Location:
Search - process hook
Search list
Description: 可截获windows下各进程的各类消息,可作消息查看之用-windows can be intercepted under the process of the various news sources for use View
Platform: |
Size: 271360 |
Author: wxs715 |
Hits:
Description: 工作需要,想控制进程的创建,于是HOOK了ZwCreateProcess,后来发现xp和2003中创建进程的都用NtCreateProcessEx-work needs to control the process of creation, then the ZwCreateProcess HOOK, later found xp 2003 and the process of creating both NtCreateProcessEx
Platform: |
Size: 9216 |
Author: 龙 |
Hits:
Description: There are numerous codes in the www to explain how to hook API functions inside a remote process. So, why creating another one ? This article is the first (I) part of a tool I m working on. This tools won t be too complex, so there is no need for a huge class hierarchy like in almost all other code, nor a hard coded assembly code. This tool is just a technical preview of what is possible to achieve, with QUICK and DIRTY "put your functions here" blocks.-There are numerous codes in the www to explain how to hook API functions inside a remote process. So, why creating another one This article is the first (I) part of a tool I m working on. This tools won t be too complex, so there is no need for a huge class hierarchy like in almost all other code, nor a hard coded assembly code. This tool is just a technical preview of what is possible to achieve, with QUICK and DIRTY "put your functions here" blocks.
Platform: |
Size: 8192 |
Author: |
Hits:
Description: const WM_UNSUBCLASS = WM_USER + 2001 //卸载子类化消息 WM_SENDDATA = WM_USER + 2003 //收到要发送新数据包的消息 type PMyDLLVar = ^TMyDLLVar //用来共享的内存数据结构 TMyDLLVar = record SubClass: Boolean //是否已经子类化 HookWindow, SpyWindow: LongWORD //要安装HOOK的窗口及用于接收消息的窗口 hHook: LongWORD //HOOK句柄 OldWndProc: pointer //旧的窗口过程 end-const WM_UNSUBCLASS = WM_USER 2001// Uninstall subclass of news WM_SENDDATA = WM_USER 2003// received new data to be sent information packets type PMyDLLVar = ^ TMyDLLVar// used to share memory data structure TMyDLLVar = record SubClass : Boolean// if the child class of HookWindow, SpyWindow : LongWORD// HOOK to install a window for receiving news and the window hHook : LongWORD// handle OldWndProc HOOK : pointer// old process end window
Platform: |
Size: 198656 |
Author: 黄春标 |
Hits:
Description: 动态库注入器 1.0
功能:将一个动态库文件注入到一个正在运行的进程内.
应用:通过注入功能,可以实现对一个进程的api hook,比如写一个dll,然后hook socket api,然后注入到你想监视的进程,这样就能够用于网络数据包的分析了
-DLL injector 1.0 features : a dynamic library file is injected into a running process. Applications : by injecting function can be achieved on a process api hook, such as writing a dll, then hook socket api, and then injected into you want to watch the process so it can be used for network packet analysis of the
Platform: |
Size: 50176 |
Author: 阿东 |
Hits:
Description: 在2000和xp下,隐藏进程,VC6.0测试通过
在需要隐藏进程的时候#incoude"HideProcess.h",调用HideProcess()即可。-in 2000 and xp, hidden process, VC6.0 tested in the process need to hide when# incoude "HideProcess.h" Call HideProcess () can be.
Platform: |
Size: 3072 |
Author: 力 |
Hits:
Description: 罗聪作品。利用SEH 技术 达到HOOK 同进程 API 的技术。-Luo cong works. SEH use the same technology to process HOOK API technology.
Platform: |
Size: 4096 |
Author: xpan |
Hits:
Description: api hook process的教程,需要的可以下载看看,非常简单-api hook process guidelines can be downloaded in need to see, very simple
Platform: |
Size: 21504 |
Author: yiler |
Hits:
Description: 钩子(hook)是Windows消息处理机制的一部分,用户应用程序设置钩子后就可截获所有Windows系统消息。钩子安装成功后就可通过钩子的过程处理函数处理所截获的消息。通常将钩子的安装及处理函数放在动态链接库中,供系统中每个进程调用。钩子安装后会对系统产生一定的影响。因此在使用完钩子后应及时将其释放掉。
动态链接库编程编译、链接生成的*.dll和*.lib文件可供其他调用DLL的应用程序使用。
-Hook (hook) is a Windows message processing part of the mechanism, the user application settings can be intercepted after the hook all Windows system message. After the success of hook can be installed through the process of hook handler to deal with the intercepted message. Usually hook the installation and handling functions on the dynamic link library for the system call for each process. Hook after the installation of the system have a certain impact. Therefore, after you are finished using the hook should be released promptly lost. Dynamic Link Library programming compiler, link-generated*. dll and*. lib files for other applications that call the DLL to use.
Platform: |
Size: 796672 |
Author: 程娃 |
Hits:
Description: 注入DLL到进程,hook游戏成功的例子-Injected DLL into the process, hook examples of successful games
Platform: |
Size: 344064 |
Author: 是啊 |
Hits:
Description: Start.exe 安装 Insert.dll 中的 WH_GETMESSAGE 钩子. 当任何一个进程从
消息队列取消息时, Insert.dll 都将被装入其空间. Insert.dll在入口代码
中判断当前进入的进程模块名, 如果是 Explorer则建立一个线程, 并发消息
通知 Start.exe退出. 这个时候建立的新线程, 当然是属于Explorer进程的,
这就是关键之所在了. 另外, 该线程还建立了一个窗体, 可以设定IE首页. :~)-Start.exe installation of Insert.dll hook WH_GETMESSAGE. When any one process from the message queue check news, Insert.dll will be put into its space. Insert.dll at the entry code to enter the process to determine the current module name, if is the Explorer is the creation of a thread, and发消息Start.exe quit notice. this time the new thread, of course, is the Explorer process, and this is the key to a. In addition, the thread has also set up a form, can set the IE homepage.: ~)
Platform: |
Size: 29696 |
Author: hss |
Hits:
Description: 勾子 代码
Hook编程。如何安装钩子过程,如何编写全局钩子-Hook hook programming code. How to install the hook process, how to write global hooks
Platform: |
Size: 1024 |
Author: 席秋波 |
Hits:
Description: HOOK API,对于一个没有接触过人而言,时个神秘地带,真有那么神秘码?微软提供了这方面的开发包DETOUES,很简单,不需要其他工作就可以实现了,不需要跳转指令,不需要修改PE头,更不需要枚举当前所有进程和即将启动的进程-HOOK API, no contact for a man is concerned, when a mysterious area code really so mysterious? Microsoft provided an SDK DETOUES, very simple, no other work can be achieved, and do not need to Jump instructions, will not need to change PE header, but do not need to enumerate all the current process and will soon start the process of
Platform: |
Size: 808960 |
Author: |
Hits:
Description: 利用Hook在系统进程插入线程的改进版本.
-Hook the process to use the system to improve the version of the thread insert.
Platform: |
Size: 26624 |
Author: |
Hits:
Description: 自己写的一个锁机软件。
使用钩子屏蔽热键。
使用Process类终止任务管理器-Writing a lock their software. The use of hook hotkey shielding. Terminating the use of Process Task Manager
Platform: |
Size: 7076864 |
Author: 小强 |
Hits:
Description: 基于ssdt hook 的进程保护,防止自己的进程被恶意关闭。包含应用层与应用层通信的代码-based on ssdt hook the process of protection against their own process of being shut down malicious. Contains application-layer and application layer communication code
Platform: |
Size: 48128 |
Author: lier |
Hits:
Description: 收集几款VC++代码注入程序,不同时期的都有,通过这些示例你会明白如何将代码注入不同的进程地址空间,随后在该进程的上下文中执行注入的代码。这里主要是三种方法:
1、Windows 钩子
2、CreateRemoteThread 和 LoadLibrary 技术 ——进程间通信
3、CreateRemoteThread 和WriteProcessMemory 技术
——如何用该技术子类化远程控件
——何时使用该技术-Collection of several VC++ code into the process, have different periods, through these examples you will understand how to code the process into a different address space, and then in the process into the context of the implementation of the code. Here are mainly three methods: 1, Windows hook 2, CreateRemoteThread and LoadLibrary technology- the process of communication 3, CreateRemoteThread and WriteProcessMemory technology- how to use the technology sub-class of remote control- when to use the technology
Platform: |
Size: 48128 |
Author: 300 |
Hits:
Description: Hook在系统进程插入线程的改进版本,进程的注入hook,加入Dll控制,消息控制,功能强大。-Hook the process to insert the thread in the system to improve the version of the injection process hook, adding Dll control, information control and powerful.
Platform: |
Size: 22528 |
Author: siliemor |
Hits:
Description: API Hook,实现了对CreateProcess的挂钩,可以监视进程的创建。-API Hook, to achieve the linking of CreateProcess, you can create a monitoring process.
Platform: |
Size: 5688320 |
Author: 北冥之鱼 |
Hits:
Description: 在Ring0下实现保护进程,通过HOOK SSDT实现保护进程-The Ring0 achieve protection process, achieved through the protection process HOOK SSDT
Platform: |
Size: 6144 |
Author: eithack |
Hits:
« 12
3
4
5
6
7
8
9
10
...
26
»