最近在老外网站上又发现了一些好东西。
( n' D" z7 V0 H
6 I) p# g! |9 q# IDLL注入利器Petools是一套关于DLL注入的工具集。& t8 `' B4 } r" _8 ^. u" n8 l. g9 S
将在以后的高难度汉化中派上用处。7 U m0 l1 s- m9 ]' h6 ?
7 s8 b; w* ], s% g1 _原文& b9 Q# `" h0 ^# N1 L
http://comrade.ownz.com/projects/petools.html7 X! z4 q+ v9 T( _( t r
5 x8 }4 y& t U9 Q* W) J3 j: \
使用方法
4 |$ o( t$ {1 |' }' w' c$ \6 P: rInject Tool
: L8 p3 J. u$ c. vInject is a tool that injects a DLL into a running process. Its command-line usage is as follows: + t7 U8 A m3 b- l
2 t6 _$ |+ t& [3 j, Z& A
Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll 7 X: u& Z) F, A) Y! _& v$ X4 u
Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll + S4 u a1 N1 k3 b9 n
Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll * X7 D# j( E0 Y/ U A' Z) J7 i
Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll
: C5 g8 U+ \8 TInject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll
]9 i' s* O* v1 X& pNote that in all uses, you should specify the full path to the injected DLL. 3 T& H0 _: z1 g
- a# m1 @3 w6 R/ y8 I d7 GLoader Tool
+ \5 I- g- k. O' ILoader is a tool that injects a DLL before launching a process. Its command-line usage is as follows:
/ q$ o- n ~1 G! ]' c$ X( j8 W; T
7 [" [0 g1 F" B1 P) {Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll , F* K9 V' y( b1 Y$ f' K+ e: O8 H
Note that you should specify the full path to the injected DLL. ! h# j3 C: q5 F2 U
# X/ X2 d4 J: L) ]
Patch Tool
$ O8 T% B3 Y+ \1 W4 ~' E* SPatch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.
2 C H. `: Z4 V9 H, A; u1 q8 ~' @The tool's command-line usage is as follows: ! }. o0 Q- u- a X! w# | `' C% B
+ p/ ^1 _ R; A- \ ?, c# TPatch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll
2 c- l6 V* E9 l0 {* B8 E' Y5 H+ G% q9 V# M- O6 P9 [
Reimport Tool
5 K4 d, ?. ?. e6 c9 k$ I. DReimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll. |