2. Tech
  3. Hook API

Hook API

xiaoxiao2021-03-14  193

Hook API (JMP) - - -

TAG:

Hook

A class of API (JMP)

/ / -------------------------------------------------------------------------------------------- --------------------------- // hookapi_jmp.h // Use JMP to write a hook API class #include

#ifndef _hook_api_jmp_ # Define _hook_api_jmp_

class CHookApi_Jmp {public: HANDLE hProc; void Unlock (void); void Lock (void); BOOL Initialize (LPCTSTR ModuleName, LPCTSTR ApiName, FARPROC lpNewFunc); void SetHookOn (void); void SetHookOff (void); CHookApi_Jmp (void); Virtual ~ chookApi_jmp (); protected: byte m_oldfunc [8]; byte m_newfunc [8]; farproc m_lphookfunc; critical_section m_cs;}; # ENDIF

/ / -------------------------------------------------------------------------------------------- --------------------------- # prgma hdrstop # include "hookapi_jmp.h" #pragma package (smart_init)

/ / -------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------- -------------------------------------------------- ------------------ ChOOKAPI_JMP :: ~ ChOOKAPI_JMP () {closeHandle (HPROC); deletecriticalsection;} // ----------- -------------------------------------------------- -------------- void CHookApi_Jmp :: SetHookOn (void) {DWORD dwOldFlag; if (VirtualProtectEx (hProc, m_lpHookFunc, 5, PAGE_READWRITE, & dwOldFlag)) {if (WriteProcessMemory (hProc, m_lpHookFunc, M_newfunc, 5,0)) {IF (VirtualProtectex (HProc, M_LPhookFunc, 5, Dwoldflag, & Dwoldflag) Return;}} MessageBox (Null, "Sthookon", "Fail", MB_OK;} // --- -------------------------------------------------- ---------------------- Void Chookapi_jmp :: setyhookoff (void) {DWORD DWOLDFLAG; IF (VirtualProtectex (HProc, M_LPhookFunc, 5, Page_Readwrite, & DwoldFlag) { IF (WriteProcessMemory (HProc, M_LPhookFunc, M_oldFunc, 5, 0)) {IF (Virt UALPROTECTEX (HProc, M_LPHOKFUNC, 5, DWOLDFLAG, & DWOLDFLAG) Return;}} messagebox (Null, "STHOKOFF", "Fail", MB_OK); Return;} // ----------- -------------------------------------------------- ------------ BOOL CHookApi_Jmp :: Initialize (LPCTSTR ModuleName, LPCTSTR apiName, FARPROC lpNewFunc) {m_lpHookFunc = GetProcAddress (GetModuleHandle (ModuleName), apiName); hProc = GetCurrentProcess (); DWORD dwOldFlag; if (VirtualProtectEx (hProc, m_lpHookFunc, 5, PAGE_READWRITE, & dwOldFlag)) {if (ReadProcessMemory (hProc, m_lpHookFunc, m_OldFunc, 5,0)) {if (VirtualProtectEx (hProc, m_lpHookFunc, 5, dwOldFlag, & dwOldFlag)) {m_NewFunc [0 ] = 0xE9;

转载请注明原文地址:https://www.9cbs.com/read-129299.html

9cbs

New Post(0)