11/12/2022 0 Comments Minesweeper sweater![]() ![]() MineSweeper.exe: -u -t 5476 Unhook PID 5476 from all user-land hooks. MineSweeper.exe: -s -t 5476 Sweep PID 5476 for user-land hooks. MineSweeper.exe: -s -v Same as above but also print modified RVAs for each hooked function. MineSweeper.exe: -s Sweep MineSweeper's local process for user-land hooks. MineSweeper.exe: -l -t 5476 List loaded modules in PID 5476. MineSweeper.exe: -l List loaded modules in MineSweeper's own process. Prints modified RVAs and their byte-to-byte comparison for each hooked function. (e.g: \Device\HarddiskVolume3\Windows\System32\ntdll.dll). m Filter string to be applied to the loaded module canonical path Will set the local process as the hooks donor if not provided. d Hook donor PID (i.e.: the process that will be used to copy hooks FROM). Will target the local process if not provided. c Cautious Mode - Unhook the local process before proceeding with If any hooks found - copy them over to our target PID (-t). r Re-hook Mode - Sweep hook donor PID (-d) for user-land hooks. u Unhook Mode - Sweep and unhook target PID (-t) from any user-land hooks. s Sweep Mode - Sweep target PID (-t) for any user-land hooks. l List Mode - List loaded modules by the target process (-t). Minesweeper sweater windows#MineSweeper dynamically links to the following Windows core libraries present on every modern distribution: msvcrt.dll and kernel32.dll. No Visual C Redistributable Packages ( vcruntime140.dll) dependency.Lightweight: 圆4 and x86 binaries are only 18KB and 17KB respectively.Can target either all loaded modules within the target process or only those containing a specified string in their path ( -m flag).Cautious mode: can unhook itself first before manipulating remote processes ( -c flag).Cross-architecture support for the 圆4 variant.Shows which function RVAs have been modified with byte-to-byte comparison ( -v flag).Finds user-land hooks in loaded modules ( -s flag).Enumerates loaded modules in the target process ( -l flag).Supports any 圆4/x86 Windows DLL (actually, any 圆4/x86 Windows PE for that matter).Windows user-land hooks manipulation tool. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |