标题: DLL注入利器Petools [打印本页] 作者: shane007 时间: 2010-2-4 11:38 标题: DLL注入利器Petools 最近在老外网站上又发现了一些好东西。1 b8 S( @7 S# c; Z1 K
# Z7 T6 y+ O8 ]8 O
DLL注入利器Petools是一套关于DLL注入的工具集。0 Z4 x) w, t5 n4 s) r, L
将在以后的高难度汉化中派上用处。4 x: g- T2 z! l" l' b
/ z- p9 ^- v: L+ e& L7 D6 u: k: W
原文# F( o' r4 S: W' @. @ http://comrade.ownz.com/projects/petools.html9 f3 W0 b) s0 k0 Z) b* k
5 b* q3 V' H8 R9 B
使用方法& u5 Q% b/ b" o8 R
Inject Tool * G/ _( N# d8 B) K4 y( {Inject is a tool that injects a DLL into a running process. Its command-line usage is as follows: - K* v) {+ h$ b( K$ k! d2 W% c- v; W6 s3 L/ b+ r* e/ N
Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll # B/ s4 C/ A( D' y9 S- O
Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll , L2 R6 u7 W+ u `1 SInject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll 0 R. [. t; i: QInject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll 8 m7 d1 \7 }0 J1 o2 E' i7 }' E" E8 r' ?! OInject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll ! w0 `; e6 {7 r- x& g, k
Note that in all uses, you should specify the full path to the injected DLL. & N2 d0 E4 L0 @! [3 A8 {8 G5 ~ [% @* e" L) T3 }
Loader Tool1 U$ P$ U$ ?' S8 v+ Z( T% S
Loader is a tool that injects a DLL before launching a process. Its command-line usage is as follows: # c; G/ C- T) Z" O) x3 A , V/ |% o/ S* ULoad notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll * i! ]+ y7 H. Y) h" K( v7 WNote that you should specify the full path to the injected DLL. ; H: i, f$ \# A6 l
2 I" U5 Z4 ?+ t$ m+ m
Patch Tool# k! E; Q* H3 { `: |3 Q8 x5 m4 K
Patch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool./ I% k' e1 y p, ^( z6 O" Y) U
The tool's command-line usage is as follows: 5 n, U# m! d3 L
/ w+ a$ k, n6 r- U6 HPatch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll ' K& x* h) V1 g; h' o, U. [$ d1 P. V# F/ t
Reimport Tool ; y' r/ k1 J' `! lReimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll.