标签:
[PC Hunter Standard][League of Legends.exe-->Ring3 Hook]: 108
Hooked Object Hook Address and Location Type Current Value Original Value
[*]len(4) League of Legends.exe 0x0000000000AC6785->_ inline C7 86 20 01 00 00 00 00
[*]len(4) League of Legends.exe 0x0000000000AC678F->_ inline C7 86 28 01 00 00 00 00
[*]len(4) League of Legends.exe 0x0000000000AC6F8E->_ inline C7 81 28 03 00 00 00 00
len(7) ntdll.dll->[Ordinal:8] 0x00000000775A4610->_ inline E9 C4 CE 5D 98 CC CC 6A 30 68 E0 24 67 77
len(7) ntdll.dll->DbgUiRemoteBreakin 0x0000000077629D20->_ inline E9 B9 78 28 99 CC CC 6A 08 68 C0 37 67 77
len(5) ntdll.dll->RtlExitUserProcess 0x00000000775D7D40->_ inline E9 DB 9D B7 A1 8B FF 55 8B EC
[*]KERNEL32.DLL->ntdll.dll:NtSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
KERNEL32.DLL->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
[*]KERNEL32.DLL->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]KERNEL32.DLL->ntdll.dll:ZwCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]KERNEL32.DLL->ntdll.dll:ZwSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
len(5) KERNEL32.DLL->ExitProcess 0x0000000076FC7B30->_ inline E9 B8 51 3A 99 55 8B EC 6A FF
len(5) KERNEL32.DLL->IsBadReadPtr 0x0000000076FB2510->_ inline E9 1B F5 19 A2 8B FF 55 8B EC
len(5) KERNEL32.DLL->SetUnhandledExceptionFilter 0x0000000076FBA940->_ inline 33 C0 C2 04 00 8B FF 55 8B EC
len(5) KERNEL32.DLL->TerminateProcess 0x0000000076FC5100->_ inline E9 8B C7 3E 99 8B FF 55 8B EC
len(5) KERNEL32.DLL->TerminateThread 0x0000000076FC0160->_ inline E9 D6 65 B9 98 8B FF 55 8B EC
len(5) KERNEL32.DLL->UnhandledExceptionFilter 0x0000000076FE2670->_ inline E9 1B F3 16 A2 8B FF 55 8B EC
KERNELBASE.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
[*]KERNELBASE.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]KERNELBASE.dll->ntdll.dll:NtSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
KERNELBASE.dll->ntdll.dll:ZwSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
[*]len(6) KERNELBASE.dll 0x0000000076A8F419->_ inline E8 32 6D 03 90 90 FF 15 7C A3 AA 76
len(5) apphelp.dll 0x000000006F8C2610->_ inline E9 2B 00 AC 98 8B FF 55 8B EC
[*]USER32.dll->ntdll.dll:NtSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
len(5) USER32.dll->GetMessageA 0x000000007608E140->_ inline E9 CB 38 0C A3 8B FF 55 8B EC
len(5) USER32.dll->GetMessageW 0x0000000076094F70->_ inline E9 AB CA 0B A3 8B FF 55 8B EC
len(5) USER32.dll->PeekMessageA 0x000000007607CA50->_ inline E9 5B 4F 0D A3 8B FF 55 8B EC
len(5) USER32.dll->PeekMessageW 0x000000007607CC10->_ inline E9 CB 4D 0D A3 8B FF 55 8B EC
[*]SHELL32.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
[*]SHELL32.dll->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
SHELL32.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
SHELL32.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
cfgmgr32.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
windows.storage.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
windows.storage.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
RPCRT4.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
advapi32.dll->ntdll.dll:NtSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
advapi32.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
shcore.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]powrprof.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]SETUPAPI.dll->ntdll.dll:NtSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
[*]SETUPAPI.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
len(5) IMM32.DLL->ImmAssociateContext 0x0000000074502380->_ inline E9 BB 1B CB A8 8B FF 55 8B EC
IPHLPAPI.DLL->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
IPHLPAPI.DLL->ntdll.dll:ZwCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
NETAPI32.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]WS2_32.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
mswsock.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
mswsock.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
[*]DNSAPI.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]fwpuclnt.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]rasadhlp.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
ole32.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
[*]ole32.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
[*]ole32.dll->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
rsaenh.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
dhcpcsvc.DLL->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]WININET.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
NETUTILS.DLL->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
WKSCLI.DLL->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]TenRPCS.dll->KERNEL32.dll:CreateProcessA 0x0000000076FE0750->0x000000006D69B930[C:\Windows\AppPatch\AcLayers.DLL] Iat 30 B9 69 6D 50 07 FE 76
webio.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
[*]bugsplat.dll->KERNEL32.dll:CreateProcessA 0x0000000076FE0750->0x000000006D69B930[C:\Windows\AppPatch\AcLayers.DLL] Iat 30 B9 69 6D 50 07 FE 76
[*]dinput8.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
[*]dinput8.dll->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
[*]riotlauncher.dll->KERNEL32.dll:CreateProcessA 0x0000000076FE0750->0x000000006D69B930[C:\Windows\AppPatch\AcLayers.DLL] Iat 30 B9 69 6D 50 07 FE 76
len(5) d3d9.dll 0x00000000579D6D40->_ inline E9 AB 58 E5 B2 6A 20 B8 89 78
len(5) d3d9.dll 0x0000000057A59FD0->_ inline E9 5B 24 DD B2 8B FF 55 8B EC
len(5) d3d9.dll 0x0000000057A5A360->_ inline E9 1B 21 DD B2 8B FF 55 8B EC
len(5) d3d9.dll 0x0000000057A5A440->_ inline E9 BB 20 DD B2 8B FF 55 8B EC
uxtheme.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
uxtheme.dll->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
[*]fraps32.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
fraps32.dll->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
[*]MSCTF.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
[*]comctl32.dll[WinSxs]->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
[*]comctl32.dll[WinSxs]->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
[*]AudioHook.dll->USER32.dll:SetWindowsHookExW 0x000000007607FB20->0x000000006F8F8650[C:\Windows\syswow64\apphelp.dll] Iat 50 86 8F 6F 20 FB 07 76
AudioHook.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
[*]MSVCR100.dll->KERNEL32.dll:CreateProcessA 0x0000000076FE0750->0x000000006D69B930[C:\Windows\AppPatch\AcLayers.DLL] Iat 30 B9 69 6D 50 07 FE 76
MSVCR100.dll->KERNEL32.dll:CreateProcessW 0x0000000076FBB000->0x000000006D69BB70[C:\Windows\AppPatch\AcLayers.DLL] Iat 70 BB 69 6D 00 B0 FB 76
len(5) RecordHelper.dll 0x000000000A82C430->_ inline E9 AB 81 98 12 55 8B EC 8B 0D
len(5) RecordHelper.dll 0x000000000A82C480->_ inline E9 1B 82 98 12 55 8B EC 83 EC
len(5) RecordHelper.dll 0x000000000A82C500->_ inline E9 AB 03 00 00 55 8B EC 8B 0D
len(5) RecordHelper.dll 0x000000000A82C5F0->_ inline E9 AB 03 00 00 55 8B EC 6A FF
len(4) MMDevApi.dll 0x000000006AFD2160->_ inline F0 28 38 08 00 2E FE 6A
len(4) MMDevApi.dll 0x000000006AFD2288->_ inline F0 28 38 08 00 CE FD 6A
len(12) MMDevApi.dll 0x000000006AFD2870->_ inline 20 27 38 08 90 27 38 08 10 28 38 08 E0 BE FD 6A 50 BD FD 6A 70 B9 FD 6A
[*]len(4) MMDevApi.dll 0x000000006AFD2BA4->_ inline 80 28 38 08 F0 87 FD 6A
[*]len(4) MMDevApi.dll 0x000000006AFD2BFC->_ inline F0 28 38 08 40 C2 00 6B
DEVOBJ.dll->ntdll.dll:NtSetValueKey 0x00000000775F71D0->0x000000006F8F85D0[C:\Windows\syswow64\apphelp.dll] Iat D0 85 8F 6F D0 71 5F 77
DEVOBJ.dll->ntdll.dll:NtSetInformationFile 0x00000000775F6E40->0x000000006F8C2420[C:\Windows\syswow64\apphelp.dll] Iat 20 24 8C 6F 40 6E 5F 77
[*]len(12) AUDIOSES.DLL 0x000000006B082274->_ inline F0 30 38 08 F0 2F 38 08 50 30 38 08 B0 0B 09 6B 20 90 09 6B C0 8D 09 6B
[*]len(8) AUDIOSES.DLL 0x000000006B082344->_ inline B0 2E 38 08 B0 2A 38 08 20 3D 09 6B 00 5C 09 6B
[*]len(4) AUDIOSES.DLL 0x000000006B082354->_ inline 50 2F 38 08 60 5D 09 6B
[*]len(20) AUDIOSES.DLL 0x000000006B082364->_ inline 80 2B 38 08 10 2C 38 08 A0 2C 38 08 E0 67 09 6B 30 2D 38 08 10 64 09 6B 10 65 09 6B 20 66 09 6B E0 67 09 6B 20 69 09 6B
[*]len(12) AUDIOSES.DLL 0x000000006B083E64->_ inline 30 32 38 08 50 23 09 6B D0 32 38 08 E0 22 09 6B 50 23 09 6B E0 23 09 6B
len(5) dxgi.dll 0x000000006B88DB30->_ inline E9 5B F0 F9 9E 8B FF 55 8B EC
len(5) dxgi.dll 0x000000006B899320->_ inline E9 1B 39 F9 9E 8B FF 55 8B EC
len(5) dxgi.dll 0x000000006B89C900->_ inline E9 CB 02 F9 9E 8B FF 55 8B EC
wnmkey.dll->USER32.dll:CallNextHookEx 0x0000000076073560->0x000000006F8C20E0[C:\Windows\syswow64\apphelp.dll] Iat E0 20 8C 6F 60 35 07 76
GbSpy.dll->KERNEL32.dll:CreateProcessA 0x0000000076FE0750->0x000000006D69B930[C:\Windows\AppPatch\AcLayers.DLL] Iat 30 B9 69 6D 50 07 FE 76
[*]TenioDL.dll->KERNEL32.dll:CreateProcessW 0x0000000076FBB000->0x000000006D69BB70[C:\Windows\AppPatch\AcLayers.DLL] Iat 70 BB 69 6D 00 B0 FB 76
len(5) SmartCross.dll 0x000000001D1B45E0->_ inline E9 FB 81 67 ED 56 8B 74 24 08
len(5) SmartCross.dll 0x000000001D1B46A0->_ inline E9 8B 81 67 ED 83 EC 14 53 55
CrossShell.dll->KERNEL32.dll:CreateProcessA 0x0000000076FE0750->0x000000006D69B930[C:\Windows\AppPatch\AcLayers.DLL] Iat 30 B9 69 6D 50 07 FE 76
[*]avrt.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
netbios.dll->ntdll.dll:NtCreateFile 0x00000000775F7120->0x000000006F8C24E0[C:\Windows\syswow64\apphelp.dll] Iat E0 24 8C 6F 20 71 5F 77
LOL游戏程序中对一些函数的Hook记录(Win10 x64)
标签:
原文地址:http://www.cnblogs.com/g0ttl/p/5874687.html