[钩子与API截获] ManagedSpy
有不少开发者使用Visual Studio® 提供的工具Spy++。使用Spy++,你可以了解一个运行中的应用程序的窗体布局或确定一个导致bug的特定窗体消息。然而,当你创建一 个基于Microsoft® .NET框架的应用程序,Spy++变得不太管用了,因为由Spy++截取窗体消息和类不能与开发者使用或甚至看到的任何事情通信。
开发者真正所想看到的 是被托管的事件和属性值。
本文描述如何使用一个名为ManagedSpy的新工具并且它的关联库ManagedSpyLib,它们均可从MSDN® Magazine网址下载。与Spy++显示Win32® 信息比如窗体类、样式和消息相似,ManagedSpy显示托管控件、属性和事件。ManagedSpyLib允许你以编程方式访问另一个进程中的 Windows® 窗体控件。你可以获得并设置属性以及在你自己的代码中事件上同步。ManagedSpyLib也可以帮助你创建测试带(test harnesses)并且可以执行窗体、消息和事件记录(event logging)。
Many developers use Visual Studio ® provides the tools Spy++. Using Spy++, you can learn about a running application form layout or cause the bug to determine a specific form messages. However, when you create one based on Microsoft ® . NET Framework applications, Spy++ becomes less useful, because by the Spy++ class can not intercept messages and forms with the developer to use or even seen anything communication.
The developers really want to see is being hosted events and attribute values.
This article describes how to use a new tool called ManagedSpy and its associated libraries ManagedSpyLib, they can be downloaded from the MSDN ® Magazine. With Spy++ displays Win32 ® information such form class, style and message similar to, ManagedSpy show managed controls, properties, and events. ManagedSpyLib allows you to programmatically access another process in the Windows ® Forms controls. You can get and set properties as well as in your own code event syn (2013-08-21, Visual C++, 187KB, 下载25次)
[钩子与API截获] Shield(en-us)5.1.7
5.1.7更新记录:
1.修复Windows7系统无法运行的bug。
2.精简掉了启动器,直接运行"盾.exe"即可使用。
5.1.6更新记录:
1.修复5.1.2版本存在的4个bug。
2.应要求对设置向导进行了汉化。
5.1.2更新记录:
重写设置向导与主程序,精简大量代码,增强Hook稳定性,屏蔽除Ctrl、Alt、Delete之外所有按键,已屏
蔽任务管理器,改进美化效果与可靠性,修复已知bug7个。
目前程序已知尚未修复bug一个:
U盘需在运行之前插入USB接口,否则加密值会出现异常,有兴趣的可以调试调试。
使用方法:
使用启动器(ShieldLauncher.exe)启动程序,第一次使用需要配置使用信息,可跟随设置向导完成操作。
配置完成使用信息可以开始使用,插入U盘既解锁,拔出既锁定,在任意位置单击鼠标右键可启动
虚拟键盘(再次单击关闭),虚拟键盘可以输入备份密码以应对U盘丢失等状况。
替换背景:
将与当前显示器分辨率相同的图片替换程序根目录下的"BackImage.jpg",文件名须完全一致(包
括大小写),目前仅支持JPG格式。
此源代码给新手以作学习编程思想之用,老鸟掠过。
加密算法模块、动态链接库来源于互联网。
作者:Vida
5.1.7 update records:
1.Repair Windows7 system can not run bug.
2.Streamline off the starter directly run the "shield. Exe "can be used.
5.1.6 update records:
4 bug fix 5.1.2 versions.
2.Request Setup Wizard finished.
5.1.2 update records:
Override the setup wizard with the main program, streamlining a lot of
code, enhance Hook stability, shielding In addition to the Ctrl, Alt,
Delete button, has screen
Shelter Task Manager to improve beautifying effect and reliability fix
known bug7.
Program known yet to fix the bug:
U disk into the USB interface need to run before or encrypted value
abnormal interested can debug.
How to use:
Program of using starter (ShieldLauncher.exe) start, first you need to
configure the use of information, follow the setup wizard to complete
the operation.
Configured to use information you can start using the insert U disk both
unlock, pull both locked, click the right mouse button can be in (2013-03-29, Visual Basic, 1497KB, 下载6次)
[钩子与API截获] hook
windows下钩子编程的方法 钩子HOOK函数是Windows消息处理机制的一部分,通过设置“钩子”,应用程序可以在系统级对所有消息、事件进行过滤,访问在正常情况下无法访问的消息。当然,这么做也是需要付出一定的代价的。由于多了这么一道处理过程,系统性能会受到一定的影响,所以大家在必要的时候才使用“钩子”,并在使用完毕及时将其删除
windows under hook programming hooks HOOK function is part of the Windows message handling mechanism, by setting the " hook" the application of all messages in the system-level, event filtering, access the message can not be accessed in normal circumstances. Of course, to do so is also the need to pay a certain price. More such a process, the system performance will be affected to some degree, so we use only when necessary " hook" , and its use is completed in a timely manner to remove (2013-03-10, Visual C++, 107KB, 下载3次)
[钩子与API截获] the-DLL-Trojans-(simple-articles)
VC++动态链接库编程之DLL木马(简单篇)
DLL在程序编制中可作出巨大贡献,它提供了具共性代码的复用能力。但是,正如一门高深的武学,若被掌握在正义之侠的手上,便可助其仗义江湖;但若被掌握在邪恶之徒的手上,则必然在江湖上掀起腥风血雨。
A dynamic link library programming of the VC++ the DLL Trojans (simple articles) DLL programming make a significant contribution, it provides the ability to reuse a common code. However, as a profound martial art, if they are lies in the hands of the justice of the Xia, you can help them generous attempts rivers and lakes However, if mastered, is bound to set off a reign of terror on the rivers and lakes in the hands of evil. (2012-11-30, Visual C++, 3KB, 下载5次)
[钩子与API截获] APIH00k
API钩子系统一般框架
通常,我们把拦截API的调用的这个过程称为是安装一个API钩子(API Hook)。一个API钩子基本是由两个模块组成:一个是钩子服务器(Hook Server)模块,一般为EXE的形式;一个是钩子驱动器(Hook Driver)模块,一般为DLL的形式。
钩子服务器主要负责向目标进程注入钩子驱动器,使得钩子驱动器运行在目标进程的地址空间中,这是关键的第一步,而钩子驱动器则负责实际的API拦截处理工作,以便在我们所关心的API函数调用的之前或之后能做一些我们所希望的工作。一个比较常见的API钩子的例子就是一些实时翻译软件(像金山词霸)中必备的的功能:屏幕抓词。它主要是对一些Win32 API中的GDI函数进行了拦截,获取它们的输入参数中的字符串,然后在自己的窗口中显示出来。
针对上述关于API钩子的两个部分,有以下两点需要我们重点考虑的: 选用何种DLL注入技术,以及采用何种API拦截机制。
本篇文章来源于 黑基网-中国最大的网络安全站点 原文链接:file:///C:/Documents 20and 20Settings/jingtianzi/桌面/最新资料/黑客编程:hook系统函数-学院-黑基网.mht
General framework for API hook system
Usually, we called this process intercept API calls is to install an API hook (API Hook,). An API hooks basically consists of two modules: one is the hook server (Hook, Server) module, generally in the form of EXE a hook drive (Hook Driver) module, generally in the form of a DLL.
Hook server is mainly responsible to the target process inject hook driver device, hook-driven devices running on the target process address space, a critical first step, while the hook-driven device is responsible for the actual API to intercept processing so that in we are concerned with API functions before or after the call to do something we want. Example of a common API hook is some real-time translation software (such as necessary.) Function: screen grab word. It is mainly to intercept some of the Win32 API GDI functions to obtain the string in the input parameters, and then displayed in its own window.
For the two parts of the API hook, the following two ke (2012-05-19, Visual C++, 542KB, 下载31次)
[钩子与API截获] Win_HOOK
Windows系统采用的是事件驱动的机制,也就是说,整个系统都是通过消息的传递来实现的。而钩子是Windows系统中非常重要的系统接口,它可以截获并处理送给其他应用程序的消息,来完成普通应用程序难以实现的功能。钩子可以监控系统或进程中的各种事件消息,截获发往目标窗口的消息并进行处理。我们可以在系统中安装自定义的钩子,监视系统中特定时间的发生,完成特定的功能。比如截获键盘、鼠标的输入、屏幕取词、日志监视等等。可见、利用钩子可以实现许多特殊而有用的功能。因此,对于高级编程人员来说,掌握钩子的编程方法是很有必要的。本文将详细地介绍钩子的基础知识和钩子的实现。最后介绍两个应用实例,类似金山词霸屏幕取词功能的鼠标钩子和利用键盘钩子屏蔽任意键。
Windows system USES is the event-driven mechanism, that is to say, the whole system are all through the news transfer to fulfill. Windows system and hook is very important in the system interface, which can be intercepted and treatment given to other applications of news, to perform common applications to realize the function. Hook can monitor system, or process of various events news, interception sent to target window message and for processing. We can in system installation custom hooks, surveillance system specific time the occurrence, to perform a specific function. For instance intercepted a keyboard, mouse input, bingmuquci, log surveillance, and so on. Visible, using hook can realize many special and useful function. So, for a high-level programming workers, grasp hook programming method is very necessary. This paper will detail hooks elementary knowledge and the realization of the hook. It introduces two examples, similar powerword bingmuquci function mouse hooks and using a k (2010-11-26, Visual C++, 10KB, 下载21次)
[钩子与API截获] HookMouse
一个简单的鼠标钩子程序
Windows系统是建立在事件驱动的机制上的,说穿了就是整个系统都是通过消息的传递来实现的。而钩子是Windows系统中非常重要的系统接口,用它可以截获并处理送给其他应用程序的消息,来完成普通应用程序难以实现的功能。钩子的种类很多,每种钩子可以截获并处理相应的消息,如键盘钩子可以截获键盘消息,外壳钩子可以截取、启动和关闭应用程序的消息等。本文在VC6编程环境下实现了一个简单的鼠标钩子程序,并对Win32全局钩子的运行机制、Win32 DLL的特点、VC6环境下的MFC DLL以及共享数据等相关知识进行了简单的阐述。
A simple mouse hook procedure
Windows system is based on event-driven mechanism, and put it bluntly, is that the whole system through message passing to achieve. The hook is a very important Windows system, the system interface, you can use to intercept and handle messages sent to other applications to complete the application difficult to achieve normal function. Many different types of hooks, each hook can intercept and process the corresponding message, such as a keyboard hook to intercept keyboard messages, shell hooks can be intercepted, start and close applications news. In this paper, VC6 programming environment to achieve a simple mouse hook procedure, and the global hook Win32 operating mechanism, Win32 DLL characteristics, VC6 environment MFC DLL, as well as sharing of data and other related knowledge of the brief explanation. (2009-10-20, Visual C++, 46KB, 下载45次)
[钩子与API截获] DisableWindowsKeys
用VB编程实现锁定计算机键盘,主要功能就是禁止键盘上的任意按键,同时还可以为软件设置密码,禁用任务管理器,保存当前设置;另外还可在任务栏添加小图标和任务管理器"应用程序"及"进程"隐藏进程的功能,并且锁定计算机后禁止使用屏保密码,可以使用快捷键解锁。
Programming with VB computer keyboard lock, main function is to prohibit any key on the keyboard, while software can also set a password, disable Task Manager, save the current settings the other can also add a small icon on the taskbar and Task Manager browser " application" and " process" function of the hidden process, and after locking the computer screen to prohibit the use of your password, you can use shortcut keys to unlock. (2009-05-11, Visual Basic, 25KB, 下载38次)
[钩子与API截获] PureDll
这是一个利用纯W32 DLL文件进行HOOK编程的源代码,不含MFC架构
1、用VC向导生成Win32 Dll
2、手动加入def文件,其中内容与MFC 规则DLL中相同
3、DllMain中的第一个参数是HANDLE类型的,强制转换成HINSTANCE型的
4、令SetWindowsHook中的参数App->hInstance变为DllMain中初始化的Instance
5、确保程序中不出现MFC的东西
This is a use of pure W32 DLL files HOOK programming source code, MFC framework does not contain one, using VC Wizard generates Win32 Dll2, manually add def files, the content of the rules of DLL with MFC in the same 3, DllMain first parameter is the HANDLE type, forced into HINSTANCE type 4, so SetWindowsHook parameters App- (2008-03-19, C/C++, 14KB, 下载21次)
[钩子与API截获] Hook
钩子(hook)是Windows消息处理机制的一部分,用户应用程序设置钩子后就可截获所有Windows系统消息。钩子安装成功后就可通过钩子的过程处理函数处理所截获的消息。通常将钩子的安装及处理函数放在动态链接库中,供系统中每个进程调用。钩子安装后会对系统产生一定的影响。因此在使用完钩子后应及时将其释放掉。
动态链接库编程编译、链接生成的*.dll和*.lib文件可供其他调用DLL的应用程序使用。
Hook (hook) is a Windows message processing part of the mechanism, the user application settings can be intercepted after the hook all Windows system message. After the success of hook can be installed through the process of hook handler to deal with the intercepted message. Usually hook the installation and handling functions on the dynamic link library for the system call for each process. Hook after the installation of the system have a certain impact. Therefore, after you are finished using the hook should be released promptly lost. Dynamic Link Library programming compiler, link-generated*. dll and*. lib files for other applications that call the DLL to use. (2007-11-25, Visual C++, 778KB, 下载76次)
[钩子与API截获] testhook
从屏幕抓词的技术实现。现在的即时翻译软件种类很多,使用方法也各有千秋,但它们大都有一个 共同的特点:鼠标指到哪儿,就翻译它下面的单词。这大大地方便了用户,但是 从一个编程人员的角度来看就不那么轻松了。因为没有一个方便的函数 类似”GetWordUnderMouse()”可以得到鼠标下面的单词,那么这些软件是怎么 做的呢?经常在BBS和mailing list里看到和我同样困惑的问着相同问题的网友们。 经过痛苦地研究后,我找到了一种实现的方法,现拿出来和大家共享。 注:这个程序是为NT定做的,只能在NT下运行。 (2007-09-14, Visual C++, 15KB, 下载18次)
http://www.pudn.com/Download/item/id/333151.html[钩子与API截获] mousehook
实现适时获取当前鼠标所在窗口的标题,并将其显示在一个EDITBOX中. Windows系统是建立在事件驱动的机制上的,说穿了就是整个系统都是通 过消息的传递来实现的。而钩子是Windows系统中非常重要的系统接口, 用它可以截获并处理送给其他应用程序的消息,来完成普通应用程序难以 实现的功能。钩子的种类很多,每种钩子可以截获并处理相应的消息,如 键盘钩子可以截获键盘消息,外壳钩子可以截取、启动和关闭应用程序的消 息等。本文在VC6编程环境下实现了一个简单的鼠标钩子程序,并对Win32 全局钩子的运行机制、Win32 DLL的特点、VC6环境下的MFC DLL以及共享数 据等相关知识进行了简单的阐述。 (2007-07-27, Visual C++, 21KB, 下载78次)
http://www.pudn.com/Download/item/id/312319.html[钩子与API截获] WindowsAPI_func
作为Microsoft 32位平台的应用程序编程接口,Win32 API是从事Windows应用程序开发所必备的。本书首先对Win32 API函数做完整的概述;然后收录五大类函数:窗口管理、图形设备接口、系统服务、国际特性以及网络服务;在附录部分,讲解如何在Visual Basic和Delphi中对其调用。本书是从事Windows应用程序开发的软件工程师的必备参考手册。
32 as a Microsoft platform Application Programming Interface, Win32 API is engaged in the development of Windows applications are essential. The book begins with the Win32 API function to do a complete overview; Then function contains five categories : window management, Graphics Device Interface, system services, international character and network services; in the appendix, explain how the Visual Basic and Delphi to their call. This book is engaging in Windows application development software engineers in the essential reference manual. (2007-02-27, Others, 662KB, 下载43次)