-
-
[旧帖] [求助]HOOK API问题 0.00雪花
-
发表于: 2010-11-16 19:40
-
我把代码写在一个dll中,就没法找到函数地址,但是如果我把代码和需要hook的api所在程序放在一起就可以找到函数地址,为什么呢?
以下是代码,大家帮我看看,谢谢!
以下是代码,大家帮我看看,谢谢!
typedef UINT (WINAPI *gettext_proc)(HWND, int, LPTSTR lpString, int);
PROC MyGetText = (PROC)GetDlgItemTextA;
//PROC MySend = (PROC)send;
//PROC MyRecv = (PROC)WSARecv;
//#pragma data_seg()
UINT WINAPI MyGetTextProc(
HWND hDlg, // handle to dialog box
int nIDDlgItem, // control identifier
LPTSTR lpString, // pointer to buffer for text
int nMaxCount // maximum size of string
)
{
MessageBox(NULL, "OK啦", "test", 0);
return ((gettext_proc)MyGetText)(hDlg, nIDDlgItem, lpString, nMaxCount);
}
//int WINAPI MySendProc(SOCKET sock, const char* szBuf, int len, int flags)
//{
// MessageBox(NULL, szBuf, "Send", 0);
// return ((send_proc)MySend)(sock, szBuf, len, flags);
//}
//int WINAPI MyRecvProc(SOCKET s, LPWSABUF lpBuffers, DWORD dwBufferCount, LPDWORD lpNumberOfBytesRecvd, LPDWORD lpFlags, LPWSAOVERLAPPED lpOverlapped, LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine)
//{
// MessageBox(NULL, "recv", "recv", 0);
// return ((recv_proc)MyRecv)(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
//}
DWORD WINAPI HookApi(LPVOID lpParent)
{
HMODULE hModule = (HMODULE)lpParent;
// 早期PE文件格式,DOS头
IMAGE_DOS_HEADER *pDos = (IMAGE_DOS_HEADER*)hModule;
// NT系统PE头
IMAGE_OPTIONAL_HEADER *pNT = (IMAGE_OPTIONAL_HEADER*)((BYTE*)hModule + pDos->e_lfanew + 24);
// 导入表地址
IMAGE_IMPORT_DESCRIPTOR *pImport = (IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)hModule + pNT->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
while (pImport->FirstThunk)
{
char *szName = (char*)((BYTE*)hModule + pImport->Name);
if (lstrcmpiA(szName, "user32.dll") == 0)
{
MessageBox(NULL, "Find user32.dll", "test", 0);
break;
}
++pImport;
}
// 找到模块dll
if (pImport->FirstThunk)
{
MessageBox(NULL, "Begin find user32.dll", NULL, 0);
IMAGE_THUNK_DATA *pFun = (IMAGE_THUNK_DATA*)((BYTE*)hModule + pImport->FirstThunk);
while (pFun->u1.Function)
{
// 转换地址
DWORD* lpAddress = (DWORD*)&(pFun->u1.Function);
char szTmp[32];
sprintf(szTmp, "0x%x", *lpAddress);
MessageBox(NULL, szTmp, "", 0);
if (*lpAddress == (DWORD)MyGetText)
{
MessageBox(NULL, "Find GetDlgItemTextA", "test", 0);
DWORD dwOld;
// 改变页面属性为可读可写
VirtualProtect(lpAddress, sizeof(DWORD), PAGE_READWRITE, &dwOld);
DWORD* dwNew = (DWORD*)MyGetTextProc;
// 修改页面
::WriteProcessMemory(GetCurrentProcess(), lpAddress, &dwNew, sizeof(DWORD), NULL);
// 还原页面属性
VirtualProtect(lpAddress, sizeof(DWORD), dwOld, 0);
break;
}
++pFun;
}
}
return true;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
问题已经自己解决。
问题原因如下: Hook GetDlgItemTextA 自己写了个测试程序调用CWnd的GetDlgItemText但实际上没有调用GetDlgItemTextA这个API 因此出现问题!查找不到函数!
|
