|
|
|
[原创]一个纯汇编写的Hook API的例子!!!
问一句,LZ的代码是hook哪个函数? |
|
|
|
[求助]求个C学习软件,谢谢
VC6 |
|
[求助]CreateFile打开驱动创建的符号链接 DeviceIoControl下发irp。
编译下面代码,然后把编译好的exe和你的sys放同一目录下,然后用你的鼠标双击一下exe,就运行了sys ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; ; scp.asm ; ; Service Control Program for beeper.sys driver ; ; Written by Four-F (four-f@mail.ru) ; ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .386 .model flat, stdcall option casemap:none ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; I N C L U D E F I L E S ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\user32.inc include \masm32\include\advapi32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\user32.lib includelib \masm32\lib\advapi32.lib include \masm32\Macros\Strings.mac ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; C O D E ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .code start proc local hSCManager:HANDLE local hService:HANDLE local acDriverPath[MAX_PATH]:CHAR ; Open a handle to the SC Manager database invoke OpenSCManager, NULL, NULL, SC_MANAGER_CREATE_SERVICE .if eax != NULL mov hSCManager, eax push eax invoke GetFullPathName, $CTA0("driver1.sys"), sizeof acDriverPath, addr acDriverPath, esp pop eax ; Register driver in SCM active database invoke CreateService, hSCManager, $CTA0("test"), $CTA0("test"), \ SERVICE_START + DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \ SERVICE_ERROR_IGNORE, addr acDriverPath, NULL, NULL, NULL, NULL, NULL .if eax != NULL mov hService, eax invoke StartService, hService, 0, NULL ; Here driver beeper.sys plays its nice melody ; and reports error to be removed from memory ; Remove driver from SCM database invoke DeleteService, hService invoke CloseServiceHandle, hService .else invoke MessageBox, NULL, $CTA0("Can't register driver."), NULL, MB_ICONSTOP .endif invoke CloseServiceHandle, hSCManager .else invoke MessageBox, NULL, $CTA0("Can't connect to Service Control Manager."), \ NULL, MB_ICONSTOP .endif invoke ExitProcess, 0 start endp ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ; ;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: end start |
|
[求助]CreateFile打开驱动创建的符号链接 DeviceIoControl下发irp。
用服务启动 driver1.sys |
|
[求助]关于过瑞星和咔吧的HOOK!
最近我抓到一只小马,就算对方hook了一些函数,或者消息,对他都失效,因为这个马本身是*.hlp文件。。 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值