Location:
Search - iat
Search list
Description: 一个通过修改DLL文件的IAT表来实现的hook开发包源码-A DLL file by modifying the IAT table to achieve the hook development kit source
Platform: |
Size: 190464 |
Author: 站长 |
Hits:
Description:
1. 内容
2. 介绍
3. 挂钩方法
3.1 运行前挂钩
3.2 运行时挂钩
3.2.1 使用IAT挂钩本进程
3.2.2 改写入口点挂钩本进程
3.2.3 保存原始函数
3.2.4 挂钩其它进程
3.2.4.1 DLL注入
3.2.4.2 独立的代码
3.2.4.3 原始修改
4. 结束语-1. Content 2. Introduction 3. Linked to the former method of operation linked 3.1 3.2 Runtime 3.2.1 to enable linking IAT linked with the process of rewriting the point of entry 3.2.2 linked to the process of preserving the original function 3.2.3 3.2.4 linked to other DLL injection process 3.2.4.1 3.2.4.2 3.2.4.3 independent of the original code amendments changed four. Concluding remarks
Platform: |
Size: 11264 |
Author: flyfan |
Hits:
Description: 参照95系统程式大奥秘最后一个APISPY32程序。里面有我加的详细注释,适合初学者理顺思路。包括工程文件。一些没有加注释的请参考程式大奥秘。另:还没有写加载器。可以手工在刺探程序中显示调用LoadLibrary,重点在学习堆栈和IAT。请注意汇编和C之间的函数互调。-95 major programs with reference to the mysteries of the last APISPY32 procedures. There are detailed notes I added, suitable for beginners and straighten out the idea. Including engineering documents. No increase in the Notes program please refer to the big mystery. Other: no write loader. Manual procedures can be displayed in the spy call LoadLibrary, focused on learning the stack and the IAT. Please note that the compilation and C between the intermodulation function.
Platform: |
Size: 31744 |
Author: 郭夏斌 |
Hits:
Description: 开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points.
Platform: |
Size: 200704 |
Author: 齐欢乐 |
Hits:
Description: 使用系统IAT表查找要Hook的函数地址,然后进行挂钩。本代码Hook的是TextOut函数。-IAT table to find using the system to Hook a function of address, and then proceed to link. Hook this code is the TextOut function.
Platform: |
Size: 37888 |
Author: 骆爽 |
Hits:
Description: Rootkit IAT HOOK---利用内核共享内存实现IAT hook-Rootkit IAT HOOK--- realize the use of shared memory kernel IAT hook
Platform: |
Size: 39936 |
Author: rootkit |
Hits:
Description: API HOOK源码,自己写的,C++源码,使用的也是定位IAT表,获取需要HOOK的API,然后HOOK并处理~-API HOOK source, wrote it myself, C++ Source, the use of the IAT is also positioning table, access to the needs of HOOK the API, and then HOOK and processed ~
Platform: |
Size: 18432 |
Author: dylan |
Hits:
Description: IAT HOOK I just try to hook a api call with John Chamberlain s source code. The code works, but nothing happen when i call CreateProcess in an other application. Why
Platform: |
Size: 2048 |
Author: RDGMax |
Hits:
Description: 能够找出给种类型的系统Hook,包括IAT表,SSDT表等相关的钩子-VICE is a tool to find hooks.
Features include:
1. Looks for people hooking IAT s.
2. Looks for people hooking functions in-line aka detouring.
3. Looks for hooks in the System Call Table. Thanks to Tan perhaps it will fix the table in the future.
4. Looks for detour hooks in the System Call Table functions themselves.
5. Looks for people hooking IRP_MJ table in drivers. This is configurable by driver.ini.
Platform: |
Size: 67584 |
Author: 袁晓辉 |
Hits:
Description: 通过修改iat输入表来hook api,本例子实现如何去hook非静态调用的api-Iat table by modifying the input to hook api, the example of the realization of how to hook the api call non-static
Platform: |
Size: 3712000 |
Author: 李泽球 |
Hits:
Description: 免杀工具从定位出入表 !!1-jk03
Platform: |
Size: 365568 |
Author: 借口 |
Hits:
Description: IAT HOOKING, for WINCE.
Platform: |
Size: 71680 |
Author: Jin-Hyuk |
Hits:
Description: PE文件 IAT一键重建工具免杀必备工具。。。。
非常好用的IAT一键重建工具-IAT TOOLS
Platform: |
Size: 302080 |
Author: yehson |
Hits:
Description: Sample for how to hook IAT table
Platform: |
Size: 31744 |
Author: trumken |
Hits:
Description: 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-hook, idt-hook, int 2e/sysenter-hook 3. Inline Function Hook
Platform: |
Size: 14336 |
Author: lee |
Hits:
Description: 修改文件IAT进行注入。 嘿嘿 希望对你们有帮助。-IAT to modify the file into. Hey want to help you. Thank you
Platform: |
Size: 4096 |
Author: 164894 |
Hits:
Description: 屏幕取词功能实现方法2 一个通过修改DLL文件的IAT表来实现的hook开发包源码--Screen Translation Method 2 to achieve a functional DLL file by modifying the IAT table to achieve the hook development kit source code-
Platform: |
Size: 172032 |
Author: py |
Hits:
Description: Delphi IAT Hook API(沒使用到Dll,我打算用CreateRemoteThread來實現Hook,可以說還沒完成)-Delphi IAT Hook API
Platform: |
Size: 357376 |
Author: asd |
Hits:
Description: IAT表详解,进一步了解PE文件结构,从而了解计算机组成(detailed annotation for IAT)
Platform: |
Size: 9216 |
Author: 广东_无痕
|
Hits: