﷨AGTH.EXE <ѡ> <Ҫҹĳ>

ѡ:
/L[ϵ]-ϵתΪ[ϵ],谲װAPPLOCALE,޷/Rͬʱִ(Ĭֵ:411)
/R[ϵ]-߳ϵרΪ[ϵ](Ĭֵ:411)
/P[ID |}]-Ӵͬʱʹ/L,/R,/NH,[س]
/PN[]-ͨexeļĽӳ

ѡ
/B[뱶][:[ʱ][:ʱ]]-趨(Ĭֵ:4:24:1000)
/C[ʱ]-ԶѵǰĻʾָƵ壬ʱλΪ(Ĭֵ150)
/KF[][:ﱶ]-ֹظ"""ﱶ"׷(Ĭֵ:32:16)
/KS[]-Ƴ趨[]ظַ(Ĭֵ:1)
/NA-ϸʿı
/NF-ֹĳЩַ
/NX-Զ˳ڹҹ˳AGTH֮˳
/T-Ϸ
/W[][Ҫ]-Զѡ(Ĭֵ:0:κ)

Hookѡ
/H{A|B|W|S|Q|H}[N][data_offset[*drdo]][:sub_offset][*drdo][#level][@addr][:module][:{name|#ordinal|}]]]-μHookϸ˵
/IH-"level"װûԶʱʾ·
/NC-ҹ
/NH-ԶAPPLOCALEȡ֣ҲʾAGTHڣͬʱʹ/L,/R,/P
/NJ-unicodeıʱ,ʹ̴߳ҳ,ת
/NS-ʹôҪı
/S[IPַ]-ı͵ָļ(Ĭֵ:ؼ)
/V-ϵͳݴı߳
/X[]-ӹܵ(Ĭֵ:1;:2)

ע:/L /R /W /X /H ()־ΪʮƲ



Hookϸ˵:

/H{A|B|W|S|Q|H}[N][data_offset[*drdo]][:sub_offset][*drdo][#level][@addr][:module][:{name|#ordinal|}]]]

趨Hook

Hook:
A-˫ַֽ(little-endian)
B-˫ַֽ(big-endian)
W-unicodeַ(UCS2)
S-MBCSַ
Q-UTF-16ַ
H-16ƵĶλԪ

Hook:
X-ʹӲϵ, win2003+x86x64Ч
N-ʹ豸
data_offset-ַƫѻ(ַָ)
drdo-"data_offset"
sub-offset-豸ƫѻ
drso-"sub_offset"
level-ѻṹı,ɵַĴķؼ¼
addr-ӵַ
module-ƵĻַַĴ
name-óƵĻַַĴ
ordinal-óŵĻַַĴ

"data_offset""sub_offset"ĸֵʱӦο:
-4 EAX,-8 ECX,-C EDX,-10 EBX,-14 ESP,-18  EBP,-1C ESI,-20 EDI

"Ӽ"ķ,ʹ C/C++ ṹ:(*(ESP+data_offset)+drdo) ָ (ESP+data_offset)
ע:־ΪʮƲ
