Location:
Search - IAT HOOK
Search list
Description: 一个通过修改DLL文件的IAT表来实现的hook开发包源码-A DLL file by modifying the IAT table to achieve the hook development kit source
Platform: |
Size: 190464 |
Author: 站长 |
Hits:
Description:
1. 内容
2. 介绍
3. 挂钩方法
3.1 运行前挂钩
3.2 运行时挂钩
3.2.1 使用IAT挂钩本进程
3.2.2 改写入口点挂钩本进程
3.2.3 保存原始函数
3.2.4 挂钩其它进程
3.2.4.1 DLL注入
3.2.4.2 独立的代码
3.2.4.3 原始修改
4. 结束语-1. Content 2. Introduction 3. Linked to the former method of operation linked 3.1 3.2 Runtime 3.2.1 to enable linking IAT linked with the process of rewriting the point of entry 3.2.2 linked to the process of preserving the original function 3.2.3 3.2.4 linked to other DLL injection process 3.2.4.1 3.2.4.2 3.2.4.3 independent of the original code amendments changed four. Concluding remarks
Platform: |
Size: 11264 |
Author: flyfan |
Hits:
Description: 开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points.
Platform: |
Size: 200704 |
Author: 齐欢乐 |
Hits:
Description: 使用系统IAT表查找要Hook的函数地址,然后进行挂钩。本代码Hook的是TextOut函数。-IAT table to find using the system to Hook a function of address, and then proceed to link. Hook this code is the TextOut function.
Platform: |
Size: 37888 |
Author: 骆爽 |
Hits:
Description: Rootkit IAT HOOK---利用内核共享内存实现IAT hook-Rootkit IAT HOOK--- realize the use of shared memory kernel IAT hook
Platform: |
Size: 39936 |
Author: rootkit |
Hits:
Description: API HOOK源码,自己写的,C++源码,使用的也是定位IAT表,获取需要HOOK的API,然后HOOK并处理~-API HOOK source, wrote it myself, C++ Source, the use of the IAT is also positioning table, access to the needs of HOOK the API, and then HOOK and processed ~
Platform: |
Size: 18432 |
Author: dylan |
Hits:
Description: 使用ROOTKIT技术,实现ITA HOOK-ITA_HOOK
Platform: |
Size: 256000 |
Author: rootkit |
Hits:
Description: IAT HOOK I just try to hook a api call with John Chamberlain s source code. The code works, but nothing happen when i call CreateProcess in an other application. Why
Platform: |
Size: 2048 |
Author: RDGMax |
Hits:
Description: 通过修改iat输入表来hook api,本例子实现如何去hook非静态调用的api-Iat table by modifying the input to hook api, the example of the realization of how to hook the api call non-static
Platform: |
Size: 3712000 |
Author: 李泽球 |
Hits:
Description: Sample for how to hook IAT table
Platform: |
Size: 31744 |
Author: trumken |
Hits:
Description: 本文从难易程度上主要分三块详细介绍:一.用户模式Hook:IAT-hook,Dll-inject 二.内核模式Hook:ssdt-hook,idt-hook,int 2e/sysenter-hook 三.Inline Function Hook -In this paper, Difficulty Level 3 detail the main points: 1. User Mode Hook: IAT-hook, Dll-inject 2. Kernel-mode Hook: ssdt-hook, idt-hook, int 2e/sysenter-hook 3. Inline Function Hook
Platform: |
Size: 14336 |
Author: lee |
Hits:
Description: this is a simple IAT Hook Dll , whick hooks function send in ws2_32.d-this is a simple IAT Hook Dll , whick hooks function send in ws2_32.dll
Platform: |
Size: 2048 |
Author: 12usver12 |
Hits:
Description: API拦截pdf的手册,里面讲解了Injection\IAT HOOK,以及实现的代码,还讲解了驱动层的HOOK部分-API interception pdf manual, which explains Injection \ IAT HOOK, and the realization of the code, but also explain part of the driver layer HOOK
Platform: |
Size: 129024 |
Author: jibagan |
Hits:
Description: 屏幕取词功能实现方法2 一个通过修改DLL文件的IAT表来实现的hook开发包源码--Screen Translation Method 2 to achieve a functional DLL file by modifying the IAT table to achieve the hook development kit source code-
Platform: |
Size: 172032 |
Author: py |
Hits:
Description: Delphi IAT Hook API(沒使用到Dll,我打算用CreateRemoteThread來實現Hook,可以說還沒完成)-Delphi IAT Hook API
Platform: |
Size: 357376 |
Author: asd |
Hits:
Description: IAT Hook in vb it can to iplementation to Antivirus enggine
Platform: |
Size: 5120 |
Author: erix |
Hits:
Description: Il y a quelques temps, j avais publié sur le blog la technique de l IAT Hook qui permettait de détourner l appel d une fonction via la table d importation.
Mais cela a ses limites: si vous posez un hook après que le programme ai récupéré l adresse de la fonction, cela ne fonctionnera pas. De même si le programme a utilisé GetProcAddress.
Ici, nous changeons donc de tactique: plutô t que de modifier l adresse de la fonction, nous allons modifier le code de la fonction pour la faire sauter via l instruction JMP (0xE9) sur notre fonction.
Pour ce faire, j ai donc dû calculer la taille des instructions et j ai donc utilisé le projet x86ime.
-Il y a quelques temps, j avais publié sur le blog la technique de l IAT Hook qui permettait de détourner l appel d une fonction via la table d importation.
Mais cela a ses limites: si vous posez un hook après que le programme ai récupéré l adresse de la fonction, cela ne fonctionnera pas. De même si le programme a utilisé GetProcAddress.
Ici, nous changeons donc de tactique: plutô t que de modifier l adresse de la fonction, nous allons modifier le code de la fonction pour la faire sauter via l instruction JMP (0xE9) sur notre fonction.
Pour ce faire, j ai donc dû calculer la taille des instructions et j ai donc utilisé le projet x86ime.
Platform: |
Size: 278528 |
Author: Lord Noteworthy |
Hits:
Description: 对所有hook技术进行封装,如inline hook iat hook等
Platform: |
Size: 6240 |
Author: 1099850078@qq.com |
Hits:
Description: 通过分析PE文件格式,修改函数入口点,实现IAT HOOK-By analyzing PE file format, modify the function entry points, for IAT HOOK
Platform: |
Size: 118784 |
Author: YQH |
Hits: