搜索资源列表
DebugEngine
- 这是一个动态库,可以通过LoadLibrary的方法来加载它,一旦加载会在当前目录产生一个ERRORLOG文件夹,你的程序如果有错误的话就会把错误堆栈写到ERRORLOG中。注意你的程序要提供PDB文件。-This is a dynamic library, the method can LoadLibrary to load it, once loaded, will create a directory in the current ERRORLOG file folder, your pr
MemoryLoadDll
- VB版从内存中加载并调用DLL的代码 非LoadLibrary-VB version is loaded from memory and non-code calls a DLL LoadLibrary
SevenElevate
- 远程线程插入(注入)技术指的是通过在另一个进程中创建远程线程的方法进入目标进程的内存地址空间。将木马程序以DLL的形式实现后,需要使用插入到目标进程中的远程线程将该木马DLL插入到目标进程的地址空间,即利用该线程通过调用Windows API LoadLibrary函数来加载木马DLL,从而实现木马对系统的侵害-Remote thread into the (injection) technology refers to the process by another method of c
CopySysDll
- 不通过LoadLibrary的方式和静态方式加载。从而做到无影无形。 以PE文件的方式从内存中加载DLL,本例用的是user32.dll。 包括修正重定位表。修正输入表。DLL初始化。-Way and not through the LoadLibrary static load. To be invisible. The way to PE file from the memory load the DLL, in this case using user32.dll. Includi
ManualMap
- 远程把模块注射到进程里而不调用Loadlibrary 相当于自己实现了Loadlibrary-Injected into the remote process in the module without calling Loadlibrary equivalent to their own achieved Loadlibrary
Java_Native_Interface
- 用java调用dll本是一个不难的事情,但往往会给初学者带来的一点麻烦,网络上很多调用dll的例子都参差不齐,往往省略了一些步骤,对他们来说觉得简单不需要说明,对初学者来说确很重要,结果不想可知。因此在这里仔细的说明一下,希望给初学者们带来些许方便,高手绕过。-class HelloWorld { public native void displayHelloWorld() static { System.loadLibrary("hello") } public sta
PLC-link
- hinstLib = LoadLibrary("ActPcCom.dll") //装载动态链接库ActPcCom.dll hinstLib1 = LoadLibrary("ActMulti.dll") //装载动态链接库ActPcCom.dll hinstLib2 = LoadLibrary("ActEther.dll") //装载动态链接库ActPcCom.dll
caq0209
- DLL注入,钩子技术,窗口子类化 GetProcAddress、LoadLibrary。学习DLL注入和窗口子类化很好的例子。-DLL injection hook technology, window sub-class GetProcAddress, LoadLibrary. Learning DLL injection and the window subclassing good example.
remote-inject
- 远程线程注入木马c++代码。远程线程插入(注入)技术指的是通过在另一个进程中创建远程线程的方法进入目标进程的内存地址空间。将木马程序以DLL的形式实现后,需要使用插入到目标进程中的远程线程将该木马DLL插入到目标进程的地址空间,即利用该线程通过调用Windows API LoadLibrary函数来加载木马DLL,从而实现木马对系统的侵害。 -Remote thread injecting Trojan c++ code. Remote thread injection ( injectio
RemoteThreadDll
- DLL注入之远线程方式 每个进程都有自己的虚拟地址空间,对32位进程来说,这个地址空间的大小为4GB。因为每个进程都有自己专有的地址空间,当进程的各个线程运行的时候,它们只能够访问属于自己进程的内存。这样做的一个好处是维护系统的安全,防止进程的私有空间被入侵。世界上有了矛就有了盾,windows也撕开了一个小口,提供了一些函数来让其它进程对另一个进程进行操作,当然亦邪亦正,全在于你。大名鼎鼎的CreateRemoteThread就是属于这样的函数。 远线程注入的基本原理就是通过在另一个
Code-injection-three-methods
- 代码注入的三种方法:WindowsHook,CreateRemoteThread和WriteProcessMemory,CreateRemoteThread和LoadLibrary-The code injection three methods: WindowsHook CreateRemoteThread and WriteProcessMemory CreateRemoteThread and LoadLibrary
130408221121aircrack-2.41
- Wfi GetModuleFileName GetModuleHandle SetCurrentDirectory GetStdHandle-WfiGetModuleFileName GetModuleHandle SetCurrentDirectory GetStdHandle SetConsoleTextAttribute SetConsoleCursorPosition GetConsoleScreenBufferInfo FillConsoleOutputAttribute FillCo
NP_Source
- NP启动后通过WriteProcessMemory跟CreateRemoteThread向所有进程注入代码(除了系统进程smss.exe),代码通过np自己的LoadLibrary向目标进程加载npggNT.des。npggNT.des一旦加载就马上开始干“坏事”,挂钩(HOOK)系统关键函数如OpenProcess,ReadProcessMemory,WriteProcessMemory,PostMessage等等。 挂钩方法是通过改写系统函数头,在函数开始JMP到npggNT.des中的
C_Assembler.PE-loader
- PE-loader which I wrote in C and Assembler. Loads test dll and calls the needed function from there. Analogues of WinAPI GetProcAddress and LoadLibrary are implemented.
LoadDllInMemory
- 直接在内存中加载Dll,调用Dll中的方法,跳过Loadlibrary方法。需在了解PE文件格式的基础上,读源码,用于免杀等安全相关软件。-Directly loaded in memory Dll, Dll method calls, skip Loadlibrary methods. Need to understand the PE file format, based on reading the source code for free to kill other security-r
DLL-Injection-methods
- DLL注入的方法及通讯(LoadLibrary 全局钩子、呼出 全局钩子、消息 任意窗口置顶[应用实例])-DLL injection methods and communication (LoadLibrary global hooks, exhaled global hooks, arbitrary message window set-top [applications])
LoadCardsLib
- 调用windows里面的Cards.dll显示扑克牌,用LoadLibrary的方式,参考了pudn的kdjl代码.-Call windows inside Cards.dll display cards with LoadLibrary way to reference the pudn of kdjl code.
mem_loaddll
- mem_loaddll 直接在内存中加载dll , 自己用PE实现 LoadLibrary-mem_loaddll load dll directly in memory, they used to achieve PE LoadLibrary
LoadDLL
- Load DLL without LoadLibrary
main
- System Infection VIA UAC Bypass(sysprep) Tested on Windows 7 Ultimate 32 bit to be used with the Sysprep UAC bypass method, it will infect a file with a payload to start up CALC.EXE and LoadLibrary( your ring 3 rootkit )