X64 version of MineSweeper can enumerate and manipulate both 圆4 and x86 processes. MineSweeper.exe: -c -r -t 5476 -d 8156 Same as above but run in Cautious mode (unhook MineSweeper's Hooks into the matching modules in the PID 5476. MineSweeper.exe: -r -t 5476 -d 8156 Sweep PID 8156 for user-land hooks and copy over any discovered MineSweeper.exe: -u -t 5476 -m ntdll.dll Unhook PID 5476 from any hooks found in the ntdll.dll module. MineSweeper's own process before trying to unhook PID 5476). MineSweeper.exe: -c -u -t 5476 Unhook PID 5476 from all user-land hooks. MineSweeper.exe: -u -t 5476 Unhook PID 5476 from all user-land hooks. MineSweeper.exe: -s -t 5476 Sweep PID 5476 for user-land hooks. MineSweeper.exe: -s -v Same as above but also print modified RVAs for each hooked function. MineSweeper.exe: -s Sweep MineSweeper's local process for user-land hooks. MineSweeper.exe: -l -t 5476 List loaded modules in PID 5476. MineSweeper.exe: -l List loaded modules in MineSweeper's own process. Prints modified RVAs and their byte-to-byte comparison for each hooked function. (e.g: \Device\HarddiskVolume3\Windows\System32\ntdll.dll). m Filter string to be applied to the loaded module canonical path Will set the local process as the hooks donor if not provided. d Hook donor PID (i.e.: the process that will be used to copy hooks FROM). Will target the local process if not provided. c Cautious Mode - Unhook the local process before proceeding with If any hooks found - copy them over to our target PID (-t). r Re-hook Mode - Sweep hook donor PID (-d) for user-land hooks. u Unhook Mode - Sweep and unhook target PID (-t) from any user-land hooks.
s Sweep Mode - Sweep target PID (-t) for any user-land hooks. l List Mode - List loaded modules by the target process (-t).
#Minesweeper download windows windows#
MineSweeper dynamically links to the following Windows core libraries present on every modern distribution: msvcrt.dll and kernel32.dll.
0 kommentar(er)
