31 lines
826 B
Markdown
31 lines
826 B
Markdown
# ANSICON
|
|
|
|
ANSICON provides ANSI escape sequences for Windows console programs. It
|
|
provides much the same functionality as `ANSI.SYS` does for MS-DOS.
|
|
|
|
`source git`:[https://github.com/adoxa/ansicon](https://github.com/adoxa/ansicon)
|
|
|
|
## Requirements
|
|
|
|
* 32-bit: Windows 2000 Professional and later (it won't work with NT or 9X).
|
|
* 64-bit: AMD64 (it won't work with IA64).
|
|
|
|
## How it Works
|
|
|
|
ANSICON *injects* a DLL into a process, *hooking* its functions.
|
|
|
|
### Injection
|
|
|
|
One of three methods is used to inject the DLL.
|
|
|
|
* `LoadLibrary` via `CreateRemoteThread` for a running process.
|
|
|
|
* `LdrLoadDll` via `CreateRemoteThread` for a 64-bit .NET AnyCPU process.
|
|
|
|
* Adding the DLL directly to the import table, otherwise.
|
|
|
|
### Hooking
|
|
|
|
Hooking is achieved by modifying import addresses, or the return value of
|
|
`GetProcAddress`.
|