Location:
Search - pe import
Search list
Description: • 如何攔截API呼叫
說明
這是網友問的問題,雖然這個問題並不適合用VB做,但並不是做不到,要多繞一段路,這個問題重點在於執行檔中的IAT(Import Address Table) 如果你對於PE黨並不熟悉 請參考PE檔簡介這篇文章
一個Process再執行時,會將許多DLL載入到行程空間中,如呼叫User32.dll中的MessageBoxW就必須將User32.dll載入到位址空間,呼叫越多不同種的API,位址空間中的模組也就越多,至於如何得知行程所載入的模組請參考如何取得Process中載入的模組的資訊
一般來說,如果是執行Notepad.exe 我們只要攔截模組Notepad.exe的IAT即可,除非你想攔截Notepad.exe是否有透過其他DLL去執行要攔截的函數,才需要去攔截其他載入的模組-VB API calls interception
Platform: |
Size: 138240 |
Author: 楚吟风 |
Hits:
Description: 操作PE可执行文件的类库,可以添加导入函数,修改PE,插入代码-PE executable file of the library operation, import functions can be added, modified PE, insert code, etc.
Platform: |
Size: 258048 |
Author: hellovc |
Hits:
Description: 可以检测一个DLL是COM,Managed或者普通Win32 DLL。-A context menu handler for PE files. Can display different verbs for Win32/COM or .NET assemblies.
Libraries exporting DllRegisterServer and DllUnregisterServer are considered COM libraries, PE files with an IMAGE_COR20_HEADER are considered .NET assemblies, and all valid non-.NET PE files are considered Win32.
The default settings include Dependency Walker action for Win32 and COM libraries, register/unregister commands for COM libraries and .NET Reflector for managed assemblies.
InstallUtil and GacUtil support is planned for a next release.
To install, just regsvr32 the DLL, change the Dependency Walker and .NET Reflector paths in the reg file, and import it.
By default, the handler is associated only to .exe and .dll files.
Platform: |
Size: 11951104 |
Author: piaogerbeta |
Hits:
Description: 一个简单的调试器
主要功能 :1.单步步入 2.单步步过 3.运行 4.自动步过 5.指令记录 6.自动步入 7.跳出函数体 8.dump被调试进程 9.INT3断点 10.硬件断点 11.多内存断点 12.API断点 13.对DLL导出函数的反汇编 14.导入函数名的解析 15.内嵌了一个PE查看工具默认显示被调试程序的PE信息.可以选择查看其他的程序PE信息.
所有的功能都可以使用命令和菜单 快捷键来完成,可以拖拽
-A simple debugger interface simple cottage Windbg. Main features: 1. Single step into the 2 single-step through 3 run 4 automatically step through 5 command record 6 automatically into 7 out of a function body 8.dump debugging process 9.INT3 breakpoint 10. hardware breakpoints 11 and more memory breakpoint 12.API breakpoint 13. DLL export functions for disassembly 14 import function name resolution 15. built a PE View the default display tool program being debugged PE information. can choose to view information about other programs PE all the functions you can use keyboard shortcuts and menu commands to complete, you can drag and drop. code issues in the hope of useful to you Oh. See specific use Help menu
Platform: |
Size: 661504 |
Author: 曹林开 |
Hits:
Description: PE装载器的例子,处理了导入表、重定位表。-PE loader example, handling the import table, relocation table.
Platform: |
Size: 9216 |
Author: 顺口溜 |
Hits:
Description: PE信息查看器,主要查看PE文件中的各个节表信息,如导入表导出表,纯属练手,新手学习,老鸟路过-PE information to the viewer, the main view in the section table information in the PE file, import tables and export the table is purely to practice hand, the novice learning, passing fields and
Platform: |
Size: 56320 |
Author: 中华 |
Hits:
Description: 一个比较适合新手学习用的MFC pe文件导入函数使用方法-A more suitable for beginners to learn the MFC PE file with import function USES the method
Platform: |
Size: 3627008 |
Author: fdf |
Hits:
Description: 解析PE 文件的工具,可以导入一个文件,查看导入表,导出表,各种信息。-Tool to parse the PE file, you can import a file to view the import table, export table, all kinds of information.
Platform: |
Size: 95232 |
Author: joexie |
Hits:
Description: 解析PE文件,取得PE中的PE头信息,导入表,延迟导入表,导出表,重定位信息。并从PE文件中提取出图标,位图,菜单资源-Parsing PE files obtained in PE PE header information, import table, delayed import table, export table, relocation information. And extracted from the PE file icons, bitmaps, menus resources
Platform: |
Size: 2652160 |
Author: 郭攀 |
Hits:
Description: 用于检测某一PE文件,是否含有指定的导入函数;若含有,则返回结果为0,不含有则返回结果为1,异常出错则返回-1;输入参数为:1、PE文件的路径;2、匹配的导入函数名。-For the detection of a PE file, whether it contains the designated import function if they contain, then return the result to 0, does not contain the result is returned to 1, exception error is returned-1 input parameters: 1, PE file path 2, matching the import function names.
Platform: |
Size: 3072 |
Author: buted |
Hits:
Description: change pe file to expand import table.
Platform: |
Size: 13064192 |
Author: bds528 |
Hits:
Description: 这是一个关于PE文件读取代码,对学习PE格式的人有很大帮助,因为里面有读取重定位表,导入函数,导出函数,PE基本信息的源码,看源码比看大量字体资料更高效-This is a PE file to read the code, to learn PE format helps a lot of people, because there are reading the relocation table, import functions, export functions, PE basic information about the source, look at the source of information is more than watching a lot of fonts efficient
Platform: |
Size: 38912 |
Author: 平次 |
Hits:
Description: 一款强大的PE文件 导入表重建工具,支持 x86和x64-A great tool to rebuild an import table, supporting x86 and x64
Platform: |
Size: 882688 |
Author: sitefortest |
Hits:
Description: duilib界面库做的PE信息查看工具。DOS头,PE头,导入导出表,等。-duilib interface library to do PE View tool. DOS header, PE header, import and export tables, and so on.
Platform: |
Size: 13386752 |
Author: 零点 |
Hits:
Description: 导出表钩子的实例代码,导出表是pe的一个重要结构-import table hook
Platform: |
Size: 13312 |
Author: lier |
Hits:
Description: PE装载器的例子,处理了导入表、重定位表。-PE loader example, handling the import table, relocation table.
Platform: |
Size: 10240 |
Author: kkcac2392qishil |
Hits:
Description: 该源码解析一个PE文件,打印其输入表、输出表、重定位表等详细信息!-this code resolves a file of PE type,and print the information of the file s import table,export table and relocal table,etc.
Platform: |
Size: 10240 |
Author: kkcac2392qishil |
Hits:
Description: 获得PE文件的导入模块和导入函数,具体的试一下就知道啦-Access to PE file import module and import functions,
Platform: |
Size: 1024 |
Author: hhymy2947puhua |
Hits:
Description: 最新版本的pelib,能查看windows pe文件引入表和 引出表,和头等信息。我在vs2013编译通过的,没错误,是比较全的pe文件c++类库(The latest version of pelib allows you to view windows PE files, import tables and leads, and first class information. I compiled through vs2013, no error, is a more comprehensive PE file, c++ class library)
Platform: |
Size: 165888 |
Author: jflbr
|
Hits: