📄 hxdef100.dpr
字号:
@HS_NtQueryVolumeInformationFile : dd @HT_OldNtQueryVolumeInformationFile
{08} dd @fNewNtQueryVolumeInformationFile
dd @NtQueryVolumeInformationFileAddr
@HS_NtDeviceIoControlFile : dd @HT_OldNtDeviceIoControlFile
{09} dd @fNewNtDeviceIoControlFile
dd @NtDeviceIoControlFileAddr
@HS_LdrLoadDll : dd @HT_OldLdrLoadDll
{10} dd @fNewLdrLoadDll
dd @LdrLoadDllAddr
@HS_recv : dd @HT_Oldrecv
{11} dd @fNewrecv
dd @recvAddr
@HS_WSARecv : dd @HT_OldWSARecv
{12} dd @fNewWSARecv
dd @WSARecvAddr
@HS_EnumServiceGroupW : dd @HT_OldEnumServiceGroupW
{13} dd @fNewEnumServiceGroupW
dd @EnumServiceGroupWAddr
@HS_EnumServicesStatusExW : dd @HT_OldEnumServicesStatusExW
{14} dd @fNewEnumServicesStatusExW
dd @EnumServicesStatusExWAddr
@HS_EnumServicesStatusExA : dd @HT_OldEnumServicesStatusExA
{15} dd @fNewEnumServicesStatusExA
dd @EnumServicesStatusExAAddr
@HS_EnumServicesStatusA : dd @HT_OldEnumServicesStatusA
{16} dd @fNewEnumServicesStatusA
dd @EnumServicesStatusAAddr
@HS_NtOpenProcess : dd @HT_OldNtOpenProcess
{17} dd @fNewNtOpenProcess
dd @NtOpenProcessAddr
@HS_NtCreateFile : dd @HT_OldNtCreateFile
{18} dd @fNewNtCreateFile
dd @NtCreateFileAddr
@HS_NtOpenFile : dd @HT_OldNtOpenFile
{19} dd @fNewNtOpenFile
dd @NtOpenFileAddr
@HS_NtNotifyChangeDirectoryFile : dd @HT_OldNtNotifyChangeDirectoryFile
{20} dd @fNewNtNotifyChangeDirectoryFile
dd @NtNotifyChangeDirectoryFileAddr
@HS_NtWaitForSingleObject : dd @HT_OldNtWaitForSingleObject
{21} dd @fNewNtWaitForSingleObject
dd @NtWaitForSingleObjectAddr
@HS_NtWaitForMultipleObjects : dd @HT_OldNtWaitForMultipleObjects
{22} dd @fNewNtWaitForMultipleObjects
dd @NtWaitForMultipleObjectsAddr
@HookTable :
//there has to be the same order of functions as in @HookStatic here
//because of @HookedFlags
@HT_OldReadFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtQuerySystemInformation : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtQueryDirectoryFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtVdmControl : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtResumeThread : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtEnumerateKey : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtEnumerateValueKey : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtReadVirtualMemory : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtQueryVolumeInformationFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtDeviceIoControlFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldLdrLoadDll : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_Oldrecv : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldWSARecv : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldEnumServiceGroupW : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldEnumServicesStatusExW : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldEnumServicesStatusExA : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldEnumServicesStatusA : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtOpenProcess : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtCreateFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtOpenFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtNotifyChangeDirectoryFile : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtWaitForSingleObject : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
@HT_OldNtWaitForMultipleObjects : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
//this one is quite special
@HT_OldLdrInitializeThunk : db 090h,090h,090h,090h,090h,090h,090h,090h
db 090h,090h,090h,090h,090h,090h,090h,090h
db 0E9h,000h,000h,000h,000h
{unhook vars}
@UnhookStatic :
//there has to be the same order of functions as in @HookStatic here
//because of @HookedFlags
@UHS_ReadFile : dd @HT_OldReadFile
dd @ReadFileAddr
@UHS_NtQuerySystemInformation : dd @HT_OldNtQuerySystemInformation
dd @NtQuerySystemInformationAddr
@UHS_NtQueryDirectoryFile : dd @HT_OldNtQueryDirectoryFile
dd @NtQueryDirectoryFileAddr
@UHS_NtVdmControl : dd @HT_OldNtVdmControl
dd @NtVdmControlAddr
@UHS_NtResumeThread : dd @HT_OldNtResumeThread
dd @NtResumeThreadAddr
@UHS_NtEnumerateKey : dd @HT_OldNtEnumerateKey
dd @NtEnumerateKeyAddr
@UHS_NtEnumerateValueKey : dd @HT_OldNtEnumerateValueKey
dd @NtEnumerateValueKeyAddr
@UHS_NtReadVirtualMemory : dd @HT_OldNtReadVirtualMemory
dd @NtReadVirtualMemoryAddr
@UHS_NtQueryVolumeInformationFile : dd @HT_OldNtQueryVolumeInformationFile
dd @NtQueryVolumeInformationFileAddr
@UHS_NtDeviceIoControlFile : dd @HT_OldNtDeviceIoControlFile
dd @NtDeviceIoControlFileAddr
@UHS_LdrLoadDll : dd @HT_OldLdrLoadDll
dd @LdrLoadDllAddr
@UHS_recv : dd @HT_Oldrecv
dd @recvAddr
@UHS_WSARecv : dd @HT_OldWSARecv
dd @WSARecvAddr
@UHS_EnumServiceGroupW : dd @HT_OldEnumServiceGroupW
dd @EnumServiceGroupWAddr
@UHS_EnumServicesStatusExW : dd @HT_OldEnumServicesStatusExW
dd @EnumServicesStatusExWAddr
@UHS_EnumServicesStatusExA : dd @HT_OldEnumServicesStatusExA
dd @EnumServicesStatusExAAddr
@UHS_EnumServicesStatusA : dd @HT_OldEnumServicesStatusA
dd @EnumServicesStatusAAddr
@UHS_NtOpenProcess : dd @HT_OldNtOpenProcess
dd @NtOpenProcessAddr
@UHS_NtCreateFile : dd @HT_OldNtCreateFile
dd @NtCreateFileAddr
@UHS_NtOpenFile : dd @HT_OldNtOpenFile
dd @NtOpenFileAddr
@UHS_NtNotifyChangeDirectoryFile : dd @HT_OldNtNotifyChangeDirectoryFile
dd @NtNotifyChangeDirectoryFileAddr
@UHS_NtWaitForSingleObject : dd @HT_OldNtWaitForSingleObject
dd @NtWaitForSingleObjectAddr
@UHS_NtWaitForMultipleObjects : dd @HT_OldNtWaitForMultipleObjects
dd @NtWaitForMultipleObjectsAddr
//this one is quite special
@UHS_LdrInitializeThunk : dd @HT_OldLdrInitializeThunk
dd @LdrInitializeThunkAddr
@HookDynamic :
@HookedFlags : db 000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h
@DLLHandles:
@LKernel32DLLHandle : dd 000000000h
@LAdvapi32DLLHandle : dd 000000000h
@LWS2_32DLLHandle : dd 000000000h
@LUser32DLLHandle : dd 000000000h
@LNtDLLDLLHandle : dd 000000000h
@APIAddressTable:
@SetLastErrorAddr : dd 000000000h
@CreateMailslotAAddr : dd 000000000h
@GetMailslotInfoAddr : dd 000000000h
@WriteFileAddr : dd 000000000h
@ReadFileAddr : dd 000000000h
@CloseHandleAddr : dd 000000000h
@GetEnvironmentVariableWAddr : dd 000000000h
@GetModuleFileNameAAddr : dd 000000000h
@DuplicateHandleAddr : dd 000000000h
@CreateProcessAAddr : dd 000000000h
@ExitThreadAddr : dd 000000000h
@CreateThreadAddr : dd 000000000h
@CreatePipeAddr : dd 000000000h
@PeekNamedPipeAddr : dd 000000000h
@WaitForMultipleObjectsAddr : dd 000000000h
@TerminateThreadAddr : dd 000000000h
@TerminateProcessAddr : dd 000000000h
@DisconnectNamedPipeAddr : dd 000000000h
@IsBadReadPtrAddr : dd 000000000h
@LocalAllocAddr : dd 000000000h
@LocalFreeAddr : dd 000000000h
@GetLastErrorAddr : dd 000000000h
@EnumServiceGroupWAddr : dd 000000000h
@EnumServicesStatusExWAddr : dd 000000000h
@EnumServicesStatusExAAddr : dd 000000000h
@EnumServicesStatusAAddr : dd 000000000h
{new 078}
@AllocateAndInitializeSidAddr : dd 000000000h
@GetLengthSidAddr : dd 000000000h
@InitializeAclAddr : dd 000000000h
@AddAccessAllowedAceAddr : dd 000000000h
@InitializeSecurityDescriptorAddr : dd 000000000h
@SetSecurityDescriptorDaclAddr : dd 000000000h
{/new 078}
@sendAddr : dd 000000000h
@recvAddr : dd 000000000h
@WSARecvAddr : dd 000000000h
@WSAGetLastErrorAddr : dd 000000000h
@WSAEventSelectAddr : dd 000000000h
@WSAIoctlAddr : dd 000000000h
@WSASocketAAddr : dd 000000000h
@WSAConnectAddr : dd 000000000h
@WSACreateEventAddr : dd 000000000h
@WSAWaitForMultipleEventsAddr : dd 000000000h
@WSAEnumNetworkEventsAddr : dd 000000000h
@closesocketAddr : dd 000000000h
@PeekMessageAAddr : dd 000000000h
@NtQueryObjectAddr : dd 000000000h
@NtQueryInformationThreadAddr : dd 000000000h
@NtQuerySystemInformationAddr : dd 000000000h
@NtQueryDirectoryFileAddr : dd 000000000h
@NtVdmControlAddr : dd 000000000h
@NtResumeThreadAddr : dd 000000000h
@NtSuspendThreadAddr : dd 000000000h
@NtOpenThreadAddr : dd 000000000h
@NtEnumerateKeyAddr : dd 000000000h
@NtEnumerateValueKeyAddr : dd 000000000h
@NtQueryVolumeInformationFileAddr : dd 000000000h
@LdrLoadDllAddr : dd 000000000h
@NtOpenSectionAddr : dd 000000000h
@NtMapViewOfSectionAddr : dd 000000000h
@NtUnmapViewOfSectionAddr : dd 000000000h
@NtOpenDirectoryObjectAddr : dd 000000000h
@NtCloseAddr : dd 000000000h
@NtAllocateVirtualMemoryAddr : dd 000000000h
@NtFreeVirtualMemoryAddr : dd 000000000h
@NtOpenProcessAddr : dd 000000000h
@NtDuplicateObjectAddr : dd 000000000h
@NtReadVirtualMemoryAddr : dd 000000000h
@NtWriteVirtualMemoryAddr : dd 000000000h
@NtQueryVirtualMemoryAddr : dd 000000000h
@NtFlushInstructionCacheAddr : dd 000000000h
@NtProtectVirtualMemoryAddr : dd 000000000h
@NtQueryInformationProcessAddr : dd 000000000h
@NtOpenKeyAddr : dd 000000000h
@LdrInitializeThunkAddr : dd 000000000h
@RtlAnsiStringToUnicodeStringAddr : dd 000000000h
@RtlCompareUnicodeStringAddr : dd 000000000h
@RtlInitAnsiStringAddr : dd 000000000h
@NtCreateFileAddr : dd 000000000h
@NtDeviceIoControlFileAddr : dd 000000000h
@NtOpenFileAddr : dd 000000000h
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -