赞 | 451 |
VIP | 56 |
好人卡 | 75 |
积分 | 423 |
经验 | 124650 |
最后登录 | 2024-11-14 |
在线时间 | 7598 小时 |
Lv5.捕梦者 (管理员) 老黄鸡
- 梦石
- 0
- 星屑
- 42339
- 在线时间
- 7598 小时
- 注册时间
- 2009-7-6
- 帖子
- 13506
|
加入我们,或者,欢迎回来。
您需要 登录 才可以下载或查看,没有帐号?注册会员
x
理论上VA任何版本通用,可以自行魔改到STDIN.gets上,修改最下面一段就可以
#by Fux2 20170510 21:47:15 #转载请说明出处 class String def byte_length ret = 0 self.each_byte{ret+=1} ret end def address [self].pack("p").unpack("L")[0] end end module Fux2 module Win32Tools ReadProcessMemory = Win32API.new('kernel32','ReadProcessMemory','llpll','l') WriteProcessMemory = Win32API.new('kernel32','WriteProcessMemory','llpll','l') VirtualProtect = Win32API.new('kernel32','VirtualProtect','lllp','l') GetModuleHandle = Win32API.new('kernel32','GetModuleHandle','p','l') GetProcAddress = Win32API.new('kernel32','GetProcAddress','lp','l') GetCurrentProcess = Win32API.new('kernel32','GetCurrentProcess','v','l') module_function def readmem(addr,buf,len) ReadProcessMemory.call(@@hProc,addr,buf,len,0) end def writemem(addr,buf,len) WriteProcessMemory.call(@@hProc,addr,buf,len,0) end def unprotect(addr,len) VirtualProtect.call(addr,len,0x40,"\0"*4) end def getmodule(name) GetModuleHandle.call(name) end def getaddr(dll,name) GetProcAddress.call(dll,name) end def init @@hProc = GetCurrentProcess.call raise "cannot open process" if @@hProc==0 end init end class ReadFileHooker include Win32Tools HookCode = ([0xC7,0x44,0x24,0x0C,0x12,0x05,0x00,0x00]+[0]*6).pack("C*") def SetHookOn cad = @code_address cal = @code_length hook_addr = cad-@proc-5 Win32Tools.writemem(cad+cal-6,@origin_code_readfile,6) Win32Tools.writemem(@proc,[0xE9,hook_addr,0x90].pack("ClC"),6) end def SetHookOff return unless @origin_code_readfile Win32Tools.writemem(@proc,@origin_code_readfile,6) end def initialize dll = Win32Tools.getmodule("kernel32") @proc = Win32Tools.getaddr(dll,"ReadFile") @code_address = HookCode.address @code_length = HookCode.byte_length @origin_code_readfile = "\0"*6 Win32Tools.readmem(@proc,@origin_code_readfile,6) unprotect(@code_address,@code_length) end end end class << $stdin def hack @tool = Fux2::ReadFileHooker.new alias _gets gets def gets @tool.SetHookOn ret = _gets @tool.SetHookOff return ret end end end $stdin.hack
#by Fux2 20170510 21:47:15
#转载请说明出处
class String
def byte_length
ret = 0
self.each_byte{ret+=1}
ret
end
def address
[self].pack("p").unpack("L")[0]
end
end
module Fux2
module Win32Tools
ReadProcessMemory = Win32API.new('kernel32','ReadProcessMemory','llpll','l')
WriteProcessMemory = Win32API.new('kernel32','WriteProcessMemory','llpll','l')
VirtualProtect = Win32API.new('kernel32','VirtualProtect','lllp','l')
GetModuleHandle = Win32API.new('kernel32','GetModuleHandle','p','l')
GetProcAddress = Win32API.new('kernel32','GetProcAddress','lp','l')
GetCurrentProcess = Win32API.new('kernel32','GetCurrentProcess','v','l')
module_function
def readmem(addr,buf,len)
ReadProcessMemory.call(@@hProc,addr,buf,len,0)
end
def writemem(addr,buf,len)
WriteProcessMemory.call(@@hProc,addr,buf,len,0)
end
def unprotect(addr,len)
VirtualProtect.call(addr,len,0x40,"\0"*4)
end
def getmodule(name)
GetModuleHandle.call(name)
end
def getaddr(dll,name)
GetProcAddress.call(dll,name)
end
def init
@@hProc = GetCurrentProcess.call
raise "cannot open process" if @@hProc==0
end
init
end
class ReadFileHooker
include Win32Tools
HookCode = ([0xC7,0x44,0x24,0x0C,0x12,0x05,0x00,0x00]+[0]*6).pack("C*")
def SetHookOn
cad = @code_address
cal = @code_length
hook_addr = cad-@proc-5
Win32Tools.writemem(cad+cal-6,@origin_code_readfile,6)
Win32Tools.writemem(@proc,[0xE9,hook_addr,0x90].pack("ClC"),6)
end
def SetHookOff
return unless @origin_code_readfile
Win32Tools.writemem(@proc,@origin_code_readfile,6)
end
def initialize
dll = Win32Tools.getmodule("kernel32")
@proc = Win32Tools.getaddr(dll,"ReadFile")
@code_address = HookCode.address
@code_length = HookCode.byte_length
@origin_code_readfile = "\0"*6
Win32Tools.readmem(@proc,@origin_code_readfile,6)
unprotect(@code_address,@code_length)
end
end
end
class << $stdin
def hack
@tool = Fux2::ReadFileHooker.new
alias _gets gets
def gets
@tool.SetHookOn
ret = _gets
@tool.SetHookOff
return ret
end
end
end
$stdin.hack
|
评分
-
查看全部评分
|