|
哪位有拦截API的源码,给我一个好吗?
http://www.programfan.com/article/showarticle.asp?id=2786 其中Dll文件为: HHOOK g_hHook; HINSTANCE g_hinstDll; FARPROC pfMessageBoxA; int WINAPI MyMessageBoxA(HWND hWnd, LPCTSTR lpText,LPCTSTR lpCaption,UINT uType); BYTE OldMessageBoxACode[5],NewMessageBoxACode[5]; HMODULE hModule ; DWORD dwIdOld,dwIdNew; BOOL bHook=false; void HookOn(); void HookOff(); BOOL init(); LRESULT WINAPI MousHook(int nCode,WPARAM wParam,LPARAM lParam); BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: if(!init()) { MessageBoxA(NULL,"Init","ERROR",MB_OK); return(false); } case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: if(bHook) UnintallHook(); break; } return TRUE; } LRESULT WINAPI Hook(int nCode,WPARAM wParam,LPARAM lParam)//空的钩子函数 { return(CallNextHookEx(g_hHook,nCode,wParam,lParam)); } HOOKAPI2_API BOOL InstallHook()//输出安装空的钩子函数 { g_hinstDll=LoadLibrary("HookApi2.dll"); g_hHook=SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)Hook,g_hinstDll,0); if (!g_hHook) { MessageBoxA(NULL,"SET ERROR","ERROR",MB_OK); return(false); } return(true); } HOOKAPI2_API BOOL UninstallHook()//输出御在钩子函数 { return(UnhookWindowsHookEx(g_hHook)); } BOOL init()//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令 { hModule=LoadLibrary("user32.dll"); pfMessageBoxA=GetProcAddress(hModule,"MessageBoxA"); if(pfMessageBoxA==NULL) return false; _asm { lea edi,OldMessageBoxACode mov esi,pfMessageBoxA cld movsd movsb } NewMessageBoxACode[0]=0xe9;//jmp MyMessageBoxA的相对地址的指令 _asm { lea eax,MyMessageBoxA mov ebx,pfMessageBoxA sub eax,ebx sub eax,5 mov dword ptr [NewMessageBoxACode+1],eax } dwIdNew=GetCurrentProcessId(); //得到所属进程的ID dwIdOld=dwIdNew; HookOn();//开始拦截 return(true); } int WINAPI MyMessageBoxA(HWND hWnd, LPCTSTR lpText,LPCTSTR lpCaption, UINT uType )//首先关闭拦截,然后才能调用被拦截的Api 函数 { int nReturn=0; HookOff(); nReturn=MessageBoxA(hWnd,"Hook",lpCaption,uType); HookOn(); return(nReturn); } void HookOn() { HANDLE hProc; dwIdOld=dwIdNew; hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);//得到所属进程的句柄 VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,&dwIdOld); //修改所属进程中MessageBoxA的前5个字节的属性为可写 WriteProcessMemory(hProc,pfMessageBoxA,NewMessageBoxACode,5,0); //将所属进程中MessageBoxA的前5个字节改为JMP 到MyMessageBoxA VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld); //修改所属进程中MessageBoxA的前5个字节的属性为原来的属性 bHook=true; } void HookOff()//将所属进程中JMP MyMessageBoxA的代码改为Jmp MessageBoxA { HANDLE hProc; dwIdOld=dwIdNew; hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld); VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,&dwIdOld); WriteProcessMemory(hProc,pfMessageBoxA,OldMessageBoxACode,5,0); VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld); bHook=false; } //测试文件: int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { if(!InstallHook()) { MessageBoxA(NULL,"Hook Error!","Hook",MB_OK); return 1; } MessageBoxA(NULL,"TEST","TEST",MB_OK);//可以看见Test变成了Hook,也可以在其他进程中看见 if(!UninstallHook()) { MessageBoxA(NULL,"Uninstall Error!","Hook",MB_OK); return 1; } return 0; } |
|
|
|
|
|
翻译:向PE中注入代码(4.17修改)
辛苦,够学一阵子了. |
|
|
|
在vc中如何使用象资源管理器里的"cpu使用记录"那样的曲线来显示变化的数据
http://www.vckbase.com/document/viewdoc/?id=1562 http://www.1718info.com/imn/imca_304.html |
|
怎样用api调用系统计算器
STARTUPINFO si = {0}; PROCESS_INFORMATION pi = {0}; // Start the child process. if( !CreateProcess( NULL, // No module name (use command line). "D:\\WINDOWS\\system32\\calc.exe", // Command line. NULL, // Process handle not inheritable. NULL, // Thread handle not inheritable. FALSE, // Set handle inheritance to FALSE. 0, // No creation flags. NULL, // Use parent's environment block. NULL, // Use parent's starting directory. &si, // Pointer to STARTUPINFO structure. &pi ) // Pointer to PROCESS_INFORMATION structure. ) { printf( "CreateProcess failed." ); return 0; } |
|
|
|
[求助]本论坛最最最菜鸟的问题:如何开始学编程?
照着看学精华1-7的例子练习一遍. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值