easy hook Tutorial

《easy hook Tutorial》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、Copyright©2008ChristophHusse1ContinuingDetours:thereinventionofWindowsAPIHookingMicrosoft®DetourslatestreleasewasinDecember2006.NowtimeshavechangedandtheNETFrameworkhasbecomemoreandmorepopular.Besidesthewellknownunmanagedcodehooking,EasyHookprovidesawaytohookunmanagedcodefromamanagedenvir

2、onment.Thisimpliesseveraladvantages:•Noresourceormemoryleaksareleftinthetarget•YoucanwritepuremanagedhookhandlersforunmanagedAPIs•Allhooksareinstalledandautomaticallyremovedinastablemanner•Youcanusealltheconveniencemanagedcodeprovides,likeNETRemoting,WCFandWPF•Youwillbeabletowriteinjectio

3、nlibrariesandhostprocessescompiledforAnyCPU,whichwillallowyoutoinjectyourcodeinto32-and64-Bitprocessesfrom64-and32-Bitprocessesbyusingtheverysameassemblyinallcases.ThiswayhookinghasbecomeasimpletaskandyoucannowwritehookingapplicationslikeFileMonorRegMonwithafewlinesofcode.FurtherEasyHook2

4、.5providesadditionalfeatureslike:•ExperimentalstealthinjectionforunmanagedcodenotraisingattentionofanycurrentAV•32-and64-BitKernelmodehookingsupport,sinceWindowsXP.•Apureunmanagedhookingcorewhichwillimproveperformance,stabilityandcompatibility.•AsolidunmanagedAPIforwritinghookingappsandli

5、brarieswithouttheNETFramework•TheunmanagedcoredoesnotrequireCRTbindingsandthuswillreducedeploymentsizeaboutsomemegabytes.AlsoWindows2000SP4andWindowsServer2008SP1cannowbetargetedwiththesameEasyHookbinary.Minimalsoftwarerequirementsforend-userstoexecuteapplicationsusingEasyHook:•Windows200

6、0SP4orlater•MicrosoftNETFramework2.0Redistributable1Copyright©2008ChristophHusseTableofContent1ContinuingDetours:thereinventionofWindowsAPIHooking...........................................................11.1SecurityAdvisor.................................................................

7、...........................................................31.2AsimpleFileMonderivate............................................................................................................32Adeeplookunderthehook..................................................