Location:
Search - kernel32.dll
Search list
Description: 纯汇编写的,主要拦截KERNEL32.DLL中的OpenFile、CreateFileA、CreateFileW、ReadFile、 ReadFileEx、WriteFile、WriteFileEx、DeviceIoControl等函数,HOOK到的数据未做过滤处理。
其中MYDLL利用了skyer的HOOKAPI LIB,放出源码,主程序的过程是创建进程后挂起,注入MYDLL后恢复进程,拦截过程中的相关函数
Platform: |
Size: 1803 |
Author: 张京 |
Hits:
Description: 用C编写的微秒级精确延时DLL函数库,通过调用kernel32.dll的QueryPerformanceFrequency()、QueryPerformanceCounter()函数实现。
Platform: |
Size: 94636 |
Author: 王学文 |
Hits:
Description: getKernel32Base,用于取Kernel32.dll的基地址,一种很简单的方法
Platform: |
Size: 2651 |
Author: alex |
Hits:
Description: 用C编写的微秒级精确延时DLL函数库,通过调用kernel32.dll的QueryPerformanceFrequency()、QueryPerformanceCounter()函数实现。-Prepared with C-level precision microsecond delay DLL function library, by calling the kernel32.dll of QueryPerformanceFrequency (), QueryPerformanceCounter () function.
Platform: |
Size: 94208 |
Author: 王学文 |
Hits:
Description: getKernel32Base,用于取Kernel32.dll的基地址,一种很简单的方法-getKernel32Base, used to check the base address of Kernel32.dll, a very simple method
Platform: |
Size: 2048 |
Author: alex |
Hits:
Description: shellcode辅助开发工具,漏洞攻击好帮手-Shellcode assisted development tools, vulnerability to attack a good helper
Platform: |
Size: 394240 |
Author: kugong |
Hits:
Description: 防杀程序 防止恶意结束程序,动态加载KERNEL32.DLL来实现 -Anti-kill procedures to prevent the malicious end of the procedure, dynamic load KERNEL32.DLL to achieve ....
Platform: |
Size: 1024 |
Author: 159 |
Hits:
Description: BOOL InjectDLL(DWORD ProcessID)
{
HANDLE Proc
char buf[50]={0}
LPVOID RemoteString, LoadLibAddy
if(!ProcessID)
return false
Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, ProcessID)
if(!Proc)
{
sprintf(buf, "OpenProcess() failed: d", GetLastError())
MessageBox(NULL, buf, "Loader", NULL)
return false
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE)
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME,strlen(DLL_NAME), NULL)
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL)
CloseHandle(Proc)
return true
} -BOOL InjectDLL(DWORD ProcessID)
{
HANDLE Proc
char buf[50]={0}
LPVOID RemoteString, LoadLibAddy
if(!ProcessID)
return false
Proc = OpenProcess(CREATE_THREAD_ACCESS, FALSE, ProcessID)
if(!Proc)
{
sprintf(buf, "OpenProcess() failed: d", GetLastError())
MessageBox(NULL, buf, "Loader", NULL)
return false
}
LoadLibAddy = (LPVOID)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA")
RemoteString = (LPVOID)VirtualAllocEx(Proc, NULL, strlen(DLL_NAME), MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE)
WriteProcessMemory(Proc, (LPVOID)RemoteString, DLL_NAME,strlen(DLL_NAME), NULL)
CreateRemoteThread(Proc, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibAddy, (LPVOID)RemoteString, NULL, NULL)
CloseHandle(Proc)
return true
}
Platform: |
Size: 26624 |
Author: artofsexy |
Hits:
Description: shellcode 打开一个command的shellcode 大家看看 如果是你所需要的谢谢
-shellcode opens a command of the shellcode take a look if you need Thank you
Platform: |
Size: 1024 |
Author: ll |
Hits:
Description: PB 调用网络连接控件, 调用函数库"wininet.dll","KERNEL32.DLL"-PB called network connection control,"wininet.dll","KERNEL32.DLL"
Platform: |
Size: 9216 |
Author: Tang Jiufei |
Hits:
Description:
Platform: |
Size: 1144832 |
Author: 小刘 |
Hits:
Description: 在Windows CE下,coredll.dll的作用相当于Win32的kernel32.dll -In the Windows CE under, coredll.dll the role of the equivalent of Win32' s kernel32.dll
Platform: |
Size: 112640 |
Author: yodoe |
Hits:
Description: libZPlay是解析mp3, ogg, ac3, flac, wav and pcm 种格式的多媒体库的源码,整合支持所有格式的解码器。你不需要额外的lib。仅使用kernel32.dll, user32.dll, gdi32.dll 和 winmm.dll,微软Windows标准库。也不需要mfc和.net的支持,只是纯粹的WINAPI。简单几行代码就可以实现播放-libZPlay multimedia library for playing mp3, ogg, ac3, flac, wav and pcm files and streams. This library integrate all decoders for supported formats. You don t need additional libraries. Library is using native WINAPI functions from kernel32.dll, user32.dll, gdi32.dll and winmm.dll. All these libreries are standard libraries on all Microsoft Windows. There is no need for MFC or .NET support. Just pure WINAPI. Library will play music directly to soundcard. Simple and easy. No need for additional programming. You can play music using only 3 lines of code (create class, open file and start playing). Simple, simple, simple ...
Platform: |
Size: 2734080 |
Author: liuweiwei |
Hits:
Description: 通过搜索内存地址,获得kernel32.dll在内存中的基地址,同样的方法适用于其他dll的搜索-search the memory to find the base address of kernel32.dll
Platform: |
Size: 1024 |
Author: 郑炯 |
Hits:
Description: 进程中隐藏动态库的驱动源码,例子为在explorer.exe中隐藏 kernel32.dll,测试通过!-Process of dynamic database-driven hidden source code, examples in explorer.exe to hide kernel32.dll, tested!
Platform: |
Size: 29696 |
Author: 虎子 |
Hits:
Description: 13个WINDOWS DLL的API声明模块,包括:Advapi32.dll Comdlg32.dll Gdi32.dll Imm32.dll Kernel32.dll Lz32.dll Mpr32.dll Netapi32.dll She -13 WINDOWS DLL' s API declaration module, including: Advapi32.dll Comdlg32.dll Gdi32.dll Imm32.dll Kernel32.dll Lz32.dll Mpr32.dll Netapi32.dll She
Platform: |
Size: 28672 |
Author: hxwcool |
Hits:
Description: shellcode资料及代码 突破防火墙 构造字符串 复用端口 分段传送 动态复用端口-shellcode information and code reuse string break firewall port sub-structure dynamic multiplexing transmission port
Platform: |
Size: 250880 |
Author: hyutu |
Hits:
Description: 公用模块:_GetKernel.asm根据程序被调用的时候堆栈中有个用于 Ret 的地址指向 Kernel32.dll
而从内存中扫描并获取 Kernel32.dll 的基址
-Public modules: _GetKernel.asm according to the procedure is called when there is a stack of address points for Ret and Kernel32.dll scan from memory and get the base address of Kernel32.dll
Platform: |
Size: 3072 |
Author: 邓晴 |
Hits:
Description: 易语言防DLL注入, API_GetProcAddress (API_GetModuleHandle (“kernel32.dll”), “LoadLibraryA”)-easy language anti DLL injection
Platform: |
Size: 11264 |
Author: 王文 |
Hits:
Description: C#工具库
kernel32.dll
可以用于读内存数据什么的(C# Library
kernel32.dll
can read memory data)
Platform: |
Size: 424960 |
Author: van.chen |
Hits: