最近在老外网站上又发现了一些好东西。! T; y4 [. L. |6 b( X8 O0 ^ `: W
1 _; X0 w) V; o3 e& ~
DLL注入利器Petools是一套关于DLL注入的工具集。1 d2 `' t' _* s+ l6 W8 G$ A$ } U
将在以后的高难度汉化中派上用处。
, ?3 R# ?! Z& p% f
; z* m" K, ]. J. b" p5 w. G) g! x原文
: G: J: I. I ]& \8 Y( s6 `http://comrade.ownz.com/projects/petools.html- Q6 S8 S; Z' ]' L& S' ~5 V
6 j' c" d! s- Z: J$ l
使用方法
: @" ]; F9 S {% J/ r, r% [Inject Tool
e) R( l, B" ?5 V% g8 c% R) \: hInject is a tool that injects a DLL into a running process. Its command-line usage is as follows:
8 b, j( ~# s* v. ~6 h& i4 _! q# Q5 _- c
Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll : v* _8 j5 ~* g) d6 ~
Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll
. B+ J- M5 u/ C6 V6 AInject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll ( n( x J1 K) }( Z6 F9 E) [& n
Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll * r' z1 ^* b4 ^) a4 w& ^
Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll , O. d$ y z$ t. m+ g# o
Note that in all uses, you should specify the full path to the injected DLL.
. E7 H: i2 j0 x( W! \2 S9 c6 A0 u% h# c, y c% R/ }
Loader Tool
# S6 @( i k2 G; U0 i. l4 s6 G7 T# ELoader is a tool that injects a DLL before launching a process. Its command-line usage is as follows: ; h) W9 n; @; }
. E, E# a9 @7 a2 JLoad notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll 6 J4 \6 N$ T1 s5 k% H# s \1 X
Note that you should specify the full path to the injected DLL.
2 Q3 [3 y1 N; y& [. z( w
( G% @; Q& C9 e0 ^2 v% rPatch Tool+ ]; d$ n& Q# u
Patch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.* M% [7 Q- }# q. M7 O1 I
The tool's command-line usage is as follows:
2 n6 I6 y7 h/ _1 f: b* U- Z$ S3 ] j" R/ ^: V q! g
Patch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll 4 L5 q) \1 U9 m: V6 B, ]
I) M$ r v# P3 K
Reimport Tool
/ h) x* G3 w, D5 e: j- s8 CReimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll. |