Location:
Search - hook iat
Search list
Description: IATroot为一款以Hook IAT表中的输入函数为基础的一款RootKit,功能比较完整,其中自带一个Native API的开发库及源代码。-IATroot Hook to one to table the IAT input function-based one RootK it, more functional integrity, which own a Native API development libraries and source code.
Platform: |
Size: 867926 |
Author: onlyu |
Hits:
Description: 一个通过修改DLL文件的IAT表来实现的hook开发包源码-A DLL file by modifying the IAT table to achieve the hook development kit source
Platform: |
Size: 190464 |
Author: 站长 |
Hits:
Description:
1. 内容
2. 介绍
3. 挂钩方法
3.1 运行前挂钩
3.2 运行时挂钩
3.2.1 使用IAT挂钩本进程
3.2.2 改写入口点挂钩本进程
3.2.3 保存原始函数
3.2.4 挂钩其它进程
3.2.4.1 DLL注入
3.2.4.2 独立的代码
3.2.4.3 原始修改
4. 结束语-1. Content 2. Introduction 3. Linked to the former method of operation linked 3.1 3.2 Runtime 3.2.1 to enable linking IAT linked with the process of rewriting the point of entry 3.2.2 linked to the process of preserving the original function 3.2.3 3.2.4 linked to other DLL injection process 3.2.4.1 3.2.4.2 3.2.4.3 independent of the original code amendments changed four. Concluding remarks
Platform: |
Size: 11264 |
Author: flyfan |
Hits:
Description: 开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points.
Platform: |
Size: 200704 |
Author: 齐欢乐 |
Hits:
Description: api挂接的一段源代码,通过c++类来实现,你只要通过对象调用函数即可-api articulated section of the source code through c++ category to achieve, you need only call the function through the object can be
Platform: |
Size: 7168 |
Author: wangwei |
Hits:
Description: 使用系统IAT表查找要Hook的函数地址,然后进行挂钩。本代码Hook的是TextOut函数。-IAT table to find using the system to Hook a function of address, and then proceed to link. Hook this code is the TextOut function.
Platform: |
Size: 37888 |
Author: 骆爽 |
Hits:
Description: Rootkit IAT HOOK---利用内核共享内存实现IAT hook-Rootkit IAT HOOK--- realize the use of shared memory kernel IAT hook
Platform: |
Size: 39936 |
Author: rootkit |
Hits:
Description: API HOOK源码,自己写的,C++源码,使用的也是定位IAT表,获取需要HOOK的API,然后HOOK并处理~-API HOOK source, wrote it myself, C++ Source, the use of the IAT is also positioning table, access to the needs of HOOK the API, and then HOOK and processed ~
Platform: |
Size: 18432 |
Author: dylan |
Hits:
Description: 使用ROOTKIT技术,实现ITA HOOK-ITA_HOOK
Platform: |
Size: 256000 |
Author: rootkit |
Hits:
Description: IAT HOOK I just try to hook a api call with John Chamberlain s source code. The code works, but nothing happen when i call CreateProcess in an other application. Why
Platform: |
Size: 2048 |
Author: RDGMax |
Hits:
Description: 能够找出给种类型的系统Hook,包括IAT表,SSDT表等相关的钩子-VICE is a tool to find hooks.
Features include:
1. Looks for people hooking IAT s.
2. Looks for people hooking functions in-line aka detouring.
3. Looks for hooks in the System Call Table. Thanks to Tan perhaps it will fix the table in the future.
4. Looks for detour hooks in the System Call Table functions themselves.
5. Looks for people hooking IRP_MJ table in drivers. This is configurable by driver.ini.
Platform: |
Size: 67584 |
Author: 袁晓辉 |
Hits:
Description: 通过修改iat输入表来hook api,本例子实现如何去hook非静态调用的api-Iat table by modifying the input to hook api, the example of the realization of how to hook the api call non-static
Platform: |
Size: 3712000 |
Author: 李泽球 |
Hits:
Description: Sample for how to hook IAT table
Platform: |
Size: 31744 |
Author: trumken |
Hits:
Description: 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-hook, idt-hook, int 2e/sysenter-hook 3. Inline Function Hook
Platform: |
Size: 14336 |
Author: lee |
Hits:
Description: this is a simple IAT Hook Dll , whick hooks function send in ws2_32.d-this is a simple IAT Hook Dll , whick hooks function send in ws2_32.dll
Platform: |
Size: 2048 |
Author: 12usver12 |
Hits:
Description: 屏幕取词功能实现方法2 一个通过修改DLL文件的IAT表来实现的hook开发包源码--Screen Translation Method 2 to achieve a functional DLL file by modifying the IAT table to achieve the hook development kit source code-
Platform: |
Size: 172032 |
Author: py |
Hits:
Description: Delphi IAT Hook API(沒使用到Dll,我打算用CreateRemoteThread來實現Hook,可以說還沒完成)-Delphi IAT Hook API
Platform: |
Size: 357376 |
Author: asd |
Hits:
Description: 对所有hook技术进行封装,如inline hook iat hook等
Platform: |
Size: 6240 |
Author: 1099850078@qq.com |
Hits:
Description: 通过分析PE文件格式,修改函数入口点,实现IAT HOOK-By analyzing PE file format, modify the function entry points, for IAT HOOK
Platform: |
Size: 118784 |
Author: YQH |
Hits: