▍1. SSDT_Helper_src
HOOK SSDT Hook系统服务描述表.查看SSDT.是个好东西哈哈(HOOK SSDT that s may be is you need)
HOOK SSDT Hook系统服务描述表.查看SSDT.是个好东西哈哈(HOOK SSDT that s may be is you need)
APIHOOK,通过遍历PE文件修改导出函数表进行HOOK(APIHOOK, by traversing the PE file to modify the derived function table HOOK)
word开发测试工具,方便了解应用word自身API调用过程(word tools Application Demo)
注册表钩子,可防止非法修改电脑注册表,请站长审核开通帐号.(Hook registry, computer registry to prevent illegal modifications, please head audited accounts opened.)
用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数 钩子函数中可以判断PID号,决定是否放行,放行则在钩子函数中调用原来的NTDebugActiveProcess函数.否则直接返回False.HOOK成功后所有调用DebugActiveProcess的程序将会失效.当然可以按照你的需要HOOK更多的系统服务函数.同一服务函数的服务号在每个操作系统版本中是不同的.下面附件中编译完成的驱动请在WinXP SP2的环境下测试.否则可能会导致直接重启(Used to prepare DDDK drive, modify SSDT Table HOOK NTDebugActiveProcess function hook function can determine the PID number, decide whether to release, release in the hook function to call the original function NTDebugActiveProcess. False.HOOK Otherwise, after the success of a direct return all calls DebugActiveProcess procedures will be failure. You can, of course, in accordance with the needs of more system services HOOK function. the same service function of the service in each of the operating system versions are different. following the completion of the annex to compile drivers in WinXP SP2 test environment. or else may lead to the resumption of direct)
api 的 代码值 大家想看的可以查阅一下(api code value of the U.S. want to see what can be found)
监视注册表写操作的钩子程序,包括写注册表启动程序和注册表钩子两部分.(surveillance registry write hook procedures, including written procedures and start the registry registry hook two parts.)
"process wide": some demos about hooking APIs/code in your own process OS independent "system wide": several demos about system wide API hooking (using hook dlls) OS independent "system wide - win9x only": one demo which shows a special system wide hooking method win9x only ("wide process" : some demos about hooking APIs/code in your own p rocess OS independent "system wide" : several demos about system wide API hooking (us ing hook dlls) OS independent "system wide-win 9x only ": one demo which shows a special system wide hooki Vi only method win9x)
说明: hook需要自己写调用程序 hook需要自己写调用程序 (hook needs its own procedures hook was called to write our own procedures call hook needs to write his call hook procedures need to write their own procedures ca)