MineSweeper.exe: -u -t 5476 Unhook PID 5476 from all user-land hooks. MineSweeper.exe: -s -t 5476 Sweep PID 5476 for user-land hooks. MineSweeper.exe: -s -v Same as above but also print modified RVAs for each hooked function. MineSweeper.exe: -s Sweep MineSweeper's local process for user-land hooks. MineSweeper.exe: -l -t 5476 List loaded modules in PID 5476. MineSweeper.exe: -l List loaded modules in MineSweeper's own process. Prints modified RVAs and their byte-to-byte comparison for each hooked function. (e.g: \Device\HarddiskVolume3\Windows\System32\ntdll.dll). m Filter string to be applied to the loaded module canonical path Will set the local process as the hooks donor if not provided. d Hook donor PID (i.e.: the process that will be used to copy hooks FROM). Will target the local process if not provided. c Cautious Mode - Unhook the local process before proceeding with If any hooks found - copy them over to our target PID (-t). r Re-hook Mode - Sweep hook donor PID (-d) for user-land hooks. u Unhook Mode - Sweep and unhook target PID (-t) from any user-land hooks. s Sweep Mode - Sweep target PID (-t) for any user-land hooks. l List Mode - List loaded modules by the target process (-t).
#Minesweeper sweater windows
MineSweeper dynamically links to the following Windows core libraries present on every modern distribution: msvcrt.dll and kernel32.dll.
Finds user-land hooks in loaded modules ( -s flag).Enumerates loaded modules in the target process ( -l flag).Supports any 圆4/x86 Windows DLL (actually, any 圆4/x86 Windows PE for that matter).Windows user-land hooks manipulation tool.
0 kommentar(er)
