-
-
[原创]学习内核写的hook库,支持内核中常用的几种hook
-
2011-4-15 15:15
-
学习内核写的hook库,共享出来,方便大家使用
支持内核中常用的几种hook
#include "HookEngine.h"
//inlinehook相关
VOID InLineRotine()
{
KdPrint(("你好\r\n"));
}
VOID
DriverUnload(IN PDRIVER_OBJECT pDriverObj);
NTSTATUS
DriverEntry(IN PDRIVER_OBJECT pDriverObj, IN PUNICODE_STRING pRegistryString)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING ustrLinkName;
UNICODE_STRING ustrDevName;
PDEVICE_OBJECT pDevObj;
pDriverObj->DriverUnload = DriverUnload;
HookEngine_Init();
//Inlinehook方式
{
HookEngine_Hook(HT_INLINE_JMP_HOOK, SSDTHook_GetFuncAddr(122), (ULONG)InLineRotine);
}
return STATUS_SUCCESS;
}
VOID
DriverUnload(IN PDRIVER_OBJECT pDriverObj)
{
HookEngine_Destroy();
return;
}
特意做了个chm帮助文件
支持内核中常用的几种hook
#include "HookEngine.h"
//inlinehook相关
VOID InLineRotine()
{
KdPrint(("你好\r\n"));
}
VOID
DriverUnload(IN PDRIVER_OBJECT pDriverObj);
NTSTATUS
DriverEntry(IN PDRIVER_OBJECT pDriverObj, IN PUNICODE_STRING pRegistryString)
{
NTSTATUS status = STATUS_SUCCESS;
UNICODE_STRING ustrLinkName;
UNICODE_STRING ustrDevName;
PDEVICE_OBJECT pDevObj;
pDriverObj->DriverUnload = DriverUnload;
HookEngine_Init();
//Inlinehook方式
{
HookEngine_Hook(HT_INLINE_JMP_HOOK, SSDTHook_GetFuncAddr(122), (ULONG)InLineRotine);
}
return STATUS_SUCCESS;
}
VOID
DriverUnload(IN PDRIVER_OBJECT pDriverObj)
{
HookEngine_Destroy();
return;
}
特意做了个chm帮助文件
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
没有完整代码啊,晕,楼主能分享一下吗?
|
|
|
|
|
|
|
|
|
|
