最近在老外网站上又发现了一些好东西。/ W& ~4 [# \! P) `( b6 _: i
' G4 }$ j: l* k& e4 e; JDLL注入利器Petools是一套关于DLL注入的工具集。0 E v- q8 |) h3 p8 R
将在以后的高难度汉化中派上用处。: _; G# g1 |- r
/ H; n+ E6 |7 D4 P( k
原文% L( \7 V$ _% D( ]: \: t% M% @. b
http://comrade.ownz.com/projects/petools.html
. {) {8 j' g& Z4 l4 Y
4 N9 I. L% r( m& _ Z使用方法
( a0 f. }- b u( H/ H% d2 WInject Tool: {3 v; k) ^" _, N/ }. b
Inject is a tool that injects a DLL into a running process. Its command-line usage is as follows: & j- o& k& P0 Q8 r/ d
6 @- ?. _' n& z8 ~4 M
Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll
8 O, r4 M: `6 V; R4 a$ F' k2 \Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll
. ~+ S% P7 l, `8 L3 f9 z B$ F/ [Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll
4 O! ~0 b' ?8 l4 N w% J$ ]& ]& yInject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll 1 V% M: C; k J H
Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll
( F* z6 {7 E$ ?+ b# uNote that in all uses, you should specify the full path to the injected DLL. . `" `: Q/ I% C# X
% H Y3 {& V1 M' f( u/ P- }5 L1 K
Loader Tool
+ i' G* v9 f( q" `5 |+ A4 QLoader is a tool that injects a DLL before launching a process. Its command-line usage is as follows: " u5 T& g4 |: S* X; `
. h/ i. n; D+ F* }7 t! r- z3 ]Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll ( d' _" x6 f4 B# R O
Note that you should specify the full path to the injected DLL. - A6 h5 |% C3 D
& p% U. B5 H8 v9 PPatch Tool
/ J5 f% O" s6 @( X0 WPatch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.# Z; f% l$ |5 R' \5 t
The tool's command-line usage is as follows: / j9 G8 K2 v! P
0 o& F! Q( }% M" T4 i
Patch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll ; }$ X& c4 s+ x" x
1 H" l3 ?; v$ y4 S) \Reimport Tool; q7 b. _6 R/ Q2 A
Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll. |
发表于 2010-2-4 11:38
![【1115号】双子思维5:致命戏法ChinaAVG汉化版[1.35G]](data/attachment/forum/202409/13/185355ool5hoogw798k9z5.jpg)
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
