ring3 inline hook例子
来源:互联网 发布:创维电视直播软件 编辑:程序博客网 时间:2024/05/20 03:38
ring3 inline hook例子
#include <Windows.h>#include <stdio.h>#include <tchar.h>//修改API入口为mov eax,00400000; jmp eax 跳转到自己的函数BYTE NewBytes[8] = {0xB8,0x0,0x0,0x40,0x0,0xFF,0xE0,0x0};BYTE OldBytes[8] = {0};FARPROC CreateFile_addr;HANDLE WINAPI MyCreateFile(__in LPCSTR lpFileName, __in DWORD dwDesiredAccess, __in DWORD dwShareMode, __in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes, __in DWORD dwCreationDisposition, __in DWORD dwFlagsAndAttributes, __in_opt HANDLE hTemplateFile){MessageBoxA(NULL,"MyCreateFile",0,0);// Resume API head 8 bytesWriteProcessMemory(INVALID_HANDLE_VALUE,(void*)CreateFile_addr,(void*)OldBytes,8,NULL);printf("lpFileName is %s\n",lpFileName);HANDLE hFile = CreateFileA(lpFileName,dwDesiredAccess,dwShareMode,lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,hTemplateFile);// write jmp 语句,继续Hook//WriteProcessMemory(INVALID_HANDLE_VALUE,(void*)CreateFile_addr,(void*)NewBytes,8,NULL);return hFile;}void main(){HMODULE hMod_kernel32 = LoadLibraryA("Kernel32.dll");CreateFile_addr = GetProcAddress(hMod_kernel32,"CreateFileA");printf("CreateFileA_Addr is %x\n",CreateFile_addr);//printf("MyCreateFileA_Addr is %x\n",MyCreateFile);// 读出createfile的前8个字节if ( ReadProcessMemory(INVALID_HANDLE_VALUE,CreateFile_addr,OldBytes,8,NULL)==0 ){printf("ReadProcessMemory error\n");return;}printf("OldBytes is %x%x%x%x%x%x%x%x\n",OldBytes[0],OldBytes[1],OldBytes[2],OldBytes[3],OldBytes[4],OldBytes[5],OldBytes[6],OldBytes[7]);// 将NewBytes改成my函数地址*(DWORD*)(NewBytes+1) = (DWORD)MyCreateFile;printf("NewBytes is %x%x%x%x%x%x%x%x\n",NewBytes[0],NewBytes[1],NewBytes[2],NewBytes[3], NewBytes[4],NewBytes[5],NewBytes[6],NewBytes[7]); //写入跳转,开始hookWriteProcessMemory(INVALID_HANDLE_VALUE,CreateFile_addr,NewBytes,8,NULL);HANDLE hFile=CreateFileA("c:\\1.txt",GENERIC_ALL,FILE_SHARE_READ,0,CREATE_ALWAYS,0,0);CloseHandle(hFile);}
- ring3 inline hook例子
- Ring3 IAT Hook例子
- Ring3下Inline Hook MessageBox
- Ring3下Inline Hook API
- Inline Hook(ring3) 简单源码
- Ring3下Inline Hook API
- ring3 Inline Hook 恢复(附源码)
- Ring3 下 API Inline Hook 优化方案探索与实现
- ring3下伪装进程名绕过HS 部分Inline hook (by 小枫)
- IAT HOOK RING3
- IAT HOOK RING3
- Inline Hook
- Inline Hook
- inline hook
- inline hook
- Inline Hook
- Inline Hook
- inline hook
- 线程池原理及创建
- LINUX系统学习笔记05-压缩与解压缩
- Handler+thread 加载网络图片
- HTML5未来发展的六大趋势
- Android init.rc解析
- ring3 inline hook例子
- 冷备份---删除控制文件
- 统计一个字符串中字符出现的次数(带上机课时候发现学生都有很好的思路bitmap)
- R类反射混淆,找不到资源ID
- 用Gvim建立IDE编程环境 (Windows篇)
- 21个常用的PHP函数代码段
- Ring3 IAT Hook例子
- 一个高效的内存池实现
- 文件系统
