Location:
Search - hook.t
Search list
Description: Enclosed is MFC source code for a function which can be used to hook any imported function call which your application makes. Since most of the Win32 API is implemented using import functions in dlls, this means that you hook Win32 API calls. This is useful when for example you want to be called for every call to the file system (::CreateFile() & CloseHandle()) which your app makes. This example of hooking the file system calls your app makes could form the basis of code to ensure you do not have any handle leaks in your application. You could also use this code to spy on COM port activity in remote processes by injecting the DLL into the remote process. -MFC source code for a function w hich can be used to hook any imported function ca ll which makes your application. Since most of t he Win32 API is implemented using import functi ons in dlls. this means that you hook Win32 API calls. This is for example useful when you want to be called for every call to the file system (: : CreateFile ()
Platform: |
Size: 6252 |
Author: l |
Hits:
Description: 实现令人满意的风格统一的软件界面确实很难, 象网友提到的MessageBox、FileDialog、FontDialog、目录选择对话框等MFC内部甚至系统DLL内的对话框,要想让它变脸可不容易。有人说HOOK技术可以,HOOK技术确实可以,HOOK可以说是无孔不入,但HOOK的使用效率却是令人难以满意的,从目前大多数采HOOK技术的换肤软件使用情况来看,完全可以证明这一点。今天我们将讨论另外一技术来实现FileDialog的变脸,这种技术叫替换窗口过程法(注:本人杜撰)。
窗口过程函数是大多窗口都有的,它处理窗口中(包括子窗口)的每一个事件,替换窗口过程法与HOOK技术比起来孰强誰弱是很显然的,因为同一个HOOK只能拦截一个事件,处理起来相当费时,HOOK也有它的优势,但不是本文要讨论的。这里先让大家眼见为实,请看下图:-achieve satisfactory style reunification of the software interface is difficult. As netizen's MessageBox, FileDialog, FontDialog. Contents dialog, and other internal MFC DLL system even within the dialog box, in order to allow it faces no easy thing. Some say HOOK technology, the technology can really HOOK, HOOK can be said to be all-pervasive. However, the efficient use HOOK is unsatisfactory. from the most current mining technology HOOK skinnable software situation, we can prove this point. Today, we will discuss other technologies to achieve a FileDialog of independence, This technique called window replacement process (Note : I invented). Process window function is mostly window is the window handle it (including sub-window) per one incident, window replacement process of law and t
Platform: |
Size: 760308 |
Author: 孙乾坤 |
Hits:
Description: ring0--hook NtContinue+source_code
ring0下面hookNtContinue 使用drx7寄存器实现的hook
this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7)
so NtContinue called from ring3 cannot alter drX registers...
This hook will only PREVENT drX clearing from SEH (kiuser->ntcontinue)
and will not alter debugging using ring3 debuggers (olly->SetThreadContext)
mainly developed for personal reasearch and as anti-bpm...
Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll.dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =)
Its use for some targets such as armadillo... but never posted code...
by deroko
Platform: |
Size: 6421 |
Author: 张京 |
Hits:
Description: ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc).
The difference between this method, and the standard debug API method it that this method monitores all of XP processes, and the program does not have to attach to any other process to monitor it, hence it s harder to detect.
The code currently is considered as ALPHA, and it has been reported to BSoD sometimes (on multi core/cpu machines). Take Care!
Platform: |
Size: 54007 |
Author: 张京 |
Hits:
Description: 鼠标监控,鼠标钩子-mouse control, mouse hook
Platform: |
Size: 4096 |
Author: 啊峰 |
Hits:
Description: There are numerous codes in the www to explain how to hook API functions inside a remote process. So, why creating another one ? This article is the first (I) part of a tool I m working on. This tools won t be too complex, so there is no need for a huge class hierarchy like in almost all other code, nor a hard coded assembly code. This tool is just a technical preview of what is possible to achieve, with QUICK and DIRTY "put your functions here" blocks.-There are numerous codes in the www to explain how to hook API functions inside a remote process. So, why creating another one This article is the first (I) part of a tool I m working on. This tools won t be too complex, so there is no need for a huge class hierarchy like in almost all other code, nor a hard coded assembly code. This tool is just a technical preview of what is possible to achieve, with QUICK and DIRTY "put your functions here" blocks.
Platform: |
Size: 8192 |
Author: |
Hits:
Description: Enclosed is MFC source code for a function which can be used to hook any imported function call which your application makes. Since most of the Win32 API is implemented using import functions in dlls, this means that you hook Win32 API calls. This is useful when for example you want to be called for every call to the file system (::CreateFile() & CloseHandle()) which your app makes. This example of hooking the file system calls your app makes could form the basis of code to ensure you do not have any handle leaks in your application. You could also use this code to spy on COM port activity in remote processes by injecting the DLL into the remote process. -MFC source code for a function w hich can be used to hook any imported function ca ll which makes your application. Since most of t he Win32 API is implemented using import functi ons in dlls. this means that you hook Win32 API calls. This is for example useful when you want to be called for every call to the file system (: : CreateFile ()
Platform: |
Size: 6144 |
Author: l |
Hits:
Description:
Recently I rewatched Joanna s HITB presentation video and I noticed she said that a rootkit leveraging a single byte modification is impossible! Well I think that was a little bold to say and in my opinion it doesn t seem that infeasible that a one byte modification can be leveraged to accomplish something useful.
-Recently I rewatched present Joanna s Box ation video and I noticed she said that a rootkit leveraging a single byte modification is impos quit! Well I think that was a little bold to say a nd in my opinion it doesn t seem that infeasible t hat a one byte modification can be leveraged to a ccomplish something useful.
Platform: |
Size: 3072 |
Author: inwing |
Hits:
Description: qq连连看游戏的外挂源码,喜欢qq连连看游戏的看一下
-qq Lianliankan source plug-in games, like qq games look Lianliankan
Platform: |
Size: 79872 |
Author: bonnie |
Hits:
Description: ring0--hook NtContinue+source_code
ring0下面hookNtContinue 使用drx7寄存器实现的hook
this code hooks ntoskrnl!NtContinue to set dr7 to 0 (no updating of dr7)
so NtContinue called from ring3 cannot alter drX registers...
This hook will only PREVENT drX clearing from SEH (kiuser->ntcontinue)
and will not alter debugging using ring3 debuggers (olly->SetThreadContext)
mainly developed for personal reasearch and as anti-bpm...
Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll.dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =)
Its use for some targets such as armadillo... but never posted code...
by deroko-ring0- hook NtContinue+ source_codering0 use the following hookNtContinue register drx7 realize the hook this code hooks ntoskrnl! NtContinue to set dr7 to 0 (no updating of dr7) so NtContinue called from ring3 cannot alter drX registers ... This hook will only PREVENT drX clearing from SEH (kiuser-> ntcontinue) and will not alter debugging using ring3 debuggers (olly-> SetThreadContext) mainly developed for personal reasearch and as anti-bpm ... Hook NtContinue (not exported from ntoskrnl.exe but exported in ntdll. dll with service number) to set dr7 to 0 prior to calling original NtContinue so debug registers won t be changed from seh and ring3 code =) Its use for some targets such as armadillo ... but never posted code ... by deroko
Platform: |
Size: 6144 |
Author: 张京 |
Hits:
Description: ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc).
The difference between this method, and the standard debug API method it that this method monitores all of XP processes, and the program does not have to attach to any other process to monitor it, hence it s harder to detect.
The code currently is considered as ALPHA, and it has been reported to BSoD sometimes (on multi core/cpu machines). Take Care!
Platform: |
Size: 53248 |
Author: 张京 |
Hits:
Description: 驱动级HOOK的源代码。做外挂的辅助作用-HOOK-driven source code level. Supporting role to do plug-in
Platform: |
Size: 5120 |
Author: 伊戈尔 |
Hits:
Description: Sometimes, we run into a situation when we badly need to hook some kernel function, but are unable to do it via conventional PE-based hooking. This article explains how kernel functions can be directly hooked. As a sample project, we are going to present a removable USB storage device as a basic disk to the system, so that we can create and manage multiple partitions on it (for this or that reason, Windows does not either allow or recognize multiple partitions on removable storage devices, so we are going to cheat the system). On this particular occasion, we will hook only one function, but the approach described in this article can be extended to handle multiple functions (for example, one of my projects required direct hooking of quite a few functions from the NDIS library). You should clearly realize that this article is about direct hooking and not about dealing with USB storage, so please don t tell me that the sample problem may have been solved differently.
Platform: |
Size: 10240 |
Author: gto |
Hits:
Description: 魔兽游戏里踢人
我们HOOK Send函数。如果我们和某个玩家私聊,假设输入7720668,那么肯定可以在pBuffer中搜索到这个字符串,然后我们关闭相应的socket即可实现T人了。(这里也说明了:只有主机才可以T人。因为通过伪造TCP、SYN、ACK数据包来实现,几乎不可能)
-World of Warcraft game kicking us HOOK Send function. If we whisper a player, assuming that the input 7,720,668, then certainly in the pBuffer search to this string, and then we close the socket to achieve the appropriate T people. (This also explains: T can only host one, because by forging TCP, SYN, ACK packet to achieve, almost impossible)
Platform: |
Size: 39936 |
Author: a88758289 |
Hits:
Description: 这个工具是由vc++编程的,主要的功能是屏蔽鼠标和键盘-i don t know english
Platform: |
Size: 1964032 |
Author: qingmie |
Hits:
Description: Il y a quelques temps, j avais publié sur le blog la technique de l IAT Hook qui permettait de détourner l appel d une fonction via la table d importation.
Mais cela a ses limites: si vous posez un hook après que le programme ai récupéré l adresse de la fonction, cela ne fonctionnera pas. De même si le programme a utilisé GetProcAddress.
Ici, nous changeons donc de tactique: plutô t que de modifier l adresse de la fonction, nous allons modifier le code de la fonction pour la faire sauter via l instruction JMP (0xE9) sur notre fonction.
Pour ce faire, j ai donc dû calculer la taille des instructions et j ai donc utilisé le projet x86ime.
-Il y a quelques temps, j avais publié sur le blog la technique de l IAT Hook qui permettait de détourner l appel d une fonction via la table d importation.
Mais cela a ses limites: si vous posez un hook après que le programme ai récupéré l adresse de la fonction, cela ne fonctionnera pas. De même si le programme a utilisé GetProcAddress.
Ici, nous changeons donc de tactique: plutô t que de modifier l adresse de la fonction, nous allons modifier le code de la fonction pour la faire sauter via l instruction JMP (0xE9) sur notre fonction.
Pour ce faire, j ai donc dû calculer la taille des instructions et j ai donc utilisé le projet x86ime.
Platform: |
Size: 278528 |
Author: Lord Noteworthy |
Hits:
Description: vc2010编写的钩子过程,可屏蔽左右win键,Alt+Tab键,但没做到屏蔽Ctrl+Alt+Del组合键-Vc2010 write hook procedure, can win key block or so, Alt+ Tab key, but didn t accomplish shielding Ctrl+ Alt+ Del key combination
Platform: |
Size: 372736 |
Author: 季超 |
Hits:
Description: 超级HOOK方便了大家不用用CE去分析数据的偏移和基址来读取数据,节省很大时间和更新数据时间,
特别是有些游戏找不到基址或是复杂的数据结构时,用超级HOOK即可迎刃而解!
-Super HOOK to facilitate everyone not to analysis of data migration and base to read the data using CE, save a lot of time and update time,
Especially some games can t find the address or the data structure is complex, with super HOOK can be smoothly done or easily solved!
Platform: |
Size: 527360 |
Author: linddk |
Hits:
Description: wr960204武稀松.2012.2
主页 http://www.raysoftware.cn
通用Hook库.
支持X86和X64. Get
使用了开源的BeaEngine反汇编引擎.BeaEngine的好处是可以用BCB编译成OMF格式的Obj,
被链接进Delphi的DCU和目标文件中.不需要额外带DLL.
BeaEngin引擎
http://www.beaengine.org/
限制:
1.不能Hook代码大小小于5个字节的函数.
2.不能Hook前五个字节中有跳转指令的函数.
希望使用的朋友们自己也具有一定的汇编或者逆向知识.
Hook函数前请确定该函数不属于上面两种情况.
另外钩COM对象有一个技巧,如果你想在最早时机勾住某个COM对象,
可以在你要钩的COM对象创建前自己先创建一个该对象,Hook住,然后释放你自己的对象.
这样这个函数已经被下钩子了,而且是钩在这个COM对象创建前的.-Wr960204 Wu not.2012.2
Home http://www.raysoftware.cn
General Hook library.
Support X86 and Get X64.
The use of open source BeaEngine anti compilation engine.BeaEngine the benefits of BCB can be compiled into OMF format Obj,
Be linked into DCU s Delphi and target files. No extra tape DLL.
BeaEngin engine
Http://www.beaengine.org/
Limited:
1 can not Hook code size is less than 5 bytes of function.
2 can t Hook the first five bytes in a jump instruction function.
Friends who want to use their own also has a certain assembly or reverse knowledge.
Hook function before you determine that the function does not belong to the above two cases.
In addition to hook COM object has a skill, if you want to hook in the first time a COM object,
You can create a COM object that you want to hook before you create an object, Hook live, and then release your own objects.
This function has been under the hook, and the hook in the COM object before the creation of the.
Platform: |
Size: 929792 |
Author: YyQ |
Hits:
Description: HOOK拦截大家不懂的可以下载学习学习对想学习这方面的非常有用(HOOK intercepting the downloadable learning learning that you don't understand is very useful for trying to learn this aspect)
Platform: |
Size: 1742848 |
Author: 术
|
Hits: