文件名称:xHook
- 所属分类:
- 网络截获/分析
- 资源属性:
- [Windows] [Visual C] [源码]
- 上传时间:
- 2012-11-26
- 文件大小:
- 57kb
- 下载次数:
- 0次
- 提 供 者:
- yun****
- 相关连接:
- 无
- 下载说明:
- 别用迅雷下载,失败请重下,重下不扣分!
介绍说明--下载内容均来自于网络,请自行研究使用
这个工具采用的是HOOK进程的winsock API,把一些数据记录下来。
2.1 patch静态文件,即运行前挂钩.
2.2 也是修改IAT,跟1.1一样.
2.3 修改目标函数的前几个字节,跳转到新的函数,但不再调用原始函数,无
实际意义,作者只是做演示?
2.4 这种方法(3.2.3 保存原始函数)很COOL,其中的亮点和难点就是“获取任意
地址的指令长度”。
之前我也想用2.4这种办法,但卡在如何“获取任意地址的指令长度”上面了:(
在看到《挂钩Windows API》这篇文章之前,我取了一个比较简单有效的办法:
3.1 把目标函数的DLL COPY一份到内存中,修改原目标函数的前几字节,跳转
到我们的函数,在我们的函数中调用原函数新的COPY。-AppWizard has created this xHook DLL for you.
This file contains a summary of what you will find in each of the files that
make up your xHook application.
xHook.dsp
This file (the project file) contains information at the project level and
is used to build a single project or subproject. Other users can share the
project (.dsp) file, but they should export the makefiles locally.
xHook.cpp
This is the main DLL source file.
xHook.h
This file contains your DLL exports.
/////////////////////////////////////////////////////////////////////////////
Other standard files:
StdAfx.h, StdAfx.cpp
These files are used to build a precompiled header (PCH) file
named xHook.pch and a precompiled types file named StdAfx.obj.
/////////////////////////////////////////////////////////////////////////////
Other notes:
AppWizard uses "TODO:" to indicate parts of the source code you
should add to or customize.
2.1 patch静态文件,即运行前挂钩.
2.2 也是修改IAT,跟1.1一样.
2.3 修改目标函数的前几个字节,跳转到新的函数,但不再调用原始函数,无
实际意义,作者只是做演示?
2.4 这种方法(3.2.3 保存原始函数)很COOL,其中的亮点和难点就是“获取任意
地址的指令长度”。
之前我也想用2.4这种办法,但卡在如何“获取任意地址的指令长度”上面了:(
在看到《挂钩Windows API》这篇文章之前,我取了一个比较简单有效的办法:
3.1 把目标函数的DLL COPY一份到内存中,修改原目标函数的前几字节,跳转
到我们的函数,在我们的函数中调用原函数新的COPY。-AppWizard has created this xHook DLL for you.
This file contains a summary of what you will find in each of the files that
make up your xHook application.
xHook.dsp
This file (the project file) contains information at the project level and
is used to build a single project or subproject. Other users can share the
project (.dsp) file, but they should export the makefiles locally.
xHook.cpp
This is the main DLL source file.
xHook.h
This file contains your DLL exports.
/////////////////////////////////////////////////////////////////////////////
Other standard files:
StdAfx.h, StdAfx.cpp
These files are used to build a precompiled header (PCH) file
named xHook.pch and a precompiled types file named StdAfx.obj.
/////////////////////////////////////////////////////////////////////////////
Other notes:
AppWizard uses "TODO:" to indicate parts of the source code you
should add to or customize.
(系统自动生成,下载前可以参看下载内容)
下载文件列表
xHook\bin\inject.exe
.....\...\xHook.dll
.....\readme.txt
.....\src\inject\inject.cpp
.....\...\xHook\ReadMe.txt
.....\...\.....\StdAfx.cpp
.....\...\.....\StdAfx.h
.....\...\.....\xHook.bbs
.....\...\.....\xHook.cpp
.....\...\.....\xHook.dsp
.....\...\.....\xHook.dsw
.....\...\.....\xHook.h
.....\...\.....\xHook.ncb
.....\...\.....\xHook.opt
.....\...\.....\xHook.plg
.....\...\inject
.....\...\xHook
.....\bin
.....\src
xHook