- 博客(1)
- 资源 (10)
- 收藏
- 关注
原创 绕过现代Anti-Rookit工具的内核模块扫描
本文描述了一些方法,可以绕过目前主流的现代Anti-rootkit工具,包括但不限于:Icesword 最新版Gmer最新版Rootkit unhooker 最新版DarkSpy 最新版AVG Anti-rootkit最新版等等目前的anti-rootkit工具中,对于内核模块主要采用如下几种扫描方式:1.恢复ZwQuerySystemInformation的hook,然后利用功能号Sys
2011-06-18 00:54:00 648
[hook.js]通用Javascript函数钩子
[bool]hook:params{
realFunc[String|must]:用于保存原始函数的函数名称,用于unHook;
hookFunc[Function|must]:替换的hook函数;
context[Object|opt]:目标函数所在对象,用于hook非window对象下的函数,如String.protype.slice,carInstance1
methodName[String|opt]:匿名函数需显式传入目标函数名eg:this.Begin = function(){....};
}
[bool]unhook:params{
realFunc[String|must]:用于保存原始函数的函数名称,用于unHook;
funcName[String|must]:被Hook的函数名称
context[Object|opt]:目标函数所在对象,用于hook非window对象下的函数,如String.protype.slice,carInstance1
}
Examples
var myHook = new Hooks();
myHook.initEnv();
//普通全局函数
var _alert = null;
function myalert(param){console.log("before hook");}
alert.hook("_alert",myalert);
alert.unhook("_alert","alert");
alert(1);
//自定义对象匿名函数
function Person() {
this.getName = function(name) {
alert('Call' + name);
}
}
var p = new Person();
var _p_getName = null;
function mygetName(name){alert("Hooked");}
p.getName.hook("_p_getName",mygetName,p,"getName");
p.getName.unhook("_p_getName","getName",p);
p.getName("pnig0s");
//原型对象函数
var _slice = null;
function myslice(param){alert("Hooked");}
String.prototype.slice.hook("_slice",myslice,String.prototype);
String.prototype.slice.unhook("_slice","slice",String.prototype);
var str = "pnig0s";
str.slice(1);
myHooks.cleanEnv(); //clear hooks
2014-08-21
Retrieve HttpOnly Session Cookie in WebBrowser
In order to help mitigate the risk of cross-site scripting, a new feature has been introduced in Microsoft Internet Explorer 6 SP1. This feature is a new attribute for cookies which prevents them from being accessed through client-side script. A cookie with this attribute is called an HTTP-only cookie.
2014-08-18
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人