Location:
Search - ring3 api hook
Search list
Description: ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc).
The difference between this method, and the standard debug API method it that this method monitores all of XP processes, and the program does not have to attach to any other process to monitor it, hence it s harder to detect.
The code currently is considered as ALPHA, and it has been reported to BSoD sometimes (on multi core/cpu machines). Take Care!
Platform: |
Size: 54007 |
Author: 张京 |
Hits:
Description: Hook Api Library 0.2 [Ring0&3] By Anskya
Email:Anskya@Gmail.com
ring3 inline hook For Api
Thank:
前29A高手也一直都是我的偶像...z0mbie大牛...这里膜拜一下
使用的LDE32引擎是翻译他老人家的...C->Delphi...
说明:
1.利用堆栈跳转
没有使用传统的jmp xxxx 长跳转,使用容易理解的push xxxx+ret
仔细看代码容易理解...封装完好.
2.内存补丁结构:
补丁1:|push xxx--钩子处理过程|ret|
补丁2:|保存原始补丁地址|保存原始地址代码长度|原始地址的代码|push xxxxxx|ret|
更新说明:
0.2:
支持Ring0 Inline Hook
0.1:
Ring3 Inline Hook
Platform: |
Size: 6347 |
Author: david |
Hits:
Description: ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (of Team Vexillium). t uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc).
The difference between this method, and the standard debug API method it that this method monitores all of XP processes, and the program does not have to attach to any other process to monitor it, hence it s harder to detect.
The code currently is considered as ALPHA, and it has been reported to BSoD sometimes (on multi core/cpu machines). Take Care!
Platform: |
Size: 53248 |
Author: 张京 |
Hits:
Description: Hook Api Library 0.2 [Ring0&3] By Anskya
Email:Anskya@Gmail.com
ring3 inline hook For Api
Thank:
前29A高手也一直都是我的偶像...z0mbie大牛...这里膜拜一下
使用的LDE32引擎是翻译他老人家的...C->Delphi...
说明:
1.利用堆栈跳转
没有使用传统的jmp xxxx 长跳转,使用容易理解的push xxxx+ret
仔细看代码容易理解...封装完好.
2.内存补丁结构:
补丁1:|push xxx--钩子处理过程|ret|
补丁2:|保存原始补丁地址|保存原始地址代码长度|原始地址的代码|push xxxxxx|ret|
更新说明:
0.2:
支持Ring0 Inline Hook
0.1:
Ring3 Inline Hook
-Hook Api Library 0.2 [Ring0
Platform: |
Size: 6144 |
Author: david |
Hits:
Description: tat hook api 在一个文件中对自身调用的api进行hook的一个例子。-tat hook api in a document of its own hook to call api
Platform: |
Size: 7168 |
Author: 王奎 |
Hits:
Description: 对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-The hook, from ring3 there are many, ring3 to ring0 there are many, according to api call progressive sequence of links, each link in the opportunity to have a hook, you can have int 2e or sysenter hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.
Platform: |
Size: 1869824 |
Author: 王小明 |
Hits:
Description: RING3 HOOK API FINDFILE函数隐藏文件-HOOK API FINDFILE
Platform: |
Size: 1024 |
Author: ly |
Hits:
Description: 使用代码注入来实现进程隐藏 而不是使用DLL注入来实现进程隐藏
没有什么高级技术 纯体力活 原理就不说了 只是没有通过DLL注入 来实现HOOK API
纯粹注入代码 邪恶二进制上 也有个代码注入的 只是用了一个未公开的函数,我还看不懂
本来想用汇编写的 发现汇编注入代码远比C注入代码来的繁 所以用C实现了
主要功能就是 隐藏进程 不过RING3的似乎没多大用 练习而已-Use code injection to achieve the process of hide instead of using DLL injection process to achieve the advanced technology hidden no principle of pure manual labor is not said is not achieved through DLL injection into the code is purely evil HOOK API also has a binary code injection is used an undisclosed function, I can not understand originally wanted to write in assembly code than the C found to inject into the assembly code to the prosperity it achieved with the C main function is to hide the process, however, seems not much RING3 only with practice
Platform: |
Size: 4096 |
Author: 张做像 |
Hits:
Description: Delphi Source Code:
=== === === === === === === ====
Magic Api Hook Engine v1.0 - Date: 2006.04.24
this is a simple all around process api hooker
UserMode(Ring3) just for WinNT family
By: Magic_h2001 - magic_h2001@yahoo.com
Home: http://magic.shabgard.org
==============================================
-Delphi Source Code:
==============================================
Magic Api Hook Engine v1.0 - Date: 2006.04.24
this is a simple all around process api hooker
UserMode(Ring3) just for WinNT family
By: Magic_h2001 - magic_h2001@yahoo.com
Home: http://magic.shabgard.org
==============================================
Platform: |
Size: 18432 |
Author: Weder |
Hits:
Description: SSDT的全稱是System Services Descriptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。
通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自己的監控模組,
目前極個別病毒確實會採用這種方法來保護自己或者破壞防毒軟體,但在這種病毒進入系統前如果防毒軟體能夠識別並清除它將沒有機會發作.
-SSDT s full name is System Services Descriptor Table, the system service descriptor table. This is a table of the Win32 API and ring0 ring3 kernel API link. SSDT is not only a huge address contains only the index table, it also contains some other useful information, such as the address of the index base address, the number of functions and other services.
Function by modifying the address of this table can be used for windows functions and API hook, in order to achieve the action of some concern to filter systems, surveillance purpose. Some HIPS, antivirus software, system monitoring, registry monitoring software often uses this interface to implement its own monitoring module,
At present very few virus does use this method to protect themselves or to destroy anti-virus software, but if the virus before the antivirus software into the system and clear it will not be able to identify opportunities to attack.
Platform: |
Size: 335872 |
Author: 小明 |
Hits:
Description: {
Ring3 Hook api Demo By Anskya
Email: Anskya@Gmail.com
www.delphibasics.co.nr
//In this example, the phrase "Hello World" is checked and changed to "Goodbye World"
}-{
Ring3 Hook api Demo By Anskya
Email: Anskya@Gmail.com
www.delphibasics.co.nr
//In this example, the phrase "Hello World" is checked and changed to "Goodbye World"
}
Platform: |
Size: 5120 |
Author: Diego |
Hits:
Description: 看雪学院Rootkit学习,1.内核Hook:对于hook,从ring3有很多,ring3到ring0也有很多,根据api调用环节递进的顺序,在每一个环节都有hook的机会,可以有int 2e或者sysenter hook,ssdt hook,inline hook ,irp hook,object hook,idt hook-See snow Institute Rootkit learning, kernel Hook: hook from ring3 many, ring3 to ring0 also the api call progressive order, every link has the opportunity to hook int 2e or sysenter. hook, ssdt hook, inline hook, irp hook, object hook, idt hook, etc.
Platform: |
Size: 1652736 |
Author: stars |
Hits:
Description: API,Ring3,全局HOOK-API interception- the Ring3 global HOOK
Platform: |
Size: 196608 |
Author: xiaolingwu |
Hits:
Description: When does the math contest end? False! God's surprise! Punch the clock! Everybody feels like it's home. The high priest is beating
Platform: |
Size: 3072 |
Author: hs英文
|
Hits: