谁有给程序用汇编加过api hook的经验？

[陪你去看龙卷风]

刚才尝试着修改程序的import table
然后加入自己的dll跟函数
可是发现tdump的结果跟W32dsm的结果居然不一样
tdump出来的东西，修改前
Object table:
# Name VirtSize RVA PhysSize Phys off Flags
-- -------- -------- -------- -------- -------- --------
01 .text 001B3D82 00001000 001B4000 00001000 E0000060 [CIERW]
02 .rdata 001031C4 001B5000 00104000 001B5000 E0000060 [CIERW]
03 .data 1FC3F8A8 002B9000 00011000 002B9000 E0000060 [CIERW]
04 .tls 00070739 1FEF9000 00071000 002CA000 E0000060 [CIERW]
05 .rsrc 00001250 1FF6A000 00002000 0033B000 E0000060 [CIERW]

Imports from WS2_32.dll

Imports from pdh.dll

Imports from PSAPI.DLL

Imports from KERNEL32.dll

Imports from USER32.dll

Imports from GDI32.dll

Imports from ADVAPI32.dll

================================================
tdump出来的东西，修改后
Object table:
# Name VirtSize RVA PhysSize Phys off Flags
-- -------- -------- -------- -------- -------- --------
01 .text 001B3D82 00001000 001B4000 00001000 E0000060 [CIERW]
02 .rdata 001031C4 001B5000 00104000 001B5000 E0000060 [CIERW]
03 .data 1FC3F8A8 002B9000 00011000 002B9000 E0000060 [CIERW]
04 .tls 00070739 1FEF9000 00071000 002CA000 E0000060 [CIERW]
05 .rsrc 00001250 1FF6A000 00002000 0033B000 E0000060 [CIERW]

Imports from WS2_32.dll

Imports from pdh.dll

Imports from PSAPI.DLL

Imports from KERNEL32.dll

Imports from USER32.dll

Imports from GDI32.dll

Imports from ADVAPI32.dll

Imports from torune.dll
TorunezHook(hint = 0001)

 

[陪你去看龙卷风]

在Win32dsm里头，修改以后直接提示没有导入的文件跟函数

 

[dragonLinux]

高手啊!
没有搞过!