[钩子与API截获] Win32Application
api函数,获取系统时间,实现比较简单,上传加分撒
api function to get the system time, relatively simple, upload a plus Caesar (2013-10-25, Visual C++, 38KB, 下载8次)
[钩子与API截获] BHO
淘宝客PID劫持插件源码,专门劫持淘宝客PID的
Taobao PID hijacked plugin source, specifically hijacking Taobao off the PID (2013-08-22, Visual C++, 89KB, 下载29次)
[钩子与API截获] networkchuantou
穿网维还原下载者 附C 源码,最新穿透下载。,破网吧
Wear mesh dimension restore those who download the attached C source code, download the latest penetration. , Breaking cafes (2012-11-25, Visual C++, 32KB, 下载25次)
[钩子与API截获] lpk-1.0-vc
带网上开源的lpk.dll .cpp
主要功能:自定义劫持加用户 邮箱发信 传回用户名
dll劫持、。同目录运行exe自动加载我们生成的lpk.dll 成功执行我们的自定义劫持的代码 (加用户)
With open-source online lpk.dll. Cpp main function: letter returns the user name dll hijack hijacked add custom user mailboxes. The same directory run the exe automatically load we generate the lpk.dll of successful implementation of our custom-hijacking code (and user) (2012-07-17, Visual C++, 205KB, 下载140次)
[钩子与API截获] InLineHookMajorFunction
InLine Hook DISK MajorFunction
自己写的 测试时发现过不了小红伞 卡巴斯基 XueTr 因为过不了 所以放出源代码 代码写的不好
其实改改还是可以过的!
The InLine Hook, DISK MajorFunction to write their own test and found not red umbrella Kaspersky XueTr had not so release the source code badly written (2012-06-09, Visual C++, 74KB, 下载7次)
[钩子与API截获] DetoursTest_Dll
detours3.0 钩子实例 基于x86 32位操作系统 本工程是自己写的 适合初学者借鉴
detours3.0 Program Designed by myself (2012-02-10, Visual C++, 1571KB, 下载10次)
[钩子与API截获] irpHook
IRP钩子隐藏所有通讯端口加图片IRP hooks hide all communication ports plus pictures
IRP hooks hide all communication ports plus pictures (2011-08-11, Visual C++, 317KB, 下载6次)
[钩子与API截获] SSDT--11
SSDT的全稱是System Services Descriptor Table,系統服務描述符表。這個表就是一個把ring3的Win32 API和ring0的內核API聯繫起來。SSDT並不僅僅只包含一個龐大的位址索引表,它還包含著一些其他有用的資訊,諸如位址索引的基底位址、服務函數個數等。
通過修改此表的函數位址可以對常用windows函數及API進行hook,從而實現對一些關心的系統動作進行過濾、監控的目的。一些HIPS、防毒軟體、系統監控、註冊表監控軟體往往會採用此介面來實現自己的監控模組,
目前極個別病毒確實會採用這種方法來保護自己或者破壞防毒軟體,但在這種病毒進入系統前如果防毒軟體能夠識別並清除它將沒有機會發作.
SSDT s full name is System Services Descriptor Table, the system service descriptor table. This is a table of the Win32 API and ring0 ring3 kernel API link. SSDT is not only a huge address contains only the index table, it also contains some other useful information, such as the address of the index base address, the number of functions and other services.
Function by modifying the address of this table can be used for windows functions and API hook, in order to achieve the action of some concern to filter systems, surveillance purpose. Some HIPS, antivirus software, system monitoring, registry monitoring software often uses this interface to implement its own monitoring module,
At present very few virus does use this method to protect themselves or to destroy anti-virus software, but if the virus before the antivirus software into the system and clear it will not be able to identify opportunities to attack. (2011-08-08, Visual C++, 328KB, 下载12次)
[钩子与API截获] HookDialg
Ctrl加鼠标左键模拟鼠标右键操作,用
于鼠标右键不能使用的情况.
Ctrl plus the left mouse button right analog operation (2010-07-16, Visual C++, 5201KB, 下载6次)
[钩子与API截获] Shell_MsgBox_dlg
本实例程序包含两部分,第一部分是加壳程序(Shellcode.asm),负责把一段代码注入到另外的一个程序中;第二部分是用于加壳的程序(attach.asm),这段代码将被写入到另外的一个程序中。被加壳的程序是calc.exe,如果此文件被加壳成功,当运行calc.exe后,程序先弹出对话框,按“确定”按钮后,程序将继续运行并弹出“计算器”界面
This example program contains two parts, first part is packers program (Shellcode.asm), responsible for a piece of code into a program to another second part is the procedure for the packers (attach.asm), this code will be written to another in a program. By packers procedure is calc.exe, if this file is packers to succeed, you run calc.exe, the program first pop-up dialog box, click " OK" button, the program will continue to run and pop-up " calculator" interface (2010-05-12, Visual C++, 52KB, 下载45次)
[钩子与API截获] He4Boot
俄罗斯的文件隐藏rootkit,用到了Boot启动技术
Russia' s documents hidden rootkit, used to start the Boot Technology (2009-08-19, Visual C++, 32KB, 下载32次)
[钩子与API截获] MyKing
这是本人做的屏幕取词,取词成功率93 。在2000下稳定运行,在XP下跟explorer进程有点冲突。可以取到网页、WORD、PDF目录、360界面。测试表明,卡巴斯基检测不到钩子这种行为。
This is the Screen I do taking the success rate of 93 of the word. Under the stable operation in 2000, in XP a bit of conflict with the explorer process. Can be taken to the page, WORD, PDF catalog, 360 interface. Test showed that Kaspersky hook such acts could not be detected. (2009-08-04, Visual C++, 5648KB, 下载64次)
[钩子与API截获] CeApiSpy
这软件可以截获系统api操作, 如文件操作, CreatProcess, LoadLibary, 为开发和Bug调试提供方便。 也可以成为病毒扫描, 文件加解密, 程序控制的一部分
This software can be intercepted system api operation, such as file operations, CreatProcess, LoadLibary, for the development and Bug facilitate debugging. Can also be a virus scanning, file encryption and decryption, process control as part of (2009-03-13, Visual C++, 150KB, 下载42次)
[钩子与API截获] ApiSpy
参照95系统程式大奥秘最后一个APISPY32程序。里面有我加的详细注释,适合初学者理顺思路。包括工程文件。一些没有加注释的请参考程式大奥秘。另:还没有写加载器。可以手工在刺探程序中显示调用LoadLibrary,重点在学习堆栈和IAT。请注意汇编和C之间的函数互调。
95 major programs with reference to the mysteries of the last APISPY32 procedures. There are detailed notes I added, suitable for beginners and straighten out the idea. Including engineering documents. No increase in the Notes program please refer to the big mystery. Other: no write loader. Manual procedures can be displayed in the spy call LoadLibrary, focused on learning the stack and the IAT. Please note that the compilation and C between the intermodulation function. (2008-03-12, Visual C++, 31KB, 下载24次)
[钩子与API截获] TIcon2
一剑N招小工具,利用hook技术实现Ctrl加键盘上数字键可方便启动你想要启动的应用程序.还可以实现窗口最上定位.方法是点住图片不要释放,将其拖到要定位的窗口标题栏即可
sword strokes small tools, use Ctrl hook technology increases the number keys on the keyboard can start your convenience wanted to start the application. The window can also be the most on positioning. Living point is not to release photographs of their positioning dragged to the window title bar can (2005-05-15, Visual C++, 232KB, 下载14次)