Skip to content

HelloYmf/ProcessApiMonitor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
InjectDLL
InjectDLL
 
 
ProcessMonitor
ProcessMonitor
 
 
Test
Test
 
 
README.md
README.md
 
 

Repository files navigation

32位进程函数监控

开发环境:

Win10 VisualStudio 2019 多字节集编码 x86

介绍:

选择进程后,隐藏模块注入DLL,控制端利用命名管道与注入的DLL进行通信,使用IAT HOOK监控导入表中存在的API的调用情况。对于导入表中不存在的函数,可以手动输入函数地址进行Inline HOOK,实现自定义监控。还可以对被注入进程中的函数进行远程调用。

用到知识:

1.隐藏模块注入(修复IAT表、修复重定位表)

2.进程通信

3.IAT HOOK和Inline HOOK

演示:

隐藏模块注入:

进程监控-注入成功

IAT HOOK实现监控:

进程监控-IAT HOOK实现监控

Inline HOOK实现自定义监控:

进程监控-Inline HOOK实现自定义监控

远程调用:

进程监控-远程调用

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages