Location:
Search - CreateFileA
Search list
Description: 纯汇编写的,主要拦截KERNEL32.DLL中的OpenFile、CreateFileA、CreateFileW、ReadFile、 ReadFileEx、WriteFile、WriteFileEx、DeviceIoControl等函数,HOOK到的数据未做过滤处理。
其中MYDLL利用了skyer的HOOKAPI LIB,放出源码,主程序的过程是创建进程后挂起,注入MYDLL后恢复进程,拦截过程中的相关函数
Platform: |
Size: 1803 |
Author: 张京 |
Hits:
Description: Hook CreateFileA ,Ring3下的inline Hook
Platform: |
Size: 21924 |
Author: QQ |
Hits:
Description: Hook CreateFileA ,Ring3下的inline Hook-Hook CreateFileA, Ring3 under inline Hook
Platform: |
Size: 4107264 |
Author: QQ |
Hits:
Description: HookAPI CreateFileA.rar 从("kernel32.dll")找到_T("CreateFileA"))替换-HookAPI CreateFileA.rar from (" kernel32.dll" ) to find _T (" CreateFileA" )) replace
Platform: |
Size: 8192 |
Author: |
Hits:
Description: detour hook dota中的CreateFileA函数..detour hook的用法-detour hook dota CreateFileA in the usage of the function .. detour hook
Platform: |
Size: 336896 |
Author: 韩瑞军 |
Hits:
Description: 纯汇开发的,主要拦截KERNEL32.DLL中的OpenFile、CreateFileA、CreateFileW、ReadFile、 ReadFileEx、WriteFile、WriteFileEx、、、DeviceIoControl等函数,HOOK到的数据未做过滤处理。其中MYDLL运用了skyer的HOOKAPI LIB,放出源码,主程序源码的过程是创建进程后挂起,注入MYDLL后恢复进程,拦截
-Pure exchange, the main interceptor in the OpenFile KERNEL32.DLL CreateFileA, CreateFileW the ReadFile, The ReadFileEx, the WriteFile, WriteFileEx,,, the DeviceIoControl and other functions, HOOK data without making the filter processing. Which MYDLL use the skyer the HOOKAPI the LIB release the source code, the main source of process creation process hang, injected into the recovery process after MYDLL intercept
Platform: |
Size: 2048 |
Author: 追求 |
Hits:
Description: .版本 2
hFile = CreateFileA (strFileName, #GENERIC_READ, #FILE_SHARE_READ, 0, #OPEN_EXISTING, #FILE_ATTRIBUTE_NORMAL, 0)
.如果真 (hFile = -1)
返回 (假)
.如果真结束
pFileBuff = 0
nFileSize = GetFileSize (hFile, 0)
.如果真 (nFileSize = 0)
返回 (假)
.如果真结束
pFileBuff = VirtualAlloc (0, nFileSize, #MEM_COMMIT, #PAGE_EXECUTE_READWRITE)
dwReadSize = 0
.如果真 (ReadFile (hFile, pFileBuff, nFileSize, dwReadSize, 0) = 假)
返回 (假)
.如果真结束
pBase = pFileBuff
' 判断是否是PE
p强转数组 [1] = 强制转换 (pIDH, pFileBuff)
.如果真 (pIDH.e_magic ≠ 23117)
返回 (假)
.如果真结束
ptmp = pFileBuff + 读内存整数型 (-1, pFileBuff + 60)
p强转数组 [2] = 强制转换 (pINH, ptmp)
.如果真 (pINH.Signature ≠ 17744)
返回 (假)
.如果真结束
dwMemSize = nFileSize
pAllocMem = pFileBuff
强制转换 (pIDH, p强转数组 [1])
强制转换 (pINH, p强转数组 [2])
返回 (真)(Version 2
HFile = CreateFileA (strFileName, #GENERIC_READ, #FILE_SHARE_READ, 0, #OPEN_EXISTING, #FILE_ATTRIBUTE_NORMAL, 0)
If true (hFile = -1)
Return (false)
If it is over
PFileBuff = 0
NFileSize = GetFileSize (hFile, 0)
If true (nFileSize = 0)
Return (false)
If it is over
PFileBuff = VirtualAlloc (0, nFileSize, #MEM_COMMIT, #PAGE_EXECUTE_READWRITE)
DwReadSize = 0
If true (ReadFile (hFile, pFileBuff, nFileSize, dwReadSize, 0) = false)
Return (false)
If it is over
PBase = pFileBuff
'whether the judgment is PE
P strong turn array [1] = forced conversion (pIDH, pFileBuff)
If (pIDH.e_magic = 23117)
Return (false)
If it is over
PTMP = PFileBuff read memory integer type (-1, PFileBuff60)
P strong turn array [2] = forced conversion (pINH, PTMP)
If (pINH.Signature = 17744)
Return (false)
If it is over
DwMemSize = nFileSize
PAllocMem = pFileBuff
Forced conversion (pIDH, P strong turn array [1])
Forced conversion (pINH, P strong turn array [2])
Return to (true))
Platform: |
Size: 38912 |
Author: 额反反复复
|
Hits:
Description: 易语言api hook CreateFile(Easy language hook CreateFile)
Platform: |
Size: 150528 |
Author: 龙一ss |
Hits: