and the SR on the push to deal with modifications another call in the compilation of program HOOK function CALL XXX into CALLA XXX
Platform: |
Size: 250880 |
Author: 王动 |
Hits:
Description: linux2.6内核网络模块,可以注册为钩子函数丢包。-linux2.6 core network module, you can register for the hook function loss.
Platform: |
Size: 1024 |
Author: lxg |
Hits:
Description: VC++写的APIHook实例源代码,大致翻了一下,只挂引入表的函数,注入有SetWindowHookEx和CreateRemoteThread两种方式,进程枚举也区分了不同系统下使用的psai和toolhelp,另外为了获得Process的创建消息,做了一个驱动来注册回调函数,总的来说,在注入部分做得相当棒,如果想挂各种函数,可以结合detour使用。-VC++ to write the source code examples APIHook generally turned a bit, only linked to the introduction of the function table, there SetWindowHookEx and CreateRemoteThread into two ways, the process of enumeration to distinguish between the different systems are used psai and toolhelp, the other in order to obtain Process the creation of news, so a drive to register a callback function, in general, has done quite a part in the injection rod, if you want to hang a variety of functions can be combined with the use of detour.
Platform: |
Size: 71680 |
Author: Massachusetts |
Hits:
Description: “监视进线程创建”的功能,这个功能挺有用的,在用户模式下我们可以注册一个shell钩子来监视
-" Monitoring into thread creation" function, this function Tingyou used in user mode, we can register a shell hook to monitor
Platform: |
Size: 40960 |
Author: he |
Hits:
Description: SYSENETER是一条汇编指令,它是在Pentium® II 处理器及以上处理器中提供的,是快速系统调用的一部分。SYSENTER/SYSEXIT这对指令专门
用于实现快速调用。在这之前是采用INT 0x2E来实现的。INT 0x2E在系统调用的时候,需要进行栈切换的工作。由于Interrupt/Exception Handler的
调用都是通过 call/trap/task这一类的gate来实现的,这种方式会进行栈切换,并且系统栈的地址等信息由TSS提供。这种方式可能会引起多次内存访
问(来获取这些切换信息),因此,从PentiumII开始,IA-32引入了新指令:SYSENTER/SYSEXIT。有了这两条指令,
从用户级到特权级的堆栈以及指令指针的转换,可以通过这一条指令来实现,并且,需要切换到的新堆栈的地址,以及相应过程的第一条指令的位
置,都有一组特殊寄存器来实现,这类特殊寄存器在IA-32中称为MSR(Model Specific Register)。这里牵涉到3个特殊寄存器-SYSENETER is a compilation of instructions, it is in the Pentium ® II processor or above processor provided as part of a fast system calls. SYSENTER/SYSEXIT This specialized instruction
For fast calls. Before this is achieved using INT 0x2E. INT 0x2E in the system call when the work required to switch the stack. The Interrupt/Exception Handler s
Calls through call/trap/task to implement this type of gate, and in this way would be to switch the stack and system stack address and other information provided by the TSS. This approach may lead to memory access times
Q (to obtain the switching information), therefore, start from the PentiumII, IA-32 introduces a new command: SYSENTER/SYSEXIT. With these two instructions,
From the user level to privilege level of the stack and instruction pointer conversion, achieved through the instructions, and the need to switch to the new stack address, and the corresponding bits in the first instruction of the process
Home, there is a spec
Platform: |
Size: 30720 |
Author: wu |
Hits:
Description: 这个代码给我的感觉比本站以前发出的几个代码都要好,前面几个注重于界面.这个代码则注重于功能,主要使用了多线程处理技术,菜单脚本处理技术(即不使用控件即可显示ico图标).可以拦截TCP/UDP试图发送的连接请求,以及可以抓包分析.可以自定义要拦截的TP地址和要开放的IP地址,即自定义安全规则,同时可以详细显示TCP连接信息.总之这个代码所有的网络处理技术都使用了完全VB代码,没有使用任何第三方的控件.最主要的使用了无崩溃HOOK以及安全多线程技术,值得大家和我学习,希望有志于学习安全方面的网友进行再次包装,说不定有一款商业防火墙出世了,呵呵
压缩包中的mthreadvb.rar为安全多线程读取示例和源代码。使用时请先注册 MThreadVB.dll,同时把SubclassingSink.tlb加入引用。-This code gave me the feeling to be better than the previously issued on the site several code, the first few focus on the interface code for functionality, the main use of multithreading technology, the menu script processing technology (ie, do not use controls that can be displayed ico icon). intercept attempting to send TCP/UDP connection requests, and can capture analysis can customize want to block the TP address and want to open the IP address, that custom security rules, while detailed TCP connection information in short, all network processing technology use completely VB code does not use any third-party controls the most important use no crash HOOK and secure multi-threading technology, it is worth learning and I hope that those who want to learn safety aspects of users re-packaging, maybe a commercial firewall born, huh, huh compression package mthreadvb.rar read the examples and source code for secure multi-threaded. Please register MThreadVB.dll the same time Add Subclassi
Platform: |
Size: 496640 |
Author: 王鑫 |
Hits:
Description: 利用hook與register,鎖住Windows特殊功能鍵。
CTRL + ALT + DEL
ALT + TAB-Using hook and reg technique to unlock/lock windows special function keys.
Platform: |
Size: 30720 |
Author: 楊瑜 |
Hits:
Description: 魔域私服登录器源码带网关源码-魔域私服登录器源码带网关源码 源码-Moyu road register source with gateway source - moyu road register source with gateway source code source code
Platform: |
Size: 135168 |
Author: 西门庆 |
Hits:
Description: Hook for nfnetlink_queue to register its queue handler. We do this so that most of the NFQUEUE code can be modular.
Platform: |
Size: 3072 |
Author: cbwiucen |
Hits:
Description: 虚拟主机,也可以运行,需要注册组件,阿男脱机QQ挂机系统Asp v0.2-Virtual host, you can run, you need to register components Anan offline QQ hook system Asp v0.2
Platform: |
Size: 129024 |
Author: nyrsa |
Hits:
Description: 钩子代理函数,可以轻易的把钩子注册到相应的消息队列中-
Hook proxy function, you can easily register the hook to the corresponding message queue
Platform: |
Size: 23507968 |
Author: 翟强 |
Hits:
Description: 通过底层键盘钩子实现任意按键任意数量组合成热键,只要你愿意,可以注册如a+b,1+2+3,左ctrl+右ctrl等等形式,并且支持连击热键的注册(Through the bottom keyboard hook to achieve any key, any number of combinations of hot keys, as long as you want, you can register such as a+b, 1+2+3, left ctrl+, right Ctrl and so on, and supports the registration of combo hotkey)
Platform: |
Size: 9216 |
Author: 窗前雨
|
Hits:
Description: The Standby mode is used to achieve the lowest power consumption. The internal voltage regulator is switched off so that the entire 1.8 V domain is powered off. The PLL, the HSI RC and the HSE crystal oscillators are also switched off. After entering Standby mode, SRAM and register contents are lost except for registers in the Backup domain and Standby circuitry.
Platform: |
Size: 2890752 |
Author: Lloyd12
|
Hits:
Description: c++ 内存加载Dll
特点如下:
直接在内存中载入,无磁盘占用
支持加壳保护的dll , 平时用的最多的vmp ,其它壳子还请自己测试
无模块载入, 因为重写了loadlibary ,如需要请自己注册
支持注入到目标进程,前提请先使用相应权限打开目标
对原代码的修改如下:
使用内联汇编将原 c/c++的库调用 代替, 使得 注入代码可行
支持直接使用资源加载和注入
支持加载exe ,请自行 hook 某些函数 ,确保exe 正确运行
加入inline 注入方式
代码少量加花, 确保编译器最大优化无误
注入的示例代码(The characteristics are as follows:
Directly loaded in memory, diskless occupancy
Support shell protection DLL, usually the most used VMP, please own other shell test
No module loading, because loadlibary is rewritten, if necessary, please register yourself.
Support injection into the target process. First, use the corresponding permission to open the target.
The modifications to the original code are as follows:
The intranet assembly is used to replace the library call of the original c/c++, so that the injected code is feasible.
Support direct use of resource loading and injection
Support loading exe, please hook some functions to ensure that exe is running correctly.
Adding inline injection
Small amount of code is added to ensure maximum error of compiler.
Sample code injected)
Platform: |
Size: 8192 |
Author: 轩轩轩 |
Hits: