bindtest.txt

来自「Cracker终结者——提供最优秀的软件保护技术」· 文本 代码 · 共 24 行

 Main.exe process contains master.dll. Now are loaded YesBound.dll
and NotBound.dll. Both import a function from master.dll; moreover
YesBound.dll is bound to master.dll. Bindtest.dll and KindTest.dll
hook master.dll's export. Under W9X is everything allright, because
they don't support binding. Under NT is YesBound.dll in process bound
and master.dll's export is not searched for apis imported by
YesBound.dll - hard offsets are used instead, YesBound's import is
left intact.
 ApiHooks versions below 2.2 can't break such a bonds and LoadLibrary
hooks had to be used (and some apis were missed) or bound module had
to be modified by UnBind. ApiHooks 2.2 can break this bond dynamically
(correct binding -> stale binding) and it is broken by default when
HOOK_EXPORT was specified. There is new flag HOOK_NO_UNBIND which
disables this dynamic unbinding.

 Run runme.bat:
1) master's export will be hooked using KindTest (HOOK_NO_UNBIND)
  - the situation is the same like AH versions below 2.2 were used;
  YesBound is bound (=not hooked)
2) master's export will be hooked using BindTest
  YesBound isn't bound (=everything is hooked)

Also is showed exporting hooks via GetApiHookChain.