- UID
- 7284
- 精华
- 积分
- 161
- 威望
- 点
- 宅币
- 个
- 贡献
- 次
- 宅之契约
- 份
- 最后登录
- 1970-1-1
- 在线时间
- 小时
|
楼主 |
发表于 2021-7-14 11:26:04
|
显示全部楼层
HookApi.dll代码:
HookApi.h:
- // HookApi.h : HookApi DLL 的主头文件
- //
- #pragma once
- #ifndef __AFXWIN_H__
- #error "在包含此文件之前包含“stdafx.h”以生成 PCH 文件"
- #endif
- #include "resource.h" // 主符号
- // CHookApiApp
- // 有关此类实现的信息,请参阅 HookApi.cpp
- //
- class CHookApiApp : public CWinApp
- {
- public:
- CHookApiApp();
- // 重写
- public:
- virtual BOOL InitInstance();
- int ExitInstance();
- DECLARE_MESSAGE_MAP()
- };
- #define UM_WNDTITLE WM_USER+100 //自定义消息
- //全局共享变量
- #pragma data_seg(".Share")
- HWND g_hWnd = NULL;//主窗口句柄;
- HHOOK hhk = NULL; //鼠标钩子句柄;
- HINSTANCE hInst = NULL;//本dll实例句柄;
- #pragma data_seg()
- #pragma comment(linker, "/section:.Share,rws")
- HANDLE hProcess = NULL;
- BOOL bIsInjected = FALSE;
- PTR oldFunc = NULL; //用于保存原函数地址
- FARPROC pfFunc = NULL;//指向原函数地址的远指针
- BYTE OldCodeA[5]; //老的系统API入口代码
- BYTE NewCodeA[5]; //要跳转的API代码 (jmp xxxx)
- PTR FunctionAddress;
- //安装钩子
- _declspec(dllexport) BOOL WINAPI _stdcall HookApi(HWND hWnd);
- //卸载钩子
- _declspec(dllexport) VOID WINAPI _stdcall UnHookApi();
复制代码
HookApi.cpp:
- // HookApi.cpp : 定义 DLL 的初始化例程。
- //
- #include "stdafx.h"
- #include "HookApi.h"
- #ifdef _DEBUG
- #define new DEBUG_NEW
- #endif
- // CHookApiApp
- BEGIN_MESSAGE_MAP(CHookApiApp, CWinApp)
- END_MESSAGE_MAP()
- // CHookApiApp 构造
- CHookApiApp::CHookApiApp()
- {
- // TODO: 在此处添加构造代码,
- // 将所有重要的初始化放置在 InitInstance 中
- }
- // 唯一的一个 CHookApiApp 对象
- CHookApiApp theApp;
- //开启钩子的函数
- void HookOn()
- {
- ASSERT(hProcess != NULL);
- DWORD dwTemp = 0, dwOldProtect, dwRet = 0, dwWrite;
- VirtualProtectEx(hProcess, pfFunc, 5, PAGE_READWRITE, &dwOldProtect);
- dwRet = WriteProcessMemory(hProcess, pfFunc, NewCodeA, 5, &dwWrite);
- if (0 == dwRet || 0 == dwWrite)
- {
- TRACE("啊,写入失败");
- }
- VirtualProtectEx(hProcess, pfFunc, 5, dwOldProtect, &dwTemp);
- }
- //关闭钩子的函数
- void HookOff()
- {
- ASSERT(hProcess != NULL);
- DWORD dwTemp = 0, dwOldProtect = 0, dwRet = 0, dwWrite = 0;
- //恢复原API入口
- VirtualProtectEx(hProcess, pfFunc, 5, PAGE_READWRITE, &dwOldProtect);
- dwRet = WriteProcessMemory(hProcess, pfFunc, OldCodeA, 5, &dwWrite);
- if (0 == dwRet || 0 == dwWrite)
- {
- TRACE("啊,写入失败");
- }
- VirtualProtectEx(hProcess, pfFunc, 5, dwOldProtect, &dwTemp);
- }
- void Inject()
- {
- if (!bIsInjected)
- {
- bIsInjected = TRUE;//保证只调用1次
- if (pfFunc == NULL)
- {
- MessageBox(NULL, _T("cannot get Function"), _T("error"), 0);
- return;
- }
- _asm
- {
- lea edi, OldCodeA
- mov esi, pfFunc
- cld
- movsd
- movsb
- }
- NewCodeA[0] = 0xe9;
- _asm
- {
- lea eax, FunctionAddress
- mov ebx, pfFunc
- sub eax, ebx
- sub eax, 5
- mov dword ptr[NewCodeA + 1], eax
- }
- HookOn();
- }
- }
- // CHookApiApp 初始化
- BOOL CHookApiApp::InitInstance()
- {
- CWinApp::InitInstance();
- hInst = AfxGetInstanceHandle();
- DWORD dwPid = ::GetCurrentProcessId();
- hProcess = ::OpenProcess(PROCESS_ALL_ACCESS, 0, dwPid);
- Inject();
- return TRUE;
- }
- LRESULT CALLBACK MouseProc(
- int nCode, // hook code
- WPARAM wParam, // message identifier
- LPARAM lParam // mouse coordinates
- )
- {
- if (nCode == HC_ACTION)
- {
- //将钩子所在窗口句柄发给主程序
- ::SendMessage(g_hWnd, UM_WNDTITLE, wParam, (LPARAM)(((PMOUSEHOOKSTRUCT)lParam)->hwnd));
- }
- return CallNextHookEx(hhk, nCode, wParam, lParam);
- }
- //安装钩子
- BOOL WINAPI HookApi(HWND hWnd,LPCWSTR ModuleName,LPCSTR FunctionName,PTR FunctionAddr)
- {
- //获取函数
- HMODULE hmod = ::LoadLibrary(ModuleName);
- oldFunc = GetProcAddress(hmod, FunctionName);
- pfFunc = (FARPROC)oldFunc;
- g_hWnd = hWnd;
- FunctionAddress = FunctionAddr;
- hhk = ::SetWindowsHookEx(WH_MOUSE, MouseProc, hInst, 0);
- if (hhk == NULL)
- {
- return FALSE;
- }
- else
- {
- return TRUE;
- }
- }
- //卸载钩子
- VOID WINAPI UnHookApi()
- {
- HookOff();
- if (hhk != NULL)
- {
- UnhookWindowsHookEx(hhk);
- FreeLibrary(hInst);
- }
- }
- //dll退出时
- int CHookApiApp::ExitInstance()
- {
- HookOff();
- return TRUE;
- }
复制代码 |
|