CFEAHook HOOK_DeviceIoControl;
HHOOK hMesHook = NULL ;
HWND hWnd = NULL ;
HINSTANCE hInst = NULL ;
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// AheadLib 命名空间
namespace AheadLib
{
HMODULE m_hModule = NULL; // 原始模块句柄
DWORD m_dwReturn[599] = {0}; // 原始函数返回地址
// 加载原始模块
inline BOOL WINAPI Load()
{
TCHAR tzPath[MAX_PATH];
TCHAR tzTemp[MAX_PATH * 2];
GetSystemDirectory(tzPath, MAX_PATH);
lstrcat(tzPath, TEXT("\\setupapi.dll"));
m_hModule = LoadLibrary(tzPath);
if (m_hModule == NULL)
{
wsprintf(tzTemp, TEXT("无法加载 %s,程序无法正常运行。"), tzPath);
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
}
return (m_hModule != NULL);
}
// 释放原始模块
inline VOID WINAPI Free()
{
if (m_hModule)
{
FreeLibrary(m_hModule);
}
}
int WINAPI MY_DeviceIoControl(
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
)
{
HOOK_DeviceIoControl.UnHook () ;
int ret=DeviceIoControl( hDevice,
dwIoControlCode,
lpInBuffer,
nInBufferSize,
lpOutBuffer,
nOutBufferSize,
lpBytesReturned,
lpOverlapped
);
MessageBox(NULL,"完成1",NULL,1);
HOOK_DeviceIoControl.ReHook () ;
DWORD dw;
WriteFile("c:\\aa.txt",&lpInBuffer,nInBufferSize,&dw,NULL);
CloseHandle("c:\\aa.txt");
return ret;
}
LRESULT CALLBACK GetMsgProc ( int code, WPARAM wParam, LPARAM lParam )
{
if (code > 0)
{
HOOK_DeviceIoControl.Hook("KERNERL32.dll", "DeviceIoControl",(FARPROC)MY_DeviceIoControl);
}
return CallNextHookEx ( hMesHook, code, wParam, lParam ) ;
}
inline BOOL WINAPI SetHook (INT iHookId )
{
hMesHook = SetWindowsHookEx ( iHookId, GetMsgProc, NULL, GetCurrentThreadId()) ;
return (hMesHook != NULL);
}
inline VOID WINAPI SetUnHook ()
{
if (hMesHook)
{
UnhookWindowsHookEx(hMesHook);
}
}
// 获取原始函数地址
FARPROC WINAPI GetAddress(PCSTR pszProcName)
{
FARPROC fpAddress;
CHAR szProcName[16];
TCHAR tzTemp[MAX_PATH];
fpAddress = GetProcAddress(m_hModule, pszProcName);
if (fpAddress == NULL)
{
if (HIWORD(pszProcName) == 0)
{
wsprintf(szProcName, "%d", pszProcName);
pszProcName = szProcName;
}
wsprintf(tzTemp, TEXT("无法找到函数 %hs,程序无法正常运行。"), pszProcName);
MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
ExitProcess(-2);
}
return fpAddress;
}
}
using namespace AheadLib;
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// 入口函数
BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
HANDLE hfile;
hfile = CreateFile("c:\\aa.txt",
GENERIC_WRITE,
FILE_SHARE_WRITE,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hModule);
// MessageBox(NULL,"完成",NULL,1);
SetHook (WH_CALLWNDPROC);
return Load();
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Free();
SetUnHook ();
}
return TRUE;
}
没有勾住,谁完善一下
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
