Description: 微软提供的截取Win32 API函数的开发包和例子1.5版本-SDK and example in 1.5 version of hooking Win32 API which are provided by Microsoft Platform: |
Size: 605184 |
Author:站长 |
Hits:
Description: 微软API截获库,该代码也包含在MSDN的例子中。-intercepted the Microsoft API, the code also included in the MSDN examples. Platform: |
Size: 609280 |
Author:fishxz |
Hits:
Description: 微软提供的截取Win32 API函数的开发包和例子 1.5版-Microsoft Win32 API function interception Development Kit version 1.5 and examples Platform: |
Size: 529408 |
Author:rivershan |
Hits:
Description: 开始,运行输入 sigverif
通过检查数字签名就知道是不是ms的了。
主要使用Win32API实现验证应用或驱动程
WinVerifyTrust API。如果该API被Hook有没有其他方法验证应用或驱动程序是否通过微软签名?如果仅仅是被挂钩了IAT,那么可以直接通过函数指针调用。
如果是像Detours那样用jmp改写了函数头,可以通过读取WinTrust.dll中WinVerifyTrust的实现位置,恢复函数头的机器码。
不知道使用CryptoAPI,再使用指定的Microsoft证书
是不是更好一点,不容易被欺骗
怕调api被hook的话,自己将验证的代码写出来,用openssl应该容易点。-Start, Run enter sigverif by checking the digital signature is not on the know of the ms. Win32API realize the main use of the application or driver to verify WinVerifyTrust API. If the API was Hook has no other way to verify whether the application or driver through Microsoft Signed? If merely being linked to the IAT, you can call directly through the function pointer. If it is used as the Detours as to alter the function jmp head, can be read in WinVerifyTrust Wintrust.dll realize the location, the restoration of function of the binary header. Do not know the use of CryptoAPI, and then use the specified certificate is not Microsoft a little better, not easy to be deceived by fear api tune hook, then he would write the code to verify, using openssl should be easy points. Platform: |
Size: 200704 |
Author:齐欢乐 |
Hits:
Description: detours-1,5 微软提供的截取Win32 API函数的开发包和例子1,5版本-Detours- 1, 5 intercept Win32 API function provided by the Microsoft development kit and example 1, 5 version Platform: |
Size: 598016 |
Author:eatch |
Hits:
Description: detours-1,5 微软提供的截取Win32 API函数的开发包和例子1,5版本-Detours- 1, 5 intercept Win32 API function provided by the Microsoft development kit and example 1, 5 version Platform: |
Size: 462848 |
Author:eatch |
Hits:
Description: detours-1,5 微软提供的截取Win32 API函数的开发包和例子1,5版本-Detours- 1, 5 intercept Win32 API function provided by the Microsoft development kit and example 1, 5 version Platform: |
Size: 462848 |
Author:Pqter |
Hits:
Description: detours-1,5 微软提供的截取Win32 API函数的开发包和例子1,5版本-Detours- 1, 5 intercept Win32 API function provided by the Microsoft development kit and example 1, 5 version Platform: |
Size: 462848 |
Author:doqyyv |
Hits:
Description: detours-1,5 微软提供的截取Win32 API函数的开发包和例子1,5版本(Detours - 1, 5 intercept Win32 API function provided by the Microsoft development kit and example 1, 5 version) Platform: |
Size: 461824 |
Author:contraot
|
Hits:
Search - microsoft detours 1.5