|
[求助]劫持并修改IE http ssl 数据
以前写过一个东西。 VOID __stdcall _StartHook() { if (*(byte *)InternetConnectA != 0xE8) { _HookGame((DWORD)InternetConnectA,(DWORD)MyInternetConnectA); } if (*(byte *)HttpOpenRequestA != 0xE8) { _HookGame((DWORD)HttpOpenRequestA,(DWORD)MyHttpOpenRequestA); } if (*(byte *)HttpSendRequestA != 0xE8) { _HookGame((DWORD)HttpSendRequestA,(DWORD)MyHttpSendRequestAW); } if (*(byte *)HttpSendRequestW != 0xE8) { _HookGame((DWORD)HttpSendRequestW,(DWORD)MyHttpSendRequestAW); } } 不知道对你又没用 |
|
[招聘]上海天资信息技术有限公司招聘游戏反病毒反外挂安全保护工程师
猎头,谢谢您的支持。 |
|
|
|
|
|
[原创]2009年12月19日-搞笑和感慨的一天
貌似是个牛场。全是牛在聚会。我等小菜 只看看罢了。 |
|
[活动结束]看雪十周年论坛活动 [1楼己公布结果]
我也来踩一下下 |
|
[讨论]给安徽的朋友占个位子
安徽宿州 |
|
[招聘]上海天资信息技术有限公司招聘游戏反病毒反外挂安全保护工程师
岗位职责又更新啦,谢谢大家的支持。 |
|
|
|
[求助]如何将一个函数生成一个拷贝?
只有钩挂 没有卸载。。 |
|
[求助]如何将一个函数生成一个拷贝?
HookGame(GameAddr,MyHookFun) VOID MyHookFun(CPU_CONTEXT* pContext) { ;//这里写你的函数 } |
|
[求助]如何将一个函数生成一个拷贝?
struct CPU_CONTEXT { DWORD dwEdi; DWORD dwEsi; DWORD dwEbp; DWORD dwEsp; DWORD dwEbx; DWORD dwEdx; DWORD dwEcx; DWORD dwEAX; }; |
|
[求助]如何将一个函数生成一个拷贝?
#include "StdAfx.h" #include <stdio.h> #include "windows.h" //#include <complex> #define Naked __declspec( naked ) ULONG MaskTable[518] = { 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000008, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000008, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000008, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00008000, 0x00008000, 0x00000008, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00000008, 0x00000008, 0x00001008, 0x00000018, 0x00002000, 0x00006000, 0x00000100, 0x00004100, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00004100, 0x00006000, 0x00004100, 0x00004100, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00002002, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000020, 0x00000020, 0x00000020, 0x00000020, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000100, 0x00002000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00004100, 0x00004100, 0x00000200, 0x00000000, 0x00004000, 0x00004000, 0x00004100, 0x00006000, 0x00000300, 0x00000000, 0x00000200, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00000100, 0x00000100, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00000100, 0x00002000, 0x00002000, 0x00002002, 0x00000100, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000008, 0x00000000, 0x00000008, 0x00000008, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00002000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00000000, 0x00000000, 0x00000000, 0x00004000, 0x00004100, 0x00004000, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000, 0x00004000, 0x00004100, 0x00004000, 0xFFFFFFFF, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0xFFFFFFFF, 0xFFFFFFFF, 0x00004100, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0x00004000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF }; Naked ULONG GetOpCodeSize_ASM_CODE(PVOID Start, PVOID Tlb) { __asm{ pushad mov esi, [esp+24h] mov ecx, [esp+28h] xor edx, edx xor eax, eax L005: and dl, 0F7h mov al, [ecx] inc ecx or edx, [esi+eax*4h] test dl, 8h jnz L005 cmp al, 0F6h je L035 cmp al, 0F7h je L035 cmp al, 0CDh je L040 cmp al, 0Fh je L045 L019: test dh, 80h jnz L052 L021: test dh, 40h jnz L067 L023: test dl, 20h jnz L057 L025: test dh, 20h jnz L062 L027: mov eax, ecx sub eax, [esp+28h] and edx, 707h add al, dl add al, dh L032: mov [esp+1Ch], eax popad retn L035: or dh, 40h test byte ptr [ecx], 38h jnz L019 or dh, 80h jmp L019 L040: or dh, 1h cmp byte ptr [ecx], 20h jnz L019 or dh, 4h jmp L019 L045: mov al, [ecx] inc ecx or edx, [esi+eax*4h+400h] cmp edx, -1h jnz L019 mov eax, edx jmp L032 L052: xor dh, 20h test al, 1h jnz L021 xor dh, 21h jmp L021 L057: xor dl, 2h test dl, 10h jnz L025 xor dl, 6h jmp L025 L062: xor dh, 2h test dh, 10h jnz L027 xor dh, 6h jmp L027 L067: mov al, [ecx] inc ecx mov ah, al and ax, 0C007h cmp ah, 0C0h je L023 test dl, 10h jnz L090 cmp al, 4h jnz L080 mov al, [ecx] inc ecx and al, 7h L080: cmp ah, 40h je L088 cmp ah, 80h je L086 cmp ax, 5h jnz L023 L086: or dl, 4h jmp L023 L088: or dl, 1h jmp L023 L090: cmp ax, 6h je L096 cmp ah, 40h je L088 cmp ah, 80h jnz L023 L096: or dl, 2h jmp L023 retn } } ULONG GetOpCodeSize(PVOID Start) { __asm { push Start push offset MaskTable call GetOpCodeSize_ASM_CODE add esp, 8 } } DWORD GetHookCodeLen(DWORD dwAddr, DWORD dwMinSize) { DWORD dwTotal =0; while(TRUE) { DWORD dwTemp = GetOpCodeSize((void *)dwAddr); dwTotal+=dwTemp; if(dwTotal>=dwMinSize) break; dwAddr+=dwTemp; } return dwTotal; } #pragma pack (push,1) struct Hook_Patch_Jmp { BYTE byJmp; DWORD JmpAddr; }; typedef struct { BYTE byPushAD; BYTE byPushFD; DWORD dwPushESP; WORD byOffsetESP; BYTE byE8; //E8 DWORD dwMyHookAddr; BYTE byFixEsp; BYTE byPopFD; BYTE byPopAD; BYTE byNOP[20]; BYTE byPush; DWORD dwCode; BYTE byRet; }ST_HOOK_CODE; #pragma pack (pop) BOOL _HookGame (DWORD _pGameAddr,DWORD _pHookFunAddr) { DWORD _offset = _pHookFunAddr - _pGameAddr; DWORD _HookSize = GetHookCodeLen(_pGameAddr,5); ST_HOOK_CODE * pNewHook=(ST_HOOK_CODE *) VirtualAlloc(NULL,sizeof(ST_HOOK_CODE),MEM_COMMIT, PAGE_EXECUTE_READWRITE); Hook_Patch_Jmp _HookPatch; _HookPatch.byJmp = 0xE9; _HookPatch.JmpAddr = (DWORD)pNewHook - _pGameAddr - 5; pNewHook->byPushAD = 0x60; pNewHook->byPushFD = 0x9C; pNewHook->dwPushESP = 0xC083C48B;//0x8BC483E8; pNewHook->byOffsetESP = 0x5004; pNewHook->byE8 = 0xE8; pNewHook->dwMyHookAddr = (DWORD)_pHookFunAddr-(DWORD)(&pNewHook->byE8) -5; //CALL Hook函数地址 pNewHook->byFixEsp = 0x58; pNewHook->byPopFD = 0x9D; pNewHook->byPopAD = 0x61; memset(pNewHook->byNOP,0x90,sizeof(pNewHook->byNOP)); pNewHook->byPush = 0x68; pNewHook->dwCode = _pGameAddr+_HookSize; pNewHook->byRet = 0xC3; memcpy(pNewHook->byNOP,(void *)_pGameAddr,_HookSize); MEMORY_BASIC_INFORMATION _mbi={0}; HANDLE hGameProc = GetCurrentProcess(); VirtualQueryEx(hGameProc,(BYTE *)_pGameAddr,&_mbi,sizeof(MEMORY_BASIC_INFORMATION)); VirtualProtectEx(hGameProc,_mbi.BaseAddress,0x8,PAGE_EXECUTE_READWRITE,&_mbi.Protect); WriteProcessMemory(hGameProc,(BYTE *)_pGameAddr,&_HookPatch,sizeof(_HookPatch),NULL); memset((BYTE *)_pGameAddr+5,0x90,_HookSize-5); //设置挂钩地址超过5字节指令为NOP return TRUE; } |
|
(驱动学习笔记)(过时的)恢复SSDTShadow
以后用vc来写吧。越来越感觉MASM来写东西 逻辑上太难掌握了 很容易就出错 写写自定位或短小精悍的代码还不错 |
|
[求助]如何将一个函数生成一个拷贝?
借助一个中转函数 jmp -> 中转函数->Hook处理的函数 中转函数负责堆栈平衡 对于每个hook的地址都分配一段内存 写代码进去。 最后封装成 hook(HookAddr,MyHookFunAddr) |
|
[求助]求个FLY版的OD
看学上不就有啊。。。 |
|
[讨论]ollydbg新版本何时出?有消息吗?
OD出了新版本????什么时候的事 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值