;****************************************************
;DevName:进程导入表API_HOOK
;开发者:GhostHand
;****************************************************
.386
.model flat,stdcall
option casemap:none
;****************************************************
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include rsrc.inc
include psapi.inc
includelib psapi.lib
AFD_RECV equ 12017h
AFD_SEND equ 1201fh
AFD_WSABUF struct
len dd ?
buf dd ?
AFD_WSABUF ends
AFD_INFO struct
lpWsaBuf dd ?
BufferCount dd ?
AfdFlags dd ?
TdiFlags dd ?
AFD_INFO ends
;****************************************************
.data?
hHook dd ?
hWinMain dd ?
hWinSetting dd ?
.data
hInstance dd ?
hCurProc dd ?
lpNtDeviceIoControl dd ? ;存放旧NtDeviceIoControl
lpNewNtDeviceIoControl dd ? ;存放新NtDeviceIoControl
ImportNtDeviceIoControl dd ? ;导入表中用于存放NtDeviceIoControl地址的内存
.const
szCaption db '提示!',0
szMswsock db 'mswsock.dll',0
szNtDll db 'ntdll.dll',0
szNtDeviceIoControlFile db 'NtDeviceIoControlFile',0
.code
;------------------------------------------------------
;NtDeviceIoCont
WIN32汇编实现进程导入表HOOK API
最新推荐文章于 2023-06-22 19:44:10 发布
这是一个关于使用汇编语言在WIN32环境下实现进程导入表API Hook的例子,主要针对NtDeviceIoControlFile函数。通过替换导入表中的函数地址,实现了对特定API的拦截和回调函数NewNtDeviceIoControlFile,允许在发送网络封包前进行检查和操作。
摘要由CSDN通过智能技术生成