CodeBus
www.codebus.net
Search
Sign in
Sign up
Hot Search :
Source
embeded
web
remote control
p2p
game
More...
Location :
Home
Search - inline hook ntopenprocess
Main Category
SourceCode
Documents
Books
WEB Code
Develop Tools
Other resource
Search - inline hook ntopenprocess - List
[
OS program
]
SSDTHook
DL : 0
对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。
Update
: 2008-10-13
Size
: 3.55kb
Publisher
:
sdlylz
[
OS program
]
SSDTHook
DL : 0
对付ring0 inline hook的基本思路是这样的,自己写一个替换的内核函数,以NtOpenProcess为例,就是 MyNtOpenProcess。然后修改SSDT表,让系统服务进入自己的函数MyNtOpenProcess。而MyNtOpenProcess要做的事就是,实现NtOpenProcess前10字节指令,然后再JMP到原来的NtOpenProcess的十字节后。这样NtOpenProcess 函数头写的JMP都失效了,在ring3直接调用OpenProcess再也毫无影响。-Ring0 inline hook to deal with the basic idea is that the replacement of their own to write a kernel function to NtOpenProcess for example, is MyNtOpenProcess. And then amend the SSDT table, so that system services into its own function MyNtOpenProcess. And MyNtOpenProcess to do is realize NtOpenProcess the first 10-byte instruction, and then JMP to the original NtOpenProcess the Cross Festival. This NtOpenProcess function of the JMP are the first to write a lapse in ring3 no longer directly call OpenProcess no impact.
Update
: 2025-02-17
Size
: 3kb
Publisher
:
sdlylz
[
Hook api
]
NtOpenProcess[InlineHook]
DL : 0
r0 inline hook sample.
Update
: 2025-02-17
Size
: 37kb
Publisher
:
xiaohuangran
[
Hook api
]
Inline-Hook_NtOpenProcess
DL : 0
一段INLINE-HOOK的代码,以及一个循环检测是否改写,可在直接调用。【给HookOn传入一个PID即可】。-INLINE-HOOK section of the code, as well as a cycle of test re-evaluated, in direct call. 【HookOn into a PID to be】.
Update
: 2025-02-17
Size
: 2kb
Publisher
:
MagicCrow
[
Windows Develop
]
NtOpenProcess
DL : 0
Hook legal para aprender NtOpenProcess[Inline Hook]
Update
: 2025-02-17
Size
: 16kb
Publisher
:
munizf
[
Windows Develop
]
Inline
DL : 0
回复NP HOOK住的部分代码 NTOPENPROCE-Part of the code back NP HOOK
Update
: 2025-02-17
Size
: 3kb
Publisher
:
zhangyang
[
Hook api
]
NtOpenProcess[Inline-Hook]
DL : 0
NtOpenProcess[Inline Hook].rar-
Update
: 2025-02-17
Size
: 73kb
Publisher
:
CodeBus
is one of the largest source code repositories on the Internet!
Contact us :
1999-2046
CodeBus
All Rights Reserved.