Description: 微软公司的拦截api开发包:
All Detours functions are compatible with all x86 version of Windows NT,
Windows 2000, and Windows XP. However, under Windows 95, Windows 98, and
Windows ME, the DetourFunction* APIS do not work unless the program is
running under a debugger (the process was created with the DEBUG_PROCESS flag
on the call to the CreateProcess* APIs). Since most programs are not typically
run under a debugger, the DetourFunction* APIs do not work for most programs
on Win9x platforms.-Microsoft's interception api development kits : All Detours functions are compatible with all x 86 version of Windows NT, Windows 2000, and Windows XP. However, under Windows 95, Windows 98 and Windows ME, * DetourFunction the APIS do not work unless the program is running under a debugger (the proces 's was created with the flag on the DEBUG_PROCESS call to the CreateProcess * APIs). Since most pr ograms are not typically run under a debugger. the DetourFunction * APIs do not work for most pr ograms on Win9x platforms. Platform: |
Size: 529221 |
Author:摩尔 |
Hits:
Description: 开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points. Platform: |
Size: 200704 |
Author:齐欢乐 |
Hits:
Description: hook 函数的例子,用运了微软detours库做的,以此类推,可以实现很多功能。-hook function examples shipped with Microsoft detours of the Treasury to do, and so on, you can realize many functions. Platform: |
Size: 159744 |
Author:陆东峰 |
Hits:
Description: 阻止全局钩子的加载.使用了微软的Detours库进行API拦截。如果只是为了拦截一个函数,使用Detours好像有点儿浪费。本程序不使用Detours库,直接对LoadLibraryExW函数进行拦截。-Hook to prevent the loading of the overall situation. The use of Microsoft' s Detours library to intercept API. If only in order to intercept a function, use the Detours seems a bit wasteful. This procedure does not use the Detours library, direct-to-interception LoadLibraryExW function. Platform: |
Size: 12288 |
Author:高军 |
Hits:
Description: 微软hook 库 sdk 开发包 64位版本,微软hook 库 sdk 开发包 64位版本-Microsoft hook library sdk development kit 64-bit version of Microsoft hook library sdk development kit 64-bit version of the Platform: |
Size: 114688 |
Author:水月 |
Hits:
Description: 是对系统钩子的一个简单示例,用了微软的detours技术,很简单,一看就会-Hook is a simple example of the system, using Microsoft' s detours technology is simple, a look will be. . . Platform: |
Size: 159744 |
Author:laijiyun |
Hits:
Description: 使用微软detours库编写的API拦截函数,本代码主要提供了拦截recv函数的例子,其他函数的拦截可以参考例子编写-Detours library prepared using Microsoft API interception function, the code provides a blocking recv function key example of other function block can refer to the example of the preparation Platform: |
Size: 15767552 |
Author:david |
Hits:
Description: Microsoft® Detours latest release was in December 2006. Now times have changed and the NET
Framework has become more and more popular. Besides the well known unmanaged code hooking,
EasyHook provides a way to hook unmanaged code from a managed environment.-Microsoft® Detours latest release was in December 2006. Now times have changed and the NET
Framework has become more and more popular. Besides the well known unmanaged code hooking,
EasyHook provides a way to hook unmanaged code from a managed environment. Platform: |
Size: 10252288 |
Author:Myron Tan |
Hits:
Description: 基于Detours的文件操作监控方案,Detours是微软官方的工具-Detours file operations based monitoring program, Detours is the official Microsoft tool Platform: |
Size: 302080 |
Author:licong |
Hits:
Description: 类似微软的Detours,API HOOK库,支持X86/X64-Similar to the Microsoft Detours, API HOOK library support X86/X64 Platform: |
Size: 803840 |
Author:zhuangge |
Hits:
Description: Show to hook some windows api.
this is like the famous detours from microsoft.*
Here the source version of the solution-Show how to hook some windows api.
this is like the famous detours from microsoft.*
Here the source version of the solution Platform: |
Size: 72704 |
Author:pepe57 |
Hits:
Description: EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.-EasyHook starts where Microsoft Detours ends. This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software. Platform: |
Size: 1777664 |
Author:l |
Hits:
Description: 微软Detours钩子库的DLL版。采用VS2012重新编译,生成stdcall的DLL,方便其他开发工具调用。已经测试了可以在Delphi中调用成功。-Microsoft Detours hook API, DLL version . Recompiled using VS2012 to generate stdcall functions, facilitate other development tools called. Have tested can be successfully invoked in Delphi. Platform: |
Size: 49152 |
Author:Chris Liu |
Hits: