91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

資源簡(jiǎn)介

本壓縮包有我自己寫(xiě)的內(nèi)存注入程序與測(cè)試程序,并附有相應(yīng)的源碼..會(huì)用MessageBox 去Hook 指定的函數(shù)

資源截圖

代碼片段和文件信息 

/*******************************************************************************
??程序員??????:?enjoy
??最后修改時(shí)間:?2016年5月16日?21:43:02
??函數(shù)說(shuō)明????:?本程序用于實(shí)現(xiàn)進(jìn)程列表進(jìn)程IAT信息IAT?hookinginline?hooking
				本代碼更詳細(xì)的解釋請(qǐng)看本人博客
http://blog.csdn.net/enjoy5512/article/details/51006114
*******************************************************************************/

#include
#include
#include
#include“tlhelp32.h“

#define?NAMESIZE?41???????????????//函數(shù)名

typedef?struct?ProcessNode????????//進(jìn)程結(jié)構(gòu)體
{
	PROCESSENTRY32?pe32;??????????//保存進(jìn)程信息
	MODULEENTRY32?me32;???????????//保存進(jìn)程第一個(gè)模塊信息
	struct?ProcessNode?*next;
}PNode;

typedef?struct?IATNode????????????//IAT表項(xiàng)結(jié)構(gòu)體
{
	char?dllname[NAMESIZE];???????//對(duì)應(yīng)dll名
	char?name[NAMESIZE];??????????//函數(shù)名
	int?order;????????????????????//函數(shù)序號(hào)
	int?address;??????????????????//函數(shù)在內(nèi)存中的地址
	int?addrOfAddr;???????????????//函數(shù)地址所在內(nèi)存的地址
	struct?IATNode?*next;
}INode;

int?DestroyPNode(PNode?**pNode);??//釋放進(jìn)程結(jié)構(gòu)體鏈表
int?DestroyINode(INode?**iNode);??//釋放IAT表項(xiàng)結(jié)構(gòu)體鏈表
int?InitPNode(PNode?**pNode);?????//初始化進(jìn)程結(jié)構(gòu)體
int?InitINode(INode?**iNode);?????//初始化IAT表項(xiàng)結(jié)構(gòu)體
void?SetColor(unsigned?short?mColor);??//設(shè)置終端字體顏色
int?ShowHelp(void);???????????????//顯示幫助信息
int?EnableDebugPriv(const?LPCTSTR?lpName);??//獲取調(diào)試權(quán)限
int?GetProcessInfo(PNode?**pNode);??????????//得到進(jìn)程列表信息
int?GetIAT(INode?**iNode?PNode?*pNode?unsigned?int?pid);??//獲取進(jìn)程IAT表項(xiàng)
int?IATHook(INode?*iNode?PNode?*pNode?int?order?unsigned?int?pid);?//IAT?hooking
int?InlineHook(INode?*iNode?PNode?*pNode?int?order?unsigned?int?pid);?//Inline?Hooking

int?main(void)
{
	char?cmd[15]?=?{0};?????//保存操作指令

	PNode?*pNode?=?NULL;????//進(jìn)程結(jié)構(gòu)體鏈表頭指針
	PNode?*bkPNode?=?NULL;??//進(jìn)程結(jié)構(gòu)體鏈表操作指針
	INode?*iNode?=?NULL;????//IAT結(jié)構(gòu)體鏈表頭指針
	INode?*bkINode?=?NULL;??//IAT結(jié)構(gòu)體鏈表操作指針

	int?i?=?0;??????????????//循環(huán)計(jì)數(shù)
	unsigned?int?pid?=?0;???//進(jìn)程PID
	int?order?=?0;??????????//函數(shù)序號(hào)

	ShowHelp();?????????????//程序開(kāi)始顯示幫助信息
	printf(“\n\nhook?>“);

	for?(;;)????????????????//循環(huán)接收指令
	{
		scanf(“%s“cmd);
		if?(0?==?strcmp(cmd“help“))?????????//顯示幫助信息
		{
			ShowHelp();
		}
		else?if?(0?==?strcmp(cmd“exit“))???//退出循環(huán)
		{
			break;
		}
		else?if?(0?==?strcmp(cmd“l(fā)s“))?????//顯示進(jìn)程列表
		{
			i?=?0;??????????????????????????//初始化計(jì)數(shù)器
			GetProcessInfo(&pNode);?????????//獲取進(jìn)程列表鏈表
			bkPNode?=?pNode;????????????????//初始化進(jìn)程結(jié)構(gòu)體操作指針
			printf(“進(jìn)程序號(hào)??父進(jìn)程PID\t進(jìn)程PID\t\t子線程數(shù)??進(jìn)程名\n“);
			while?(bkPNode)
			{
				i++;
				SetColor(0xf);??????????????//設(shè)置終端字體顏色
				printf(“%d\t\t%d\t%d\t\t%d\t%s\n“ibkPNode->pe32.th32ParentProcessIDbkPNode->pe32.th32ProcessIDbkPNode->pe32.cntThreadsbkPNode->pe32.szExeFile);
				if?(1?==?bkPNode->me32.th32ModuleID)????//如果有模塊信息則顯示對(duì)應(yīng)模塊信息
				{
					printf(“模塊名???:?%s\n模塊路徑?:?%s\n“bkPNode->me32.szModulebkPNode->me32.szExePath);
				}
				bkPNode?=?bkPNode->next;
			}
		}
		else?if?(0?==?strcmp(cmd“info“))??//顯示進(jìn)程IAT表項(xiàng)
		{
			bkPNode?=?pNode;???????????????//初始化進(jìn)程結(jié)構(gòu)體操作指針
			pid?=?0;???????????????

評(píng)論

共有 條評(píng)論

相關(guān)資源