- Delphi下真正隐藏进程的代码,由VC的代码转成D的,不是采用hook的方法实现的,真正从物理内存中去隐藏,绝大部分进程查看器找不着,效果不错-Delphi genuine process of hidden code, the code by VC D conversion. instead of using the hook method, and from physical memory to conceal most of the process viewer could not fi
- 一个dll注入的源代码,通过找窗口句柄,HOOK,热键呼出封装在dll中的窗体,A dll into the source code through to find window handle, HOOK, exhaled hotkey is packaged in a form in dll
- Rootkit detector to find system hook and user code hooks, hidden driver, hidden files, hidden proccess.,Rootkit detector to find system hook and user code hooks, hidden driver, hidden files, hidden proccess.
- delphi hook内存读写,可以拦截其他程序的读写操作以及读写数据,比如有些*可以用此工具找出他对游戏的具体操作,从而自己可以写一个功能和他一样的*出来-delphi hook memory read and write, can intercept and read and write operations of other programs to read and write data, for example, some plug-in can use this tool to f
- 强制删除文件,无注入无驱动无hook,原理就是查找文件的锁定句柄,然后关闭句柄。-Force delete a file, no injection of non-driven non-hook, locking principle is to find the file handle, and then close the handle.
- Hook 了以下函数: NtUserFindWindowEx FindWindow NtUserGetForegroundWindow GetForegroundWindow NtUserQueryWindow GetWindowThreadProcessId NtUserWindowFromPoint WindowFromPoint NtUserBuildHwndList EnumWindows NtUserSetWindowLong SetWindowLong
- Windows XP是通过sysenter调用KiFastCallEntry将ntdll.dll的调用切换到内核的。KiFastCallEntry的原理是通过在SSDT中查找函数地址跳转。所以只要伪造一张原始SSDT,就可以使得SSDT-HOOK无效了。-Windows XP by calling KiFastCallEntry sysenter ntdll.dll call will switch to the kernel. KiFastCallEntry SSDT principle i
- QQ游戏之对对碰*, 功能: 1.能够自动提示能够消除的对对碰 2.能够模拟鼠标自动消除 3.可以加快速度 4.自动开始 虽然此程序仅仅是一个小*,但也使用到了一些技术. 1.线程的使用 2.程序窗口查找 3.dll注入技术 4.api hook 技术 5.单进程全局热建钩子 6.不通过特定颜色判断相同方格的方法 7.模拟鼠标的两种方法,mouse_event(鼠标光标会移动)和PostMessaga(鼠标光标不移动) 8.文件捆
- ssdt钩子检测,利用查找ntkrnlpa.exe中导出的ssdt的起始地址和大小,比较实际的ssdt地址表中的内容,找出钩子-ssdt hook detection, the use of export ntkrnlpa.exe Find ssdt the start address and size, a more realistic ssdt address the contents of the table to find out hook
- 一般网上找到的都是需要Ring3传输需要补丁的地址过去... 002就是直接用最标准的方法进行SSDT定位以及修复的 支持多核系统,当然还有003(加入shadow ssdt hook),004(加入inline hook) 基本上是现在最稳定的恢复方式了,大家可以用KMDLoader测试.加载就脱钩.不需要通讯 -Generally find on the Internet are required Ring3 address transmission needs a patc
- Open Source SSDT Hook detection utility, it will scan the SSDT Entries in the kernel (ntoskrnl.exe) and find the functions that are hooked & not in the kernel base address range .
- Hook winsocks and redirect calls to where you want them to go..i am going to use this to make ypager.exe login to my own proxy to make clone of ytunnel..with out using the proxy settings built into meseger ..this is a powerfull tool..and hard to find
- 本程序为天书奇谈起点专区辅助工具,内有自动战斗(调用游戏本身自动功能,可有效减少操作时间),人物一键加药,宠物一键加药,挂机采集这几个功能。 文件说明: HH.exe为主程序(必要文件) config.ini为配置文件(必要文件) cjfb.edb为存放采集封包的数据(必要文件) *作坊1.5-第六版.ec,Super-EC_3.0.ec,*海万能模块1.7贺岁版.ec三个为模块(只需要用工具的可以删除) HH.e为易语言源码(只需要用工具的可以删除) 程序使用的
- 使用微软件的detours的LIB库WinAPI函数监控,-AppWizard has created this DetourDll DLL for you. This file contains a summary of what you will find in each of the files that make up your DetourDll application.
- 信息隐藏亮点之一: 将rootkit作为资源隐藏于用户模式程序之中 亮点之二: 将这个用户程序代码作为生成密钥的引子,可以有效地防止逆向后,隐藏信息被纰漏,因为只有逆向后生成的 代码,跟原作者的代码丝毫不差,将来才能打开其隐藏至深的下载者链接及代码。 亮点之三:用一个固定的KEY,通过某种运算,产生出1024个密钥组成的数组。 然后用这个密钥组与用户代码进行运算,最终生成一个4字节的解码KEY。 利用解码KEY,在从加载到内存的驱动中,找出隐藏在其资源中的那份肮脏的 下载
- 一个简单的系统钩子,代码是书上找的,经过修改调试,能在VC++6.0上执行。-A simple system hook, the code book to find a modified debugging can be performed in VC++6.0.
- Hook KiFastCallEntry监控系统调用 这是一个监控特定进程系统调用的小程序,整理硬盘时找到的,发出来跟大家分享。原理很简单,通过hook KiFastCallEntry实现,很老的技术了。-The monitoring system Hook KiFastCallEntry call this is a small program to monitor specific process system calls, finishing hard disk when you fi
- 倍功源码.这个源码可以用来了解一下如何写倍功源码,虽说不是成品,但加上地址就可以直接用了-Times the power source. This source can be used to find out how to write-fold power source, although not finished, but with the address can be directly used
- 进程注入,可以查找只定exe文件,回调执行自己函数-Into the process, you can find only be exe file, the callback function performs its own
- 超级HOOK方便了大家不用用CE去分析数据的偏移和基址来读取数据,节省很大时间和更新数据时间, 特别是有些游戏找不到基址或是复杂的数据结构时,用超级HOOK即可迎刃而解! -Super HOOK to facilitate everyone not to analysis of data migration and base to read the data using CE, save a lot of time and update time, Especially som