[求助]Delphi Hook inet_addr 为何无效-编程技术-看雪-安全社区|安全招聘|kanxue.com

最新回复 (2)
Meiam 雪币： 196 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 6 粉丝 0 关注私信	Meiam 2 楼这个也无效。郁闷 unit APIHook; interface uses SysUtils, Windows, WinSock,idWinSock2; type int=integer; lpfn_WSACONNECT = function ( const s : TSocket; const name : PSockAddr; const namelen : Integer; lpCallerData,lpCalleeData : LPWSABUF; lpSQOS,lpGQOS : LPQOS ) : Integer; stdcall; PJmpCodeWSACONNECT = ^TJmpCodeWSACONNECT; TJmpCodeWSACONNECT = packed record JmpCode: BYTE; Address: lpfn_WSACONNECT; MovEAX: Array [0..2] of BYTE; end; //--------------------函数声明--------------------------- procedure HookAPI; procedure UnHookAPI; var OldWSAConnect: lpfn_WSACONNECT; //原来的API地址 JmpCodeWSACONNECT: TJmpCodeWSACONNECT; OldProcWSACONNECT:TJmpCodeWSACONNECT; AddWSAConnect: pointer; ProcessHandle: THandle; implementation {---------------------------------------} {函数功能:Recv函数的HOOK {函数参数:同Recv {函数返回值:integer {---------------------------------------} function MyWSAConnect( const s : TSocket; const name : PSockAddr; const namelen : Integer; lpCallerData,lpCalleeData : LPWSABUF; lpSQOS,lpGQOS : LPQOS ) : Integer; stdcall; var dwSize: cardinal; port:word; begin WriteProcessMemory(ProcessHandle, AddWSAConnect, @OldProcWSAConnect, 8, dwSize); port:=ntohs(name^.sin_port); if (port=80) then begin ShowMessage('OK'); name^.sin_addr.S_addr:=inet_Addr('127.0.0.1'); end; Result := OldWSAConnect(S,name, namelen, lpCallerData,lpCalleeData, lpSQOS,lpGQOS ); JmpCodeWSACONNECT.Address := @MyWSAConnect; WriteProcessMemory(ProcessHandle, AddWSAConnect, @JmpCodeWSAConnect, 8, dwSize); end; {------------------------------------} {过程功能:HookAPI {过程参数:无 {------------------------------------} procedure HookAPI; var DLLModule: THandle; dwSize: cardinal; begin ProcessHandle := GetCurrentProcess; DLLModule := LoadLibrary('ws2_32.dll'); AddWSAConnect := GetProcAddress(DLLModule, 'WSAConnect'); ShowMessage('Hooked'); JmpCodeWSACONNECT.JmpCode := $B8; JmpCodeWSACONNECT.MovEAX[0] := $FF; JmpCodeWSACONNECT.MovEAX[1] := $E0; JmpCodeWSACONNECT.MovEAX[2] := 0; ReadProcessMemory(ProcessHandle, AddWSAConnect, @OldProcWSACONNECT, 8, dwSize); JmpCodeWSACONNECT.Address := @MyWSAConnect; WriteProcessMemory(ProcessHandle, AddWSAConnect, @JmpCodeWSACONNECT, 8, dwSize); //修改WSAConnect入口 OldWSAConnect := AddWSAConnect; end; {------------------------------------} {过程功能:取消HOOKAPI {过程参数:无 {------------------------------------} procedure UnHookAPI; var dwSize: Cardinal; begin WriteProcessMemory(ProcessHandle, AddWSAConnect, @OldProcWSAConnect, 8, dwSize); end; end. 2012-8-31 12:19 0
红色神话雪币： 89 活跃值： (274) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 15 粉丝 0 关注私信	红色神话 3 楼 function ConnectHookProc(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall; 定义的Connect怎么可能有效 2012-9-19 09:35 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)

Meiam

雪币： 196

活跃值： (10)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

粉丝

关注

私信

Meiam: 2 楼

这个也无效。郁闷

unit APIHook;

interface

uses
  SysUtils,
  Windows, WinSock,idWinSock2;

type
  int=integer;
  lpfn_WSACONNECT = function ( const s : TSocket; const name : PSockAddr; const namelen : Integer; lpCallerData,lpCalleeData : LPWSABUF; lpSQOS,lpGQOS : LPQOS ) : Integer; stdcall;


  PJmpCodeWSACONNECT = ^TJmpCodeWSACONNECT;
  TJmpCodeWSACONNECT = packed record
    JmpCode: BYTE;
    Address: lpfn_WSACONNECT;
    MovEAX: Array [0..2] of BYTE;
  end;

  //--------------------函数声明---------------------------
  procedure HookAPI;
  procedure UnHookAPI;

var
  OldWSAConnect: lpfn_WSACONNECT;      //原来的API地址
  JmpCodeWSACONNECT: TJmpCodeWSACONNECT;
  OldProcWSACONNECT:TJmpCodeWSACONNECT;
  AddWSAConnect: pointer;
  ProcessHandle: THandle;
implementation


{---------------------------------------}
{函数功能:Recv函数的HOOK
{函数参数:同Recv
{函数返回值:integer
{---------------------------------------}
function MyWSAConnect( const s : TSocket; const name : PSockAddr; const namelen : Integer; lpCallerData,lpCalleeData : LPWSABUF; lpSQOS,lpGQOS : LPQOS ) : Integer; stdcall;
var
  dwSize: cardinal;
  port:word;
begin
  WriteProcessMemory(ProcessHandle, AddWSAConnect, @OldProcWSAConnect, 8, dwSize);
  port:=ntohs(name^.sin_port);
  if (port=80) then
  begin
    ShowMessage('OK');
    name^.sin_addr.S_addr:=inet_Addr('127.0.0.1');
  end;
  Result := OldWSAConnect(S,name, namelen, lpCallerData,lpCalleeData, lpSQOS,lpGQOS );
  JmpCodeWSACONNECT.Address := @MyWSAConnect;
  WriteProcessMemory(ProcessHandle, AddWSAConnect, @JmpCodeWSAConnect, 8, dwSize);
end;

{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
  DLLModule: THandle;
  dwSize: cardinal;
begin
  ProcessHandle := GetCurrentProcess;
  DLLModule := LoadLibrary('ws2_32.dll');
  AddWSAConnect := GetProcAddress(DLLModule, 'WSAConnect');
  ShowMessage('Hooked');

  JmpCodeWSACONNECT.JmpCode := $B8;
  JmpCodeWSACONNECT.MovEAX[0] := $FF;
  JmpCodeWSACONNECT.MovEAX[1] := $E0;
  JmpCodeWSACONNECT.MovEAX[2] := 0;

  ReadProcessMemory(ProcessHandle, AddWSAConnect, @OldProcWSACONNECT, 8, dwSize);
  JmpCodeWSACONNECT.Address := @MyWSAConnect;
  WriteProcessMemory(ProcessHandle, AddWSAConnect, @JmpCodeWSACONNECT, 8, dwSize);   //修改WSAConnect入口

  OldWSAConnect := AddWSAConnect;
end;

{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
  dwSize: Cardinal;
begin
  WriteProcessMemory(ProcessHandle, AddWSAConnect, @OldProcWSAConnect, 8, dwSize);
end;

end.

2012-8-31 12:19

红色神话

雪币： 89

活跃值： (274)

能力值：

( LV2，RANK：10 )

在线值：

发帖

回帖

粉丝

关注

私信

红色神话: 3 楼

function ConnectHookProc(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
定义的Connect怎么可能有效

2012-9-19 09:35