转自:http://blog.csdn.net/itcastcpp/article/details/8053802
大家都懂,很多时候开发项目需要修改网络数据,代码如下,请柬代码分析
- #include "stdafx.h"
- #include <stdio.h>
- #include <Windows.h>
- #include <Winsock2.h>
- #ifdef _MANAGED
- #pragma managed(push, off)
- #endif
- #define HOOK_API extern "C" _declspec(dllexport)
- //本dll的handle
- HANDLE g_hInstance = NULL;
- //修改API入口为 mov eax, 00400000;jmp eax是程序能跳转到自己的函数
- BYTE g_btNewBytes[8] = { 0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0 };
- //保存原API入口的8个字节
- DWORD g_dwOldBytes[2][2] = { 0x0, 0x0, 0x0, 0x0 };
- //钩子句柄
- HHOOK g_hOldHook = NULL;
- //API中send函数的地址
- DWORD g_pSend = 0;
- DWORD g_pRecv = 0;
- //事务,解决同步问题
- HANDLE g_hSendEvent = NULL;
- HANDLE g_hRecvEvent = NULL;
- //自己的send函数地址,参数必须与API的send函数地址相同
- int _stdcall hook_send( SOCKET s, const char *buf, int len, int flags );
- int _stdcall hook_recv(IN SOCKET s,OUT char FAR * buf,IN int len,IN int flags );
- //要Hook的进程和主线程ID号
- DWORD g_dwProcessID = 0;
- DWORD g_dwThreadID = 0;
- // 如果是win9x,不能使用fopen函数
- void WriteLog(char *fmt,...)
- {
- va_list args;
- char modname[200];
- char temp[5000];
- HANDLE hFile;
- SYSTEMTIME loaclTime;
- GetLocalTime(&loaclTime);
- GetModuleFileName(NULL, modname, sizeof(modname));
- if((hFile =CreateFile("c:\\hookapi.log", GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) <0)
- {
- return;
- }
- SetFilePointer(hFile, 0, NULL, FILE_END);
- wsprintf(temp, "%d:%d:%d mydll.dll:%s:", loaclTime.wHour,loaclTime.wMinute,loaclTime.wMilliseconds, modname);
- DWORD dw;
- WriteFile(hFile, temp, strlen(temp), &dw, NULL);
- va_start(args,fmt);
- vsprintf(temp, fmt, args);
- va_end(args);
- WriteFile(hFile, temp, strlen(temp), &dw, NULL);
- wsprintf(temp, "\r\n");
- WriteFile(hFile, temp, strlen(temp), &dw, NULL);
- CloseHandle(hFile);
- }
- int _stdcall hook_recv(IN SOCKET s,OUT char FAR * buf,IN int len,IN int flags )
- {
- int nRet;
- WaitForSingleObject( g_hRecvEvent, INFINITE );
- //恢复API头8个字节
- WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_pRecv,( void* )g_dwOldBytes[0], sizeof( DWORD )*2, NULL );
- /*
- 这里可以添加想要进行的处理过程
- */
- //真正执行API函数
- nRet = recv( s, buf, len, flags );
- //写入跳转语句,继续Hook
- WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_pRecv,( void* )g_btNewBytes, sizeof( DWORD )*2, NULL);
- WriteLog("%s",buf);
- SetEvent( g_hRecvEvent );
- return nRet;
- }
- int _stdcall hook_send( SOCKET s, const char *buf, int len, int flags )
- {
- int nRet;
- WaitForSingleObject( g_hSendEvent, INFINITE );
- //恢复API头8个字节
- WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_pSend,
- ( void* )g_dwOldBytes[0], sizeof( DWORD )*2, NULL );
- /*
- 这里可以添加想要进行的处理过程
- */
- WriteLog("Send:%s",buf);
- //真正执行API函数
- nRet = send( s, buf, len, flags );
- //写入跳转语句,继续Hook
- WriteProcessMemory( INVALID_HANDLE_VALUE, ( void* )g_pSend,
- ( void* )g_btNewBytes, sizeof( DWORD )*2, NULL );
- SetEvent( g_hSendEvent );
- return nRet;
- }
- static LRESULT WINAPI HookProc( int nCode, WPARAM wParam, LPARAM lParam )
- {
- return CallNextHookEx( g_hOldHook, nCode, wParam, lParam );
- }
- HOOK_API BOOL StartHook(HWND hWnd)
- {
- //通过传入的窗口句柄获取线程句柄
- g_dwThreadID = GetWindowThreadProcessId( hWnd, &g_dwProcessID );
- //WH_CALLWNDPROC类型的Hook
- g_hOldHook = SetWindowsHookEx( WH_CALLWNDPROC, HookProc,( HINSTANCE ) g_hInstance, g_dwThreadID );
- if( g_hOldHook == NULL )
- return FALSE;
- return TRUE;
- }
- HOOK_API void StopHook(void)
- {
- if(g_hOldHook != NULL)
- {
- WaitForSingleObject( g_hSendEvent, INFINITE );
- HANDLE hProcess = NULL;
- hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, g_dwProcessID);
- DWORD dwOldProc;
- DWORD dwNewProc;
- //改变页面属性为读写
- VirtualProtectEx( hProcess, ( void* )g_pSend, 8, PAGE_READWRITE, &dwOldProc );
- //恢复API的首8个字节
- WriteProcessMemory( hProcess, ( void* )g_pSend,
- ( void* )g_dwOldBytes[0], sizeof( DWORD )*2, NULL );
- //恢复页面文件的属性
- VirtualProtectEx( hProcess, ( void* )g_pSend, 8, dwOldProc, &dwNewProc );
- CloseHandle(g_hSendEvent);
- UnhookWindowsHookEx( g_hOldHook );
- }
- }
- DWORD WINAPI ThreadFunc( LPVOID lpParam )
- {
- char szMsg[80];
- wsprintf( szMsg, "Parameter = %d.", *(DWORD*)lpParam );
- MessageBox( NULL, szMsg, "ThreadFunc", MB_OK );
- while(1) Sleep(1000);
- return 0;
- }
- BOOL APIENTRY DllMain( HMODULE hModule,
- DWORD ul_reason_for_call,
- LPVOID lpReserved
- )
- {
- if(ul_reason_for_call == DLL_PROCESS_ATTACH)
- {
- WriteLog("Start HOOK");
- //获取本dll句柄
- g_hInstance = hModule;
- //创建事务
- g_hSendEvent = CreateEvent( NULL, FALSE, TRUE, NULL );
- //重写API开头的8字节
- HMODULE hWsock = LoadLibrary( "wsock32.dll" );
- g_pSend = ( DWORD )GetProcAddress( hWsock, "send" );
- g_pRecv = (DWORD)GetProcAddress( hWsock, "recv" );
- //保存原始字节
- ReadProcessMemory( INVALID_HANDLE_VALUE, ( void * )g_pSend,( void * )g_dwOldBytes[0], sizeof( DWORD )*2, NULL );
- //将00400000改写为我们函数的地址
- *( DWORD* )( g_btNewBytes + 1 ) = ( DWORD )hook_send;
- WriteProcessMemory( INVALID_HANDLE_VALUE, ( void * )g_pSend,( void * )g_btNewBytes, sizeof( DWORD )*2, NULL );
- // //保存原始字节
- // ReadProcessMemory( INVALID_HANDLE_VALUE, ( void * )g_pRecv,( void * )g_dwOldBytes[0], sizeof( DWORD )*2, NULL );
- // //将00400000改写为我们函数的地址
- // *( DWORD* )( g_btNewBytes + 1 ) = ( DWORD )hook_recv;
- // WriteProcessMemory( INVALID_HANDLE_VALUE, ( void * )g_pRecv,( void * )g_btNewBytes, sizeof( DWORD )*2, NULL );
- DWORD dwThreadId, dwThrdParam = 1;
- HANDLE hThread;
- char szMsg[80];
- hThread = CreateThread(
- NULL, // default security attributes
- 0, // use default stack size
- ThreadFunc, // thread function
- &dwThrdParam, // argument to thread function
- 0, // use default creation flags
- &dwThreadId); // returns the thread identifier
- // Check the return value for success.
- if (hThread == NULL)
- {
- wsprintf( szMsg, "CreateThread failed." );
- MessageBox( NULL, szMsg, "main", MB_OK );
- }
- else
- {
- CloseHandle( hThread );
- }
- }
- return TRUE;
- }
- #ifdef _MANAGED
- #pragma managed(pop)
- #endif
- #include <Winsock2.h>
- //#include <windows.h>
- #include <stdio.h>
- #include <Tlhelp32.h>
- //#pragma argsused
- //自定义APIHOOK结构
- typedef struct
- {
- FARPROC funcaddr;
- BYTE olddata[5];
- BYTE newdata[5];
- }HOOKSTRUCT;
- HHOOK g_hHook;
- HINSTANCE g_hinstDll;
- HMODULE hModule ;
- HWND g_hForm; //接收信息窗口句柄
- DWORD dwIdOld, dwIdNew;
- //------------------------------------------------------------------------
- // 由于要截获两个库里面的函数,所以每个函数定义了两个HOOK结构
- // 一个是wsock32.dll, 一个是ws2_32.dll
- //------------------------------------------------------------------------
- HOOKSTRUCT recvapi;
- HOOKSTRUCT recvapi1;
- HOOKSTRUCT sendapi;
- HOOKSTRUCT sendapi1;
- HOOKSTRUCT sendtoapi;
- HOOKSTRUCT sendtoapi1;
- HOOKSTRUCT WSASendapi;
- HOOKSTRUCT connectapi;
- void HookOn();
- void HookOff();
- BOOL Init();
- extern "C" __declspec(dllexport) BOOL __stdcall InstallHook();
- extern "C" __declspec(dllexport) BOOL __stdcall UninstallHook();
- BOOL hookapi(char *dllname, char *procname, DWORD myfuncaddr, HOOKSTRUCT *hookfunc);
- int WINAPI Myrecv(SOCKET s, char FAR *buf, int len, int flags);
- int WINAPI Myrecv1(SOCKET s, char FAR *buf, int len, int flags);
- int WINAPI Mysend(SOCKET s, char FAR *buf, int len, int flags);
- int WINAPI Mysend1(SOCKET s, char FAR *buf, int len, int flags);
- int WINAPI Mysendto(SOCKET s, const char FAR * buf, int len,
- int flags, const struct sockaddr FAR * to, int tolen);
- int WINAPI Mysendto1(SOCKET s, const char FAR * buf, int len,
- int flags, const struct sockaddr FAR * to, int tolen);
- int WINAPI MyWSASend(
- SOCKET s,
- LPWSABUF lpBuffers,
- DWORD dwBufferCount,
- LPDWORD lpNumberOfBytesSent,
- DWORD dwFlags,
- LPWSAOVERLAPPED lpOverlapped,
- LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
- );
- int WINAPI Myconnect(SOCKET s,const struct sockaddr* name,int namelen);
- void sndmsg(char *buf);
- void WriteLog(char *fmt,...);
- //---------------------------------------------------------------------------
- // 入口函数
- // 在一载入库时就进行API截获
- // 释放时还原
- //---------------------------------------------------------------------------
- int WINAPI DllMain(HINSTANCE hinst, unsigned long reason, void* lpReserved)
- {
- //__asm int 3
- switch (reason)
- {
- case DLL_PROCESS_ATTACH:
- g_hinstDll = hinst;
- g_hForm = FindWindow(NULL, "ZwelL");
- InstallHook();
- if(!Init())
- {
- MessageBoxA(NULL,"Init","ERROR",MB_OK);
- return(false);
- }
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- case DLL_PROCESS_DETACH:
- UninstallHook();
- break;
- }
- return TRUE;
- }
- //-----------------------------------------------------------------------
- BOOL Init()
- {
- hookapi("wsock32.dll", "recv", (DWORD)Myrecv, &recvapi);
- hookapi("ws2_32.dll", "recv", (DWORD)Myrecv1, &recvapi1);
- hookapi("wsock32.dll", "send", (DWORD)Mysend, &sendapi);
- hookapi("ws2_32.dll", "send", (DWORD)Mysend1, &sendapi1);
- hookapi("wsock32.dll", "sendto", (DWORD)Mysendto, &sendtoapi);
- hookapi("ws2_32.dll", "sendto", (DWORD)Mysendto1, &sendtoapi1);
- hookapi("wsock32.dll", "WSASend", (DWORD)MyWSASend, &WSASendapi);
- hookapi("ws2_32.dll", "connect", (DWORD)Myconnect, &connectapi);
- //hookapi("wsock32.dll", "connect", (DWORD)Myconnect, &connectapi);
- dwIdNew = GetCurrentProcessId(); // 得到所属进程的ID
- dwIdOld = dwIdNew;
- HookOn(); // 开始拦截
- return(true);
- }
- //---------------------------------------------------------------------------
- LRESULT WINAPI Hook(int nCode, WPARAM wParam, LPARAM lParam)
- {
- return(CallNextHookEx(g_hHook, nCode, wParam, lParam));
- }
- //---------------------------------------------------------------------------
- extern "C" __declspec(dllexport)
- BOOL __stdcall InstallHook()
- {
- g_hHook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)Hook, g_hinstDll, 0);
- if (!g_hHook)
- {
- MessageBoxA(NULL, "SET ERROR", "ERROR", MB_OK);
- return(false);
- }
- return(true);
- }
- //---------------------------------------------------------------------------
- extern "C" __declspec(dllexport)
- BOOL __stdcall UninstallHook()
- {
- HookOff();
- if(g_hHook == NULL)
- return true;
- return(UnhookWindowsHookEx(g_hHook));
- }
- //---------------------------------------------------------------------------
- // 根据输入结构截获API
- //---------------------------------------------------------------------------
- BOOL hookapi(char *dllname, char *procname, DWORD myfuncaddr, HOOKSTRUCT *hookfunc)
- {
- hModule = LoadLibrary(dllname);
- hookfunc->funcaddr = GetProcAddress(hModule, procname);
- if(hookfunc->funcaddr == NULL)
- return false;
- memcpy(hookfunc->olddata, hookfunc->funcaddr, 6);
- hookfunc->newdata[0] = 0xe9;
- DWORD jmpaddr = myfuncaddr - (DWORD)hookfunc->funcaddr - 5;
- memcpy(&hookfunc->newdata[1], &jmpaddr, 5);
- return true;
- }
- //---------------------------------------------------------------------------
- void HookOnOne(HOOKSTRUCT *hookfunc)
- {
- HANDLE hProc;
- dwIdOld = dwIdNew;
- hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, dwIdOld);
- VirtualProtectEx(hProc, hookfunc->funcaddr, 5, PAGE_READWRITE,&dwIdOld);
- WriteProcessMemory(hProc, hookfunc->funcaddr, hookfunc->newdata, 5, 0);
- VirtualProtectEx(hProc, hookfunc->funcaddr, 5, dwIdOld, &dwIdOld);
- }
- //---------------------------------------------------------------------------
- void HookOn()
- {
- // HookOnOne(&recvapi);
- // HookOnOne(&sendapi);
- // HookOnOne(&sendtoapi);
- // HookOnOne(&recvapi1);
- // HookOnOne(&sendapi1);
- // HookOnOne(&sendtoapi1);
- // HookOnOne(&WSASendapi);
- HookOnOne(&connectapi);
- }
- //---------------------------------------------------------------------------
- void HookOffOne(HOOKSTRUCT *hookfunc)
- {
- HANDLE hProc;
- dwIdOld = dwIdNew;
- hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, dwIdOld);
- VirtualProtectEx(hProc, hookfunc->funcaddr,5, PAGE_READWRITE, &dwIdOld);
- WriteProcessMemory(hProc, hookfunc->funcaddr, hookfunc->olddata, 5, 0);
- VirtualProtectEx(hProc, hookfunc->funcaddr, 5, dwIdOld, &dwIdOld);
- }
- //---------------------------------------------------------------------------
- void HookOff()
- {
- // HookOffOne(&recvapi);
- // HookOffOne(&sendapi);
- // HookOffOne(&sendtoapi);
- // HookOffOne(&recvapi1);
- // HookOffOne(&sendapi1);
- // HookOffOne(&sendtoapi1);
- // HookOffOne(&WSASendapi);
- HookOffOne(&connectapi);
- }
- //---------------------------------------------------------------------------
- int WINAPI Myrecv(SOCKET s, char FAR *buf, int len, int flags)
- {
- int nReturn;
- HookOffOne(&recvapi);
- nReturn = recv(s, buf, len, flags);
- HookOnOne(&recvapi);
- char *tmpbuf=new char[len+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "recv|%d|%d|%s",
- GetCurrentProcessId(),
- len,
- buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //---------------------------------------------------------------------------
- int WINAPI Myrecv1(SOCKET s, char FAR *buf, int len, int flags)
- {
- int nReturn;
- HookOffOne(&recvapi1);
- nReturn = recv(s, buf, len, flags);
- HookOnOne(&recvapi1);
- char *tmpbuf=new char[len+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "recv1|%d|%d|%s",
- GetCurrentProcessId(),
- len,
- buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //---------------------------------------------------------------------------
- int WINAPI Mysend(SOCKET s, char FAR *buf, int len, int flags)
- {
- int nReturn;
- HookOffOne(&sendapi);
- nReturn = send(s, buf, len, flags);
- HookOnOne(&sendapi);
- char *tmpbuf=new char[len+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "send|%d|%d|%s",
- GetCurrentProcessId(),
- len,
- buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //---------------------------------------------------------------------------
- int WINAPI Mysend1(SOCKET s, char FAR *buf, int len, int flags)
- {
- int nReturn;
- HookOffOne(&sendapi1);
- nReturn = send(s, buf, len, flags);
- HookOnOne(&sendapi1);
- char *tmpbuf=new char[len+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "send1|%d|%d|%s",
- GetCurrentProcessId(),
- len,
- buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //--------------------------------------------------------------------------
- int WINAPI Mysendto(SOCKET s, const char FAR * buf, int len,
- int flags, const struct sockaddr FAR * to, int tolen)
- {
- int nReturn;
- HookOffOne(&sendtoapi);
- nReturn = sendto(s, buf, len, flags, to, tolen);
- HookOnOne(&sendtoapi);
- char *tmpbuf=new char[len+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "sendto|%d|%d|%s",
- GetCurrentProcessId(),
- len,
- buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //--------------------------------------------------------------------------
- int WINAPI Mysendto1(SOCKET s, const char FAR * buf, int len,
- int flags, const struct sockaddr FAR * to, int tolen)
- {
- int nReturn;
- HookOffOne(&sendtoapi1);
- nReturn = sendto(s, buf, len, flags, to, tolen);
- HookOnOne(&sendtoapi1);
- char *tmpbuf=new char[len+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "sendto1|%d|%d|%s",
- GetCurrentProcessId(),
- len,
- buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //----------------------------------------------------------------------------
- int WINAPI MyWSASend(
- SOCKET s,
- LPWSABUF lpBuffers,
- DWORD dwBufferCount,
- LPDWORD lpNumberOfBytesSent,
- DWORD dwFlags,
- LPWSAOVERLAPPED lpOverlapped,
- LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
- )
- {
- int nReturn;
- HookOffOne(&WSASendapi);
- nReturn = WSASend(s, lpBuffers, dwBufferCount,
- lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
- HookOnOne(&WSASendapi);
- char *tmpbuf=new char[*lpNumberOfBytesSent+100];
- memset(tmpbuf, 0, sizeof(tmpbuf));
- sprintf(tmpbuf, "WSASend|%d|%d|%s",
- GetCurrentProcessId(),
- lpNumberOfBytesSent,
- lpBuffers->buf);
- sndmsg(tmpbuf);
- delete tmpbuf;
- return(nReturn);
- }
- //---------显示进程的模块
- bool GetListModules(DWORD dwPID,char* ModuleName,ULONG uAddress)
- {
- HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
- MODULEENTRY32 me32;
- BOOL bRet = FALSE;
- // Take a snapshot of all modules in the specified process.
- hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID );
- if( hModuleSnap == INVALID_HANDLE_VALUE )
- {
- //MessageBox(NULL,"CreateToolhelp32Snapshot error"),"提示",MB_OK);
- return FALSE;
- }
- // Set the size of the structure before using it.
- me32.dwSize = sizeof( MODULEENTRY32);
- // Retrieve information about the first module,
- // and exit if unsuccessful
- if( !Module32First( hModuleSnap, &me32 ) )
- {
- //MessageBox(NULL,_T("Module32First error"),"提示",MB_OK);
- CloseHandle( hModuleSnap ); // Must clean up the snapshot object!
- return( FALSE );
- }
- // Now walk the module list of the process,
- // and display information about each module
- //因为我只需要得到exe文件的路径,所以这个循环不要
- do
- {
- //----下面这两个地方的显示结果是一样的,有中文字符就显示为 ?
- //MessageBox(NULL,me32.szExePath,"提示",MB_OK); //弹出窗口显示exe文件的路径
- //m_edit.SetWindowText(me32.szExePath); //edit控件中显示exe文件的路径
- // BYTE* pMem = new BYTE[me32.modBaseSize];
- // if(GetProcessMem(dwPID,(DWORD)me32.modBaseAddr,me32.modBaseSize,pMem))
- // {
- // if(GetProcessFunction(pMem) == 0)
- // printf("%s\n",me32.szExePath);
- // }
- // delete[] pMem;
- if( uAddress >= (ULONG)me32.modBaseAddr && (uAddress = (ULONG)me32.modBaseAddr + me32.modBaseSize))
- {
- strcpy(ModuleName,me32.szExePath);
- bRet = TRUE;
- break;
- }
- }
- while( Module32Next( hModuleSnap, &me32 ) );
- CloseHandle( hModuleSnap );
- return bRet;
- }
- int WINAPI Myconnect(
- SOCKET s,
- const struct sockaddr* name,
- int namelen
- )
- {
- ULONG rEbp;
- __asm
- {
- mov rEbp,ebp
- }
- ULONG uAddress = *(ULONG*)(rEbp + 4); //获取调用堆榨地址
- char szMsg[MAX_PATH]={0};
- if(GetListModules(GetCurrentProcessId(),szMsg,uAddress))
- WriteLog(szMsg);
- SOCKADDR_IN* destSockAddr;
- destSockAddr = (SOCKADDR_IN *)name;
- sprintf(szMsg,"0x%x,%s:%d",destSockAddr->sin_family, inet_ntoa(destSockAddr->sin_addr),destSockAddr->sin_port);
- WriteLog(szMsg);
- int nReturn;
- HookOffOne(&connectapi);
- nReturn = connect(s,name,namelen);
- HookOnOne(&connectapi);
- return nReturn;
- }
- __declspec(naked) int WINAPI Myconnect1(
- SOCKET s,
- const struct sockaddr* name,
- int namelen
- )
- {
- //int nReturn;
- //HookOffOne(&connectapi);
- __asm
- {
- mov edi,edi
- push ebp
- mov ebp,esp
- push 0x71a24a0c
- ret
- }
- // connect(s,name,namelen);
- // HookOnOne(&connectapi);
- //
- // char szMsg[MAX_PATH];
- // sprintf(szMsg,"%x",name->sa_data);
- // WriteLog(szMsg);
- // return ;
- }
- //-----------------------------------------------------------------
- // 向窗口发送消息
- // 考虑到简单性,用了COPYDATASTRUCT结构
- // 用内存映射应该会快一点
- //-----------------------------------------------------------------
- void sndmsg(char *buf)
- {
- COPYDATASTRUCT cds;
- cds.dwData=sizeof(COPYDATASTRUCT);
- cds.cbData=strlen(buf);
- cds.lpData=buf;
- SendMessage(g_hForm,WM_COPYDATA,(WPARAM)NULL,(LPARAM)&cds);
- }
- static char s_szMessageBuf[5000];
- void WriteLog(char *fmt,...)
- {
- va_list args;
- char modname[200];
- HANDLE hFile;
- SYSTEMTIME loaclTime;
- GetLocalTime(&loaclTime);
- GetModuleFileName(NULL, modname, sizeof(modname));
- if((hFile =CreateFile("c:\\hookConnect.log", GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) <0)
- {
- return;
- }
- SetFilePointer(hFile, 0, NULL, FILE_END);
- wsprintf(s_szMessageBuf, "%d:%d:%d :%s:", loaclTime.wHour,loaclTime.wMinute,loaclTime.wMilliseconds, modname);
- DWORD dw;
- WriteFile(hFile, s_szMessageBuf, strlen(s_szMessageBuf), &dw, NULL);
- va_start(args,fmt);
- vsprintf(s_szMessageBuf, fmt, args);
- va_end(args);
- WriteFile(hFile, s_szMessageBuf, strlen(s_szMessageBuf), &dw, NULL);
- wsprintf(s_szMessageBuf, "\r\n");
- WriteFile(hFile, s_szMessageBuf, strlen(s_szMessageBuf), &dw, NULL);
- CloseHandle(hFile);
- }