VC语言

本类阅读TOP10
·VC++ 学习笔记(二)
·用Visual C++打造IE浏览器(1)
·每个开发人员现在应该下载的十种必备工具
·教你用VC6做QQ对对碰外挂程序
·Netmsg 局域网聊天程序
·Windows消息大全
·VC++下使用ADO编写数据库程序
·VC++学习笔记(四)
·非法探取密码的原理及其防范
·怎样在VC++中访问、修改注册表

分类导航
VC语言Delphi
VB语言ASP
PerlJava
Script数据库
其他语言游戏开发
文件格式网站制作
软件工程.NET开发
hook api的一个自己写的例子

作者:未知 来源:月光软件站 加入时间:2005-2-28 月光软件站

帮同学写了个hook api的例子程序,顺便post到这儿,免得将来到处找.
一个简单的console工程,vc6,vc7在win2k pro,server上调试通过.
#include <stdio.h>
#include <windows.h>
#include <Dbghelp.h>
#pragma comment(lib,"Dbghelp.lib")
#pragma comment(lib,"User32.lib")
typedef int (__stdcall *OLD_MessageBox)( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption,UINT uType );
OLD_MessageBox g_procOldMessageBox = NULL;
int __stdcall HOOK_MessageBox( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption,UINT uType)
{
 printf("%s\t%d\r\n",__FUNCTION__,__LINE__);
 if (NULL != g_procOldMessageBox)
  return g_procOldMessageBox(hWnd,lpText,"不好意思,hook到了!",uType); 
 else
  return MessageBox(hWnd,lpText,lpCaption,uType); ;
}

int replace_IAT(const char *pDllName,const char *pApiName,bool bReplace)
{
 HANDLE hProcess = ::GetModuleHandle (NULL);
 DWORD dwSize = 0;
 PIMAGE_IMPORT_DESCRIPTOR pImageImport = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hProcess,TRUE,
  IMAGE_DIRECTORY_ENTRY_IMPORT,&dwSize);
 if (NULL == pImageImport)
  return 1;
 PIMAGE_IMPORT_BY_NAME pImageImportByName = NULL;
 PIMAGE_THUNK_DATA  pImageThunkOriginal = NULL;
 PIMAGE_THUNK_DATA  pImageThunkReal  = NULL;
 while (pImageImport->Name)
 {
  if (0 == strcmpi((char*)((PBYTE)hProcess+pImageImport->Name),pDllName))
  {
   break;
  }
  ++pImageImport;
 }
 if (! pImageImport->Name)
  return 2;
 pImageThunkOriginal = (PIMAGE_THUNK_DATA)((PBYTE)hProcess+pImageImport->OriginalFirstThunk  );
 pImageThunkReal = (PIMAGE_THUNK_DATA)((PBYTE)hProcess+pImageImport->FirstThunk   );
 while (pImageThunkOriginal->u1.Function)
 {
  if ((pImageThunkOriginal->u1 .Ordinal & IMAGE_ORDINAL_FLAG) != IMAGE_ORDINAL_FLAG)
  {
   pImageImportByName = (PIMAGE_IMPORT_BY_NAME)((PBYTE)hProcess+pImageThunkOriginal->u1 .AddressOfData );
   if (0 == strcmpi(pApiName,(char*)pImageImportByName->Name))
   {
    MEMORY_BASIC_INFORMATION mbi_thunk;
    VirtualQuery(pImageThunkReal, &mbi_thunk, sizeof(MEMORY_BASIC_INFORMATION));
    VirtualProtect(mbi_thunk.BaseAddress,mbi_thunk.RegionSize, PAGE_READWRITE, &mbi_thunk.Protect);
    if (true == bReplace)
    {
     g_procOldMessageBox =(OLD_MessageBox) pImageThunkReal->u1.Function;
     pImageThunkReal->u1.Function = (DWORD)HOOK_MessageBox;
    }
    else
     pImageThunkReal->u1.Function = (DWORD)g_procOldMessageBox;
    DWORD dwOldProtect;
    VirtualProtect(mbi_thunk.BaseAddress, mbi_thunk.RegionSize, mbi_thunk.Protect, &dwOldProtect);
    break;
   }
  }
  ++pImageThunkOriginal;
  ++pImageThunkReal;
 }
 return 0;
}
int main()
{
 replace_IAT("User32.dll","MessageBoxA",true);
 MessageBox(NULL,"EnumIAT User32.dll MessageBoxA true;","",MB_OK);
 replace_IAT("User32.dll","MessageBoxA",false);
 MessageBox(NULL,"EnumIAT User32.dll MessageBoxA false;","",MB_OK);
 return getchar();
}

相关文章

相关软件