CPP:
InlineHook_x64::InlineHook_x64(void)
{
pOldAPI = NULL; //此指针pOldAP
strcpy(szOldAPI, "\xFF\x25\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00");//先清空原数据
strcpy(szNewAPI,"\xFF\x25\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00");//初始跳转数据
MessageBox(0, L"", L"", 0);
}
InlineHook_x64::~InlineHook_x64(void)
{
}
//*********************HOOK API的函数*************************//
bool InlineHook_x64::HookAPI(char const * ModuleName,char const * ApiName,PVOID NewAPI)
{
//找到API函数在内存中的地址
pOldAPI = 0;
HMODULE hModule = LoadLibraryA(ModuleName);
pOldAPI = (PVOID)GetProcAddress(hModule, ApiName);
WCHAR msg[64];
memcpy(szNewAPI + 6, &pOldAPI, 8);
wsprintf(msg, L"GetProcAddress:%p\nszNewAPI:%p\n", pOldAPI, szNewAPI);
MessageBox(0, msg, L"", 0);
DWORD64 dwJmpAddr = 0;
dwJmpAddr = (DWORD64)NewAPI;
memcpy(szNewAPI + 6, &dwJmpAddr, 8);
FreeLibrary(hModule);
ReadProcessMemory ((void*)-1, pOldAPI, szOldAPI, 14, NULL); //读出原来的前12个字节
WriteProcessMemory((void*)-1, pOldAPI, szNewAPI, 14, NULL); //写入我们处理后的12个字节
wsprintf(msg, L"WriteProcessMemory:%p\ndwJmpAddr:%p\n", pOldAPI, dwJmpAddr);
MessageBox(0, msg, L"", 0);
return true;
}
H:
class InlineHook_x64
{
public:
InlineHook_x64(void);
~InlineHook_x64(void);
PVOID pOldAPI ; //此指针pOldAPI保存原来API函数的地址(通过GetProcAddress获取)
char szOldAPI[14]; //存放原来API函数在内存中的前12个字节
char szNewAPI[14]; //存放64位的跳转地址
//*********************停止HOOK的函数************************//
void UnHook();
//*********************重新HOOK API 的函数********************//
void ReHook();
//*********************HOOK API的函数*************************//
bool HookAPI(char const * ModuleName,char const * ApiName,PVOID NewAPI);
};
DLLMAIN:
void GameD3D_HOOK()
{
//MessageBox(0, L"GameD3D_HOOK", L"", 0);
InlineHook_x64 hook;
hook.HookAPI("d3d9.dll", "Direct3DCreate9", (PVOID)New_Direct3DCreate9);
//MessageBox(0, L"GameD3D_HOOK", L"", 0);
}直接注入微软D3DSDK demo:
Microsoft DirectX SDK (June 2010)\Samples\C++\Direct3D\Bin\x64\StateManager.exe
奇怪的是它居然没跳入我的HOOK函数New_Direct3DCreate9,写的代码有问题么?这问题折磨我一天了,来大神带我走出痛苦的深渊吧。
AJISky
