最近在老外网站上又发现了一些好东西。
: r+ _. ^8 }' |9 X$ x0 B) ?8 _# G3 H* t( U5 y
DLL注入利器Petools是一套关于DLL注入的工具集。7 s; b: V( n% T: X0 Z" k7 G* g4 v) n: c6 i
将在以后的高难度汉化中派上用处。- D% N/ G4 c& G
) V, T# ]3 ~( Y7 r1 ?+ @6 ^
原文
8 [1 y9 D. j# J9 Qhttp://comrade.ownz.com/projects/petools.html
8 D: C( H3 T7 r7 Z- e, ~: m
4 C2 L2 U+ U" e6 O- n9 z7 j使用方法
+ n3 x+ P2 @6 d: t% W6 y% ]Inject Tool
) \7 b* ?; K0 n+ vInject is a tool that injects a DLL into a running process. Its command-line usage is as follows: ! `1 T) s0 x6 h5 t) ?
/ v0 Y7 e8 E1 b+ F1 d. WInject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll / ?7 e2 a* f9 [& Z) Q# w( {
Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll , P8 g5 \; @ l k
Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll
9 U2 B0 ~: ~2 [/ ZInject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll % z, w4 S( |! q& B# _/ r
Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll 6 G, ~& k$ Y' Z$ _# ]
Note that in all uses, you should specify the full path to the injected DLL.
, Y- M! [! l# b! V% c* L8 t7 n( E1 X5 g
Loader Tool
# k; M8 }5 P9 i, R$ xLoader is a tool that injects a DLL before launching a process. Its command-line usage is as follows: 6 K K" D' [; _" V! q. e$ f5 T0 n
/ j) E$ w) }8 G
Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll
9 |5 t" Q4 }2 M% TNote that you should specify the full path to the injected DLL. % O; m, v: X, O/ _7 i
1 G, |1 D) v" U; {3 A9 @$ k
Patch Tool2 x- T- \5 ], D/ W( A* K3 @
Patch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool./ U' ^+ W _9 v9 ]$ o7 u; G! q4 C+ d
The tool's command-line usage is as follows:
$ u( s! J* g. U# r
# p. W, a1 ~) ^- wPatch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll
7 R ]8 R' X# T l2 n
4 h4 h' V+ _7 K' I7 n: i3 `Reimport Tool, i! \) }) c9 D
Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll. |