2. Tech
  3. An example of Hook API writes

An example of Hook API writes

xiaoxiao2021-03-06  108

Help students write a Hook API example program, by the way, from this, can be found everywhere. A simple console project, VC6, VC7 in Win2k Pro, Server debugging pass. # Include #include #include #pragma comment (lib, "Dbghelp.lib") # pragma comment (lib, "User32.lib") typedef int (__stdcall * OLD_MessageBox) (HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption , UINT uType); OLD_MessageBox g_procOldMessageBox = NULL; int __stdcall HOOK_MessageBox (HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) {printf ( "% s / t% d / r / n", __ FUNCTION __, __ LINE__); if (NULL Return G_ProcoldMessageBox (hwnd, lptext, "Sorry, hook is here!", utype); else returnomebox (hwnd, lptext, lpcaption, utype);

int replace_IAT (const char * pDllName, const char * pApiName, bool bReplace) {HANDLE hProcess = :: GetModuleHandle (NULL); DWORD dwSize = 0; PIMAGE_IMPORT_DESCRIPTOR pImageImport = (PIMAGE_IMPORT_DESCRIPTOR) ImageDirectoryEntryToData (hProcess, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, & dwSize); if (NULL == pImageImport) return 1; PIMAGE_IMPORT_BY_NAME pImageImportByName = NULL; PIMAGE_THUNK_DATA pImageThunkOriginal = NULL; PIMAGE_THUNK_DATA pImageThunkReal = NULL; while (pImageImport-> Name) {if (0 == strcmpi ((char *) ((PBYTE) hProcess pImageImport ! -> Name), pDllName)) {break;} pImageImport;} if (pImageImport-> Name) return 2; pImageThunkOriginal = (PIMAGE_THUNK_DATA) ((PBYTE) hProcess pImageImport-> OriginalFirstThunk); pImageThunkReal = (PIMAGE_THUNK_DATA) ((PBYTE) hProcess pImageImport-> FirstThunk); while (pImageThunkOriginal-> u1.Function) {if (! (pImageThunkOriginal-> u1 .Ordinal & IMAGE_ORDINAL_FLAG) = IMAGE_ORDINAL_FLAG) {pImageImportByName = (PIMAGE_IMPORT_BY_NAME) ((PBYTE) hPro cess pImageThunkOriginal-> u1 .AddressOfData); if (0 == strcmpi (pApiName, (char *) pImageImportByName-> Name)) {MEMORY_BASIC_INFORMATION mbi_thunk; VirtualQuery (pImageThunkReal, & mbi_thunk, sizeof (MEMORY_BASIC_INFORMATION)); VirtualProtect (mbi_thunk.BaseAddress , mbi_thunk.RegionSize, PAGE_READWRITE, & mbi_thunk.Protect); if (true == bReplace) {g_procOldMessageBox = (OLD_MessageBox) pImageThunkReal-> u1.Function; pImageThunkReal-> u1.Function = (DWORD) HOOK_MessageBox;} else pImageThunkReal-> u1 .Function = (dword) g_procoldMessagebox;

转载请注明原文地址:https://www.9cbs.com/read-95763.html

9cbs

New Post(0)