-
-
[求助]救命呀,为什么Hook Openprocess在XP正常,在2003下说内存不能为READ??
-
发表于: 2009-4-8 12:04
-
请教各位为什么这个DLL在XP下正常,但在2003下会提示内存不能为READ,救命啊。折腾我好几天了,郁闷。
Library NotCloseSelf;
uses
Windows,
SysUtils,
NativeAPI;
type
OldCode = packed record
One : DWord;
Two : Word;
end;
far_jmp = packed record
PuhsOp : Byte;
PushArg : Pointer;
RetOp : Byte;
end;
const
HOOK_MEM_FILENAME = 'tmp.hkt';
var
hMapObject: THandle;
startPid: PDWORD; //保存PID
JmpOpenProcess : far_jmp;
OldOpenProcess : OldCode;
ptrOpenProcess : Pointer;
dWpOfOpenProcess : DWORD;
function NewOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL;
dwProcessId: DWORD): THandle; stdcall;
begin
if startPid^ = dwProcessId then
begin
Result := 0;
Exit;
end;
try
WriteProcessMemory(GetCurrentProcess, ptrOpenProcess, @OldOpenProcess, SizeOf(OldCode), dWpOfOpenProcess);
Result := OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
finally
WriteProcessMemory(GetCurrentProcess, ptrOpenProcess, @JmpOpenProcess, SizeOf(far_jmp), dWpOfOpenProcess);
end;
end;
procedure SetHook();
begin
ptrOpenProcess := GetProcAddress(GetModuleHandle('kernel32.dll'), 'OpenProcess');
ReadProcessMemory(GetCurrentProcess, ptrOpenProcess, @OldOpenProcess, SizeOf(OldCode), dWpOfOpenProcess);
JmpOpenProcess.PuhsOp := $68;
JmpOpenProcess.PushArg := @NewOpenProcess;
JmpOpenProcess.RetOp := $C3;
WriteProcessMemory(GetCurrentProcess, ptrOpenProcess, @JmpOpenProcess, SizeOf(far_jmp), dWpOfOpenProcess);
end;
procedure Unhook();
begin
WriteProcessMemory(GetCurrentProcess, ptrOpenProcess, @OldOpenProcess, SizeOf(OldCode), dWpOfOpenProcess);
end;
function MessageProc(code : integer; wParam : word;
lParam : longint) : longint; stdcall;
begin
CallNextHookEx(0, Code, wParam, lparam);
Result := 0;
end;
procedure SetGlobalHookProc();
begin
SetWindowsHookEx(WH_GETMESSAGE, @MessageProc, HInstance, 0);
Sleep(INFINITE);
end;
procedure SetGlobalHook();
Var
hMutex: dword;
TrId: dword;
begin
hMutex := CreateMutex(nil, False, 'Test');
if GetLastError = 0 then
CreateThread(nil, 0, @SetGlobalHookProc, nil, 0, TrId) else
CloseHandle(hMutex);
end;
procedure SetGlobalHookEx(pid: DWORD); stdcall;
begin
startPid^ := pid;
SetGlobalHook;
end;
procedure CreateMapShare;
begin
hMapObject := OpenFileMapping(FILE_MAP_ALL_ACCESS, True, HOOK_MEM_FILENAME);
if hMapObject>0 then startPid := MapViewOfFile(hMapObject, FILE_MAP_ALL_ACCESS, 0, 0, 0);
end;
procedure FreeMapFile;
begin
if startPid<>nil then UnMapViewOfFile(startPid);
if hMapObject>0 then CloseHandle(hMapObject);
end;
procedure DLLEntryPoint(dwReason: DWord);
begin
Case dwReason Of
DLL_PROCESS_ATTACH:
begin
CreateMapShare;
SetHook();
end;
DLL_PROCESS_DETACH:
begin
Unhook();
FreeMapFile;
end;
end;
end;
exports
SetGlobalHookEx;
begin
DllProc := @DLLEntryPoint;
DLLEntryPoint(DLL_PROCESS_ATTACH);
end.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
是有点过了,还是很不错的了,说实话,你写的我还不怎么看懂啊
加油了
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
