Location:
Search - IAT HOOK
Search list
Description: IATroot为一款以Hook IAT表中的输入函数为基础的一款RootKit,功能比较完整,其中自带一个Native API的开发库及源代码。-IATroot Hook to one to table the IAT input function-based one RootK it, more functional integrity, which own a Native API development libraries and source code.
Platform: |
Size: 867926 |
Author: onlyu |
Hits:
Description: Rootkit IAT HOOK---利用内核共享内存实现IAT hook
Platform: |
Size: 40250 |
Author: rootkit |
Hits:
Description:
Platform: |
Size: 899072 |
Author: onlyu |
Hits:
Description: api挂接的一段源代码,通过c++类来实现,你只要通过对象调用函数即可-api articulated section of the source code through c++ category to achieve, you need only call the function through the object can be
Platform: |
Size: 7168 |
Author: wangwei |
Hits:
Description: 能够找出给种类型的系统Hook,包括IAT表,SSDT表等相关的钩子-VICE is a tool to find hooks.
Features include:
1. Looks for people hooking IAT s.
2. Looks for people hooking functions in-line aka detouring.
3. Looks for hooks in the System Call Table. Thanks to Tan perhaps it will fix the table in the future.
4. Looks for detour hooks in the System Call Table functions themselves.
5. Looks for people hooking IRP_MJ table in drivers. This is configurable by driver.ini.
Platform: |
Size: 67584 |
Author: 袁晓辉 |
Hits:
Description: 进程注入API的连接
标题:进程注入/ API的挂接
描述:这表明你2接口连接的技术。内隐联系测验连接和功能调整,还如何在您的代码注入到另一个VB的过程和钩子函数遥。由于离子离子亚历克约内斯库他注射演示。重要的是,你读了读的“注入”目录。
此文件来自星球源Code.com ...家庭数百万行的源代码
您可以查看关于此代码/和或投票在: http://www.Planet-Source-Code.com/vb/scripts/ShowCode.asp?txtCodeId=62338&lngWId=1
作者可能有某些保留版权此代码...请遵守它们的要求和法律的审查所有版权条件在上述乌拉圭回-The process of heading into the API connection: the process of injection/API articulated Description: This indicates that the 2 interface to connect your technology. IAT connections and functions of the adjustment, but also how to inject your code to another VB function of the process and hook away. As a result of ion-ion injection Alex Ionescu his presentation. Importantly, the time you read the " injection" directory. This document is the source from the planet Code.com ... the family millions of lines of source code you can see on this code/and or vote in: http://www.Planet-Source-Code.com/vb/scripts/ShowCode . asp? txtCodeId = 62338 & lngWId = 1 the author may have some reservations about the copyright of this code ... please observe their request and review all copyright laws in the above-mentioned conditions of the Uruguay Round
Platform: |
Size: 17408 |
Author: fangxiaowang |
Hits:
Description: 1. 内容
2. 介绍
3. 挂钩方法
3.1 运行前挂钩
3.2 运行时挂钩
3.2.1 使用IAT挂钩本进程
3.2.2 改写入口点挂钩本进程
3.2.3 保存原始函数
3.2.4 挂钩其它进程
3.2.4.1 DLL注入
3.2.4.2 独立的代码
3.2.4.3 原始修改
4. 结束语-1. The content of 2. Introduction 3. Hook method of 3.1 to run 3.2 before the hook when the hook is running 3.2.1 using the IAT hook 3.2.2 of this process to rewrite the entry point 3.2.3 of this process linked to 3.2.4 to save the original function of other processes linked to 3.2.4.1 DLL into a separate code 3.2.4.3 source 3.2.4.2 changes 4. Conclusion
Platform: |
Size: 9216 |
Author: GlenZhang |
Hits:
Description: ImportView 输入表view工具的源代码,很好学习PE结构的输入表结构,应用于IAT HOOK-ImportView input tools, source code for the table view, very good to learn the structure of PE input table structure, used in IAT HOOK
Platform: |
Size: 31744 |
Author: 张希行 |
Hits:
Description: 使用IAT HOOK 改变系统API调用行为-use IAT HOOK change the default api function behavior
Platform: |
Size: 185344 |
Author: ht Zhang |
Hits:
Description: 大家好,我们又见面啦,今天我将为各位讲述一个新故事,那就是IAT HOOK。再观看这个故事之前,需要观众确定具备两个基本能力: 1.对简单的数据结构在内存中的样子能有个宏观的理解。 2.理解运行在windows环境程序的工作原理。驱动教程-Hello everybody, we meet again, I will speak to you today a new story, that is, IAT HOOK. Then watch this story, you need to determine the audience have two basic capabilities: 1. on the simple data structure in memory looks to have a macro understanding. 2. to understand the program runs in windows environment works. Driver Guide
Platform: |
Size: 302080 |
Author: 魍酆 |
Hits:
Description: 一份相对比较简单的IAT HOOK 汇编代码 比较简短-A relatively simple IAT HOOK relatively short assembly code
Platform: |
Size: 1024 |
Author: 熊 |
Hits:
Description: 1.进程、线程、进程模块、进程窗口、进程内存信息查看,热键信息查看,杀进程、杀线程、卸载模块等功能 2.内核驱动模块查看,支持内核驱动模块的内存拷贝 3.SSDT、Shadow SSDT、FSD、KBD、TCPIP、IDT信息查看,并能检测和恢复ssdt hook和inline hook 4.CreateProcess、CreateThread、LoadImage、CmpCallback、BugCheckCallback、Shutdown、Lego等Notify Routine信息查看,并支持对这些Notify Routine的删除 5.端口信息查看,目前不支持2000系统 6.查看消息钩子 7.内核模块的iat、eat、inline hook、patches检测和恢复 8.磁盘、卷、键盘、网络层等过滤驱动检测,并支持删除 9.注册表编辑 -1 process, thread, process modules, process window, process memory information viewing, hot information to view, kill the process, kill thread, unload the module and other functions 2 kernel driver module view, to support the kernel driver module memory copy 3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, IDT information view, and can detect and recover ssdt hook and inline hook 4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine Information check, and to support their Notify Routine Delete 5 port information view, the current system does not support 2000 6 view news hook 7 kernel module iat, eat, inline hook, patches detection and recovery 8 disk, volume, keyboard, network layer filter driver detect, and support for the deletion 9. Registry Editor
Platform: |
Size: 3696640 |
Author: 接收 |
Hits:
Description: MFC实现的IAT HOOK,另外实现了HOOK按键,对初学者应有帮助!-MFC implementation IAT HOOK, HOOK key addition to achieve, should help the beginners!
Platform: |
Size: 3998720 |
Author: BZQ |
Hits:
Description: ring3下的IAT HOOK,IAT是一个IMAGE_THUNK_DATAj结构的数组。只要程序装载进内存中,就只与IAT查询信息,所以可见IAT表是一个非常重要的位置。
如果在IAT表中把某个函数的地址修改为钩子函数的地址,当调用到函数的时候,就会执行到该钩子函数中去
-the ring3 under IAT HOOK, IAT is a IMAGE_THUNK_DATAj structure array. As long as the program is loaded into memory, it is only with the IAT query information, it shows the IAT table is a very important position. IAT table, the address of a function to modify the hook function address, when the call to the function will be executed to the hook function
Platform: |
Size: 1024 |
Author: 陈峰 |
Hits:
Description: HOOK API
程序采用修改IAT的方法,也就是修改导入表。。。。。 -HOOK API
Platform: |
Size: 120832 |
Author: lym |
Hits:
Description: 这是一个dll工程。通过注入到其他进程能捕获到进程的网络收发数据。(所用技术:IAT HOOK,能截取send()、recv()等网络收发函数)-This is a dll project which can capture the data from send(),recv() and so on.
Platform: |
Size: 4096 |
Author: collin |
Hits:
Description: IAT HOOK的检测及修复示例,可用于用户态的rootkit侦测及修复。-show you how to detect and repair the IAT HOOK in user mode.
Platform: |
Size: 34816 |
Author: 催留毕 |
Hits:
Description: Ring 3 的IAT HOOK和 EAT HOOK是一种是一种改函数地址的HOOK法,类似于 SSDT HOOK。-Ring IAT HOOK and EAT HOOK 3 is a function of an address change HOOK law, similar SSDT HOOK.
Platform: |
Size: 53248 |
Author: 石林 |
Hits:
Description: 经典的IAT钩子-Classic IAT hook. . . . . . . . . .dfdfsfdsdfsdf
Platform: |
Size: 8192 |
Author: zzz |
Hits:
Description: IAT钩取技术代码,可以实现对特定进程和特定函数钩取,提供两种钩取方式:inline hook以及跳转hook
Platform: |
Size: 470536 |
Author: 1870113444@qq.com |
Hits: