最近在老外网站上又发现了一些好东西。+ J9 ?3 r* O3 ~# |* K0 I6 z- N5 y
$ ^" J$ G3 B* o
DLL注入利器Petools是一套关于DLL注入的工具集。
6 `( ]7 b/ l3 Z. f7 u( G将在以后的高难度汉化中派上用处。
' s( d/ I+ i# I b0 m+ ?
. X8 ^! H9 h; m$ K, O原文
4 v, F& b# M5 Q5 M: I, g! I qhttp://comrade.ownz.com/projects/petools.html2 v* n. |5 v+ |! h+ s$ g& z2 ^# R% j
- Q5 T# L% Q0 G B' C
使用方法6 R& s: q3 k& T/ a
Inject Tool
; V. E3 L. b$ O2 X8 P& B' F$ FInject is a tool that injects a DLL into a running process. Its command-line usage is as follows: ' c* q+ c- t9 M0 s n2 t
; V/ l3 T& E" ?( r# a* l& @: E* W! PInject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll
8 |* I& t4 B6 S f eInject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll ; v- b6 x" _* y
Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll 6 Z( p; x% L$ ?+ e9 R" ?
Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll
5 o9 K( I& q2 d6 FInject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll . X; R* S/ F3 X8 ~
Note that in all uses, you should specify the full path to the injected DLL. 2 R* p" p4 b* P5 {
$ L2 w' m9 f% l8 J1 A1 \
Loader Tool
( j0 g$ w$ m% JLoader is a tool that injects a DLL before launching a process. Its command-line usage is as follows: % U1 p% |4 F# Z
4 M! B$ c" }6 R! QLoad notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll
. P4 p* B- F$ r( E. H. ~Note that you should specify the full path to the injected DLL.
6 s; ^5 ]. Q7 Y
; F% w0 T2 f6 r0 I+ e% |6 R1 zPatch Tool
# h% s+ p; b& Z+ KPatch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.+ W* E9 o) \/ o$ w) V F
The tool's command-line usage is as follows:
2 J2 ]& s) O2 G$ K1 w9 f1 {
4 }( ~( m/ \0 PPatch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll " p/ }5 R6 t- o9 K4 L7 O2 k$ o
2 p2 E; g3 z9 r) nReimport Tool, m# W2 L! f. m- \
Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll. |
发表于 2010-2-4 11:38
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
分享
很美好
很差劲
