- UID
- 2
注册时间2004-12-1
阅读权限255
最后登录1970-1-1
总坛主
TA的每日心情 | 难过
4 天前 |
|---|
签到天数: 11 天 [LV.3]偶尔看看II
|
传统APIHOOK--JMP XXXXXXXX -- 简单类封装-- By 飘云
老手飘过,直接使用 detour
该类为新手封装~~ 方便使用!
- // HookApi.h: interface for the PY_HOOKAPI class.
- // Code By PiaoYun/P.Y.G www.chinapyg.com
- //////////////////////////////////////////////////////////////////////
- #if !defined(AFX_HOOKAPI_H__4F261417_7D80_4241_B093_40CA4B099FF7__INCLUDED_)
- #define AFX_HOOKAPI_H__4F261417_7D80_4241_B093_40CA4B099FF7__INCLUDED_
- #if _MSC_VER > 1000
- #pragma once
- #endif // _MSC_VER > 1000
- #include <windows.h>
- class PY_HOOKAPI
- {
- public:
- BYTE FunTop5Code[5]; // 原函数头5字节
- BYTE JmpAsmCode[5]; // Jmp *****
- LPVOID lpOldFunAddr; // 原始函数入口地址
- LPVOID lpNewFunAddr; // 新函数入口地址
- VOID Init(PSTR szModuleName, PSTR szFunName, FARPROC lpFun);
- VOID Hook();
- VOID UnHook();
- PY_HOOKAPI();
- virtual ~PY_HOOKAPI();
-
- };
- #endif // !defined(AFX_HOOKAPI_H__4F261417_7D80_4241_B093_40CA4B099FF7__INCLUDED_)
- // HookApi.cpp: implementation of the PY_HOOKAPI class.
- // Code By PiaoYun/P.Y.G www.chinapyg.com
- //////////////////////////////////////////////////////////////////////
- #include "HookApi.h"
- //////////////////////////////////////////////////////////////////////
- // Construction/Destruction
- //////////////////////////////////////////////////////////////////////
- PY_HOOKAPI::PY_HOOKAPI()
- {
- //ZeroMemory(FunTop5Code,5);
- //ZeroMemory(JmpAsmCode,5);
- //JmpAsmCode[0] = 0xE9; // Jmp *****
- }
- PY_HOOKAPI::~PY_HOOKAPI()
- {
- UnHook();
- }
- VOID PY_HOOKAPI::Init(PSTR szModuleName, PSTR szFunName, FARPROC lpFun)
- {
- HMODULE hMod = ::LoadLibrary(szModuleName);
- if (hMod)
- {
- lpNewFunAddr = lpFun;
- lpOldFunAddr = ::GetProcAddress(hMod, szFunName);
- JmpAsmCode[0] = 0xE9; // Jmp *****
- *(PDWORD)&(JmpAsmCode[1]) = (DWORD)lpNewFunAddr - (DWORD)lpOldFunAddr - 5;
-
- DWORD dwOldProtect;
- ::VirtualProtect(lpOldFunAddr, 5, PAGE_READWRITE, &dwOldProtect);
- ::ReadProcessMemory(GetCurrentProcess(), lpOldFunAddr, FunTop5Code, 5, NULL);
- ::VirtualProtect(lpOldFunAddr, 5, dwOldProtect, &dwOldProtect);
- }
- }
- VOID PY_HOOKAPI::Hook()
- {
- DWORD dwOldProtect;
- ::VirtualProtect(lpOldFunAddr, 5, PAGE_READWRITE, &dwOldProtect);
- ::WriteProcessMemory(GetCurrentProcess(), lpOldFunAddr, JmpAsmCode, 5, NULL);
- ::VirtualProtect(lpOldFunAddr, 5, dwOldProtect, &dwOldProtect);
- }
- VOID PY_HOOKAPI::UnHook()
- {
- DWORD dwOldProtect;
- ::VirtualProtect(lpOldFunAddr, 5, PAGE_READWRITE, &dwOldProtect);
- ::WriteProcessMemory(GetCurrentProcess(), lpOldFunAddr, FunTop5Code, 5, NULL);
- ::VirtualProtect(lpOldFunAddr, 5, dwOldProtect, &dwOldProtect);
- }
测试代码:
- #include <windows.h>
- #include "HookApi.h"
- PY_HOOKAPI MyHookApi;
- int WINAPI MyMessageBoxA(
- IN HWND hWnd,
- IN LPCSTR lpText,
- IN LPCSTR lpCaption,
- IN UINT uType)
- {
- MyHookApi.UnHook();
- DWORD ret = MessageBoxA(NULL, "函数被Hook了!", lpCaption, MB_OK);
- MyHookApi.Hook();
- return ret;
- }
- VOID main()
- {
- MessageBoxA(NULL, "函数没被Hook", "飘云", MB_OK);
- MyHookApi.Init("USER32.DLL", "MessageBoxA", (FARPROC)MyMessageBoxA);
- MyHookApi.Hook();
- MessageBoxA(NULL, "还能看到我么?", "飘云", MB_OK);
- MyHookApi.UnHook();
- MessageBoxA(NULL, "UnHook成功!", "飘云", MB_OK);
- }
|
评分
-
| 参与人数 2 | 威望 +44 |
飘云币 +40 |
收起
理由
|
 wonderzdh
| + 4 |
|
detour:http://www.360doc.com/content/10. |
 MOV
| + 40 |
+ 40 |
很给力! |
查看全部评分
|
IP卡
发表于 2014-2-5 00:41:18
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2014-2-23 23:13:09
差距太远了
发表于 2014-4-30 16:38:16
发表于 2014-5-8 19:21:58
发表于 2014-6-25 10:22:12
发表于 2014-8-29 20:54:56
发表于 2014-9-9 19:22:16
