传统APIHOOK--JMP XXXXXXXX -- 简单类封装-- By 飘云
传统APIHOOK--JMP XXXXXXXX -- 简单类封装-- By 飘云老手飘过,直接使用 detour
该类为新手封装~~ 方便使用!
// HookApi.h: interface for the PY_HOOKAPI class.
// Code By PiaoYun/P.Y.G www.chinapyg.com
//////////////////////////////////////////////////////////////////////
#if !defined(AFX_HOOKAPI_H__4F261417_7D80_4241_B093_40CA4B099FF7__INCLUDED_)
#define AFX_HOOKAPI_H__4F261417_7D80_4241_B093_40CA4B099FF7__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#include <windows.h>
class PY_HOOKAPI
{
public:
BYTE FunTop5Code; // 原函数头5字节
BYTE JmpAsmCode;// Jmp *****
LPVOID lpOldFunAddr; // 原始函数入口地址
LPVOID lpNewFunAddr; // 新函数入口地址
VOID Init(PSTR szModuleName, PSTR szFunName, FARPROC lpFun);
VOID Hook();
VOID UnHook();
PY_HOOKAPI();
virtual ~PY_HOOKAPI();
};
#endif // !defined(AFX_HOOKAPI_H__4F261417_7D80_4241_B093_40CA4B099FF7__INCLUDED_)
// HookApi.cpp: implementation of the PY_HOOKAPI class.
// Code By PiaoYun/P.Y.G www.chinapyg.com
//////////////////////////////////////////////////////////////////////
#include "HookApi.h"
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
PY_HOOKAPI::PY_HOOKAPI()
{
//ZeroMemory(FunTop5Code,5);
//ZeroMemory(JmpAsmCode,5);
//JmpAsmCode= 0xE9; // Jmp *****
}
PY_HOOKAPI::~PY_HOOKAPI()
{
UnHook();
}
VOID PY_HOOKAPI::Init(PSTR szModuleName, PSTR szFunName, FARPROC lpFun)
{
HMODULE hMod = ::LoadLibrary(szModuleName);
if (hMod)
{
lpNewFunAddr = lpFun;
lpOldFunAddr = ::GetProcAddress(hMod, szFunName);
JmpAsmCode= 0xE9; // Jmp *****
*(PDWORD)&(JmpAsmCode) = (DWORD)lpNewFunAddr - (DWORD)lpOldFunAddr - 5;
DWORD dwOldProtect;
::VirtualProtect(lpOldFunAddr, 5, PAGE_READWRITE, &dwOldProtect);
::ReadProcessMemory(GetCurrentProcess(), lpOldFunAddr, FunTop5Code, 5, NULL);
::VirtualProtect(lpOldFunAddr, 5, dwOldProtect, &dwOldProtect);
}
}
VOID PY_HOOKAPI::Hook()
{
DWORD dwOldProtect;
::VirtualProtect(lpOldFunAddr, 5, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), lpOldFunAddr, JmpAsmCode, 5, NULL);
::VirtualProtect(lpOldFunAddr, 5, dwOldProtect, &dwOldProtect);
}
VOID PY_HOOKAPI::UnHook()
{
DWORD dwOldProtect;
::VirtualProtect(lpOldFunAddr, 5, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), lpOldFunAddr, FunTop5Code, 5, NULL);
::VirtualProtect(lpOldFunAddr, 5, dwOldProtect, &dwOldProtect);
}
测试代码:
#include <windows.h>
#include "HookApi.h"
PY_HOOKAPI MyHookApi;
int WINAPI MyMessageBoxA(
IN HWND hWnd,
IN LPCSTR lpText,
IN LPCSTR lpCaption,
IN UINT uType)
{
MyHookApi.UnHook();
DWORD ret = MessageBoxA(NULL, "函数被Hook了!", lpCaption, MB_OK);
MyHookApi.Hook();
return ret;
}
VOID main()
{
MessageBoxA(NULL, "函数没被Hook", "飘云", MB_OK);
MyHookApi.Init("USER32.DLL", "MessageBoxA", (FARPROC)MyMessageBoxA);
MyHookApi.Hook();
MessageBoxA(NULL, "还能看到我么?", "飘云", MB_OK);
MyHookApi.UnHook();
MessageBoxA(NULL, "UnHook成功!", "飘云", MB_OK);
}
以往如旧的支持呵呵 支持。。学习 {:sweat:}差距太远了 很给力 ,呵呵,支持多发这类文章。。 很好的学习材料!谢谢。 虽然看不懂,呵呵,太厉害了 真心看的头昏眼花 估计用处很大 要是看懂了 估计谁都能用都是涉及到系统底层的东西 飘大太给力 我只是新手 太深奥 多谢提供源码,很有帮助
页:
[1]
2