Welcome![Sign In][Sign Up]
Location:
Search - hook CreateProcess

Search list

[Hook api在Windows 2003中HOOK ZwCreateProcessEx

Description: 工作需要,想控制进程的创建,于是HOOK了ZwCreateProcess,后来发现xp和2003中创建进程的都用NtCreateProcessEx-work needs to control the process of creation, then the ZwCreateProcess HOOK, later found xp 2003 and the process of creating both NtCreateProcessEx
Platform: | Size: 9216 | Author: | Hits:

[Windows Develop在Windows 2003中HOOK ZwCreateProcessEx

Description: 在Windows 2003中HOOK ZwCreateProcessEx 很不错的一篇文章啊!-A very good article of HOOK ZwCreateProcessEx in Windows 2003.
Platform: | Size: 8192 | Author: | Hits:

[Hook apiHook_NTCreateProcessEx

Description: NtCreateProcessEx(HookAPI)
Platform: | Size: 977920 | Author: Tiam | Hits:

[Hook apiXPhook

Description: 我在XP下用过detour,也是用钩子将dll注入到其他进程进行API拦截,当时拦截的是 ShowWindow以及文件操作的一些API,感觉没什么问题阿.你可以先用Detour拦截一下其他的API试试,比如 CreateProcess,这个API我拦截过,Detour能拦截的 -I used the XP detour. also used to hook dll injected into other processes API interception, then intercept the ShowWindow and some file manipulation API, A feeling no problems. You can use Detour to intercept a few other API try. For example CreateProcess, I intercept the API that can intercept the Detour
Platform: | Size: 2048 | Author: byron | Hits:

[Hook apiHookCreateProcess

Description: 自己写的API-Hook。hook的函数是CreateProcessA和CreateProcessW。就是说可以检测进程创建。还有2处不完善。一个是创建程序的路径没能很好的显示。另一个退出时有点系统异常。-himself wrote the API- Hook. The hook function is CreateProcessA and CreateProcessW. Say can detect the creation process. There are two imperfect. One is to establish procedures for the path failed to show good. Another system to pull out a bit unusual.
Platform: | Size: 142336 | Author: 林风 | Hits:

[Hook apihook_api_SDK

Description: 微软公司的拦截api开发包: All Detours functions are compatible with all x86 version of Windows NT, Windows 2000, and Windows XP. However, under Windows 95, Windows 98, and Windows ME, the DetourFunction* APIS do not work unless the program is running under a debugger (the process was created with the DEBUG_PROCESS flag on the call to the CreateProcess* APIs). Since most programs are not typically run under a debugger, the DetourFunction* APIs do not work for most programs on Win9x platforms.-Microsoft's interception api development kits : All Detours functions are compatible with all x 86 version of Windows NT, Windows 2000, and Windows XP. However, under Windows 95, Windows 98 and Windows ME,* DetourFunction the APIS do not work unless the program is running under a debugger (the proces 's was created with the flag on the DEBUG_PROCESS call to the CreateProcess* APIs). Since most pr ograms are not typically run under a debugger. the DetourFunction* APIs do not work for most pr ograms on Win9x platforms.
Platform: | Size: 529408 | Author: 摩尔 | Hits:

[Hook apigetpubips

Description: 本程序可以自动获取公网IP然后上传到指定网络地址空间上,而且支持和本机IP变动同步更新IP数据上传到地址空间,开机自动运行,全局快捷键。 本程序是适应中国动态IP而制作,假如有人想在自己机器上架设服务器,但IP是动态的 也就是IP会经常变动,但本程序可以实现IP动态绑定,从而给用户感觉是静态IP的感觉。 本程序在运行中会自己生成一个网页(包含本机IP),上传到指定的网络地址空间,当用户在网络上浏览该网页 该网页会自动转向到本机IP,这一切的一切都是程序自动完成。用户只需要进行简单的网络地址空间设定。 还有一点就是 必须有自己的网络地址空间。:) 本程序运用到 SETTIMER HOOK REG 等相关知识。比如 SetWindowsHookEx RegOpenKey RegQueryValueEx Process32First SHGetFileInfo CreateProcess 等函数。 -err
Platform: | Size: 18432 | Author: david | Hits:

[Hook apiPRMonitor

Description: 这是一个非常好的内核级HOOK API的例子,想看看效果里面的bin文件夹可以有编译好的程序,其中内核监视没有实现,进程和注册表监视已经完成。这个代码绝对可以成功编译,因为hookzwcreateprocess里的代码是驱动设备程序的,所以编译环境的设置比较复杂,所以在这个压缩包里也包含了一个小教程,教你去搭建vc 6.0中开发驱动设备程序的环境,并且带了个样本。声明:这个程序运行XP下,在2000下会造成蓝屏-This is a very good kernel-level HOOK API examples, I would like to look at the effects inside the bin folder can be compiled procedures, which did not materialize to monitor the kernel, processes and registry monitoring has been completed. This code is absolutely able to successfully compile, because the code is hookzwcreateprocess in process-driven equipment, so the compiler set up the environment more complex, so in this compression bag also contains a small tutorial to teach you to build in vc 6.0 device driver development program environment, and带了个samples. Statement: This program runs under XP, in 2000 will cause a blue screen
Platform: | Size: 81920 | Author: zhenbiao | Hits:

[Hook apiwithdll

Description: 利用Detour编写的一个截获createprocess的Demo,很有实用性,可以在进程启动的同时把你的DLL加载进去作你想作的-Detour prepared to use an intercepted CreateProcess the Demo, very practical, you can start the process at the same time to load into your DLL as you would like to make the
Platform: | Size: 3072 | Author: 郭亮 | Hits:

[OS programgetpubips

Description: 本程序可以自动获取公网IP然后上传到指定网络地址空间上,而且支持和本机IP变动同步更新IP数据上传到地址空间,开机自动运行,全局快捷键。 本程序是适应中国动态IP而制作,假如有人想在自己机器上架设服务器,但IP是动态的 也就是IP会经常变动,但本程序可以实现IP动态绑定,从而给用户感觉是静态IP的感觉。 本程序在运行中会自己生成一个网页(包含本机IP),上传到指定的网络地址空间,当用户在网络上浏览该网页 该网页会自动转向到本机IP,这一切的一切都是程序自动完成。用户只需要进行简单的网络地址空间设定。 还有一点就是 必须有自己的网络地址空间。:) 本程序运用到 SETTIMER HOOK REG 等相关知识。比如 SetWindowsHookEx RegOpenKey RegQueryValueEx Process32First SHGetFileInfo CreateProcess 等函数。
Platform: | Size: 16384 | Author: 金川 | Hits:

[File OperateIATHOOK

Description: IAT HOOK I just try to hook a api call with John Chamberlain s source code. The code works, but nothing happen when i call CreateProcess in an other application. Why
Platform: | Size: 2048 | Author: RDGMax | Hits:

[Hook apiCreateprocess

Description: 创建进程提醒,挂起恢复进程,是一个不错的程序,-Create a process to remind, hang recovery process, it is a good procedure,
Platform: | Size: 19456 | Author: 禁止进程创建 | Hits:

[Windows DevelopDNSGetPubIPs

Description: 本程序可以自动获取公网IP然后上传到指定网络地址空间上,而且支持和本机IP变动同步更新IP数据上传到地址空间,开机自动运行,全局快捷键。 本程序是适应中国动态IP而制作,假如有人想在自己机器上架设服务器,但IP是动态的 也就是IP会经常变动,但本程序可以实现IP动态绑定,从而给用户感觉是静态IP的感觉。 本程序在运行中会自己生成一个网页(包含本机IP),上传到指定的网络地址空间,当用户在网络上浏览该网页 该网页会自动转向到本机IP,这一切的一切都是程序自动完成。用户只需要进行简单的网络地址空间设定。 还有一点就是 必须有自己的网络地址空间。:) 本程序运用到 SETTIMER HOOK REG 等相关知识。比如 SetWindowsHookEx RegOpenKey RegQueryValueEx Process32First SHGetFileInfo CreateProcess 等函数。-This procedure can automatically obtain the public network and then upload it to a specific IP address space on the network, and support and the local IP changes in synchronization to update the data uploaded to the IP address space, boot automatically run, global shortcuts. This procedure is to adapt to dynamic IP and Chinese production, if someone wants to set up servers on their own machines, but the IP is dynamic IP is also often changes, but the program can achieve IP dynamic binding, which give users the impression that static IP s感觉. This procedure will be run at their own to generate a page (containing the local IP), upload it to a specific network address space, when a user in the network to visit the new homepage on the web page will be automatically shifted to the local IP, all of this all procedures for auto-complete. Users need only a simple set of network address space. Another point is that it must have its own network address space. :) This procedure applied to SETTIMER
Platform: | Size: 33792 | Author: 高军 | Hits:

[Hook apiHOOK_CreateProcess

Description: 一个拦截CreateProcess函数,不允许创建进程的程序例子!
Platform: | Size: 508928 | Author: 解寒瑜 | Hits:

[OS programHookCreateProcess

Description: API Hook,实现了对CreateProcess的挂钩,可以监视进程的创建。-API Hook, to achieve the linking of CreateProcess, you can create a monitoring process.
Platform: | Size: 5688320 | Author: 北冥之鱼 | Hits:

[OS programHookCreateProcess

Description: hook createprocess函数-hook createprocess function
Platform: | Size: 142336 | Author: 武林至尊 | Hits:

[Hook apiCreateProcess

Description: delphi 写的一个载获系统API的勾子 HOOK API CreateProcess -HOOK API CreateProcess
Platform: | Size: 2048 | Author: liyong | Hits:

[Hook apiCreateProcess_Inject

Description: CreateProcess注入dll,通过Hook CreateProcess来注入自己的d-Injected dll By CreateProcess
Platform: | Size: 2143232 | Author: 十年寒窗 | Hits:

[OS programXueTr

Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能   2.内核驱动模块查看,支持内核驱动模块的内存拷贝   3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook   4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除   5.端口信息查看,目前不支持2000系统   6.查看消息钩子   7.内核模块的iat、eat、inline hook、patches检测和恢复   8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除   9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: | Size: 3696640 | Author: 接收 | Hits:

[Hook apiHOOK-CreateProcess

Description: VC6编写,有调试程序和单独DLL文件,HOOK CreateProcess函数,加载后禁止程序,类似于Xuetr的禁止进程功能-HOOK CreateProcess function to prohibit the creation process
Platform: | Size: 2634752 | Author: | Hits:
« 12 »

CodeBus www.codebus.net