SpyGlass
========
SpyGlass is a hooking library that allows for hooking inside remote processes. The API is an event driven framework, allowing .NET developers easily inspect and alter the behaviour of the target process without having to write lots of code.
Features
========
- Hook anywhere in any process, even if the process is running on a different (virtual) machine.
- Useful if the target application is malware and needs to be isolated from anything else.
- View and edit register values in the callback.
- View and edit memory in the callback.
- Various convenience methods, such as:
- Getting the address of a procedure in a remote process.
Showcase
========
Inspecting the arguments of a MessageBoxA call
----------------------------------------------
![Left: Master, Right: Slave](doc/img/screenshot2.png)
The image above showcases a simple hooking application (on the right) that monitors a remote process running inside a virtual machine (on the left) that calls `MessageBoxA` at some point. We can use SpyGlass to hook this function remotely, and inspect the arguments.
- Check out the [source code](src/Examples/MessageBox).
- To reproduce, run the following command in the VM:
```
SpyGlass.Bootstrapper.x86.exe SpyGlass.Injection.x86.dll MessageBoxTest.exe
```
And on the master machine, run:
```
MessageBoxHook.exe <ip-address> 12345
```
Changing stack values on the fly
--------------------------------
![Left: Master, Right: Slave](doc/img/screenshot1.png)
In this case, the function `DummyMethod` in the slave process takes three arguments, and simply adds them together. This function is originally called with three arguments: `0x1337`, `0x1338` and `0x1339`. However, the master process hooked this function, and modified the first parameter from `0x1337` to `0x1234` in the callback.
- Check out the [source code](src/Examples/DummyExample).
- To reproduce, run the following command in the VM:
```
SpyGlass.Bootstrapper.x86.exe SpyGlass.Injection.x86.dll SpyGlass.DummyTarget.exe
```
And on the master machine, run:
```
SpyGlass.Sample.x86.exe <ip-address> 12345
```
FAQ
===
How do I write my own hooks?
----------------------------
To write your own master process and/or bootstrapper, see the [quick starters guide](doc/QuickStart.md).
How does it work?
-----------------
Here's a quick summary of how the library works internally:
**How does the remoting part work?**
1. Target (slave) process is injected with a dynamically loaded library (dll).
2. Library spawns a new thread.
3. Thread opens a TCP connection with the master process and starts listening for commands.
**How does the hooking process work?**
1. At the target address, we disassemble the instructions up to the point we have read at least 5 bytes of assembly code.
2. Construct a trampoline that ...
- ... makes sure all registers (including the stack and program counters) are put in a safe spot.
- ... calls the callback in a **__stdcall** fashion.
- ... executes the disassembled instructions in step 1.
- ... jumps back to the instruction after the place of the hook.
3. Insert a `call` to the trampoline at the position of the hook.
4. Report to the master process on events.
For details go [here](doc/HowItWorks.md).
Oh no I broke the library! What do I do now?
-------------------------------------------
First thing you have to remember is that I don't write bugs, only interesting new features. Make sure you are not just misusing a feature. With great power comes great responsibility!
If you still believe you have found a bug, please go to the [issue tracker](https://github.com/Washi1337/SpyGlass/issues/).
没有合适的资源?快使用搜索试试~ 我知道了~
.NET的远程进程挂钩库_C#_C++_下载.zip
共68个文件
cs:32个
cpp:8个
h:8个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 177 浏览量
2023-05-01
20:50:23
上传
评论
收藏 513KB ZIP 举报
温馨提示
.NET的远程进程挂钩库_C#_C++_下载.zip
资源推荐
资源详情
资源评论
收起资源包目录
.NET的远程进程挂钩库_C#_C++_下载.zip (68个子文件)
SpyGlass-master
LICENSE.md 1KB
doc
HowItWorks.md 69B
img
screenshot1.png 226KB
screenshot2.png 237KB
QuickStart.md 925B
src
Examples
DummyExample
SpyGlass.Sample.x86
AsmResolverParametersDetector.cs 1KB
Properties
AssemblyInfo.cs 1KB
Program.cs 3KB
RegisterX86.cs 225B
SpyGlass.Sample.x86.csproj 3KB
SpyGlass.DummyTarget
SpyGlass.DummyTarget.vcxproj.filters 955B
SpyGlass.DummyTarget.cpp 715B
SpyGlass.DummyTarget.vcxproj 7KB
SpyGlass.Bootstrapper.x86
Properties
AssemblyInfo.cs 1KB
Program.cs 1KB
SpyGlass.Bootstrapper.x86.csproj 3KB
MessageBox
MessageBoxTest
MessageBoxTest.cpp 396B
MessageBoxTest.vcxproj 7KB
MessageBoxTest.vcxproj.filters 949B
MessageBoxHook
AsmResolverParametersDetector.cs 1KB
MessageBoxHook.csproj 3KB
Properties
AssemblyInfo.cs 1KB
Program.cs 3KB
RegisterX86.cs 225B
Core
SpyGlass.Hooking
HookParameters.cs 474B
SpyGlass.Hooking.csproj 248B
HookEventArgs.cs 318B
IHookParametersDetector.cs 170B
Protocol
HookErrorCode.cs 344B
ProcAddressResponse.cs 617B
UnsetHookMessage.cs 582B
MemoryReadResponse.cs 627B
CallbackMessage.cs 1019B
SetHookMessage.cs 1KB
MemoryReadRequest.cs 929B
MemoryEditRequest.cs 1002B
ActionCompletedMessage.cs 792B
ProcAddressRequest.cs 1KB
Message.cs 320B
MessageEncoder.cs 2KB
ContinueMessage.cs 1KB
HookSession.cs 6KB
SpyGlass
RemoteProcess.cs 6KB
SpyGlass.csproj 149B
Injection
LoadLibraryInjector.cs 818B
IInjector.cs 140B
Interop
Kernel32.cs 8KB
RemoteThread.cs 1KB
Dependencies
AsmResolver
Injections
SpyGlass.Injection.x86
SpyGlass.Injection.x86.vcxproj 9KB
HookSession.h 1KB
Hook.h 1KB
framework.h 149B
SpyGlass.Injection.x86.vcxproj.filters 2KB
pch.h 563B
dllmain.h 90B
Hook.cpp 6KB
Server.h 553B
Protocol.h 4KB
pch.cpp 186B
Server.cpp 2KB
HookSession.cpp 8KB
ConnectedClient.h 285B
ConnectedClient.cpp 1KB
dllmain.cpp 902B
SpyGlass.sln 12KB
.gitmodules 132B
.gitignore 6KB
README.md 4KB
共 68 条
- 1
资源评论
快撑死的鱼
- 粉丝: 1w+
- 资源: 9154
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 毕业设计基于python矩阵分解的推荐算法研究源码+详细文档+全部数据资料 高分项目.zip
- 基于网络的入侵检测系统源码+数据集+详细文档(高分毕业设计).zip
- 微信小程序源码 旅行故事分享 - 面包旅行App界面设计与文本展示资源下载
- 微信小程序源码 创意互动游戏 - 你画我猜App下载
- 摸底考试_学生版20230305.py
- 课程设计基于FPGA数字钟课程设计源码+课设报告(95分以上).zip
- 基于Java的企业家申报系统设计源码
- Cesium案例,集成各种模型,推演,各种Cesium效果
- 基于Python的Struts2全漏洞扫描利用工具设计源码
- python朴素贝叶斯(Naive Bayes)算法,机器算法
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功