Inline Hook示例

最新推荐文章于 2023-06-16 19:49:24 发布

capnik

最新推荐文章于 2023-06-16 19:49:24 发布

阅读量387

点赞数

分类专栏： Windows原理

本文链接：https://blog.csdn.net/capnik/article/details/58999763

版权

Windows原理专栏收录该内容

10 篇文章 0 订阅

订阅专栏

//以下是InlineHook.Dll文件示例代码:

#include "stdafx.h"
#include <windows.h>

char g_OldAddress[0x5] = {};
char g_NewAddress[0x5] = { 0xE9 };

//开启Hook
void HookMessageBox()
{
	OutputDebugString(L"进入Hook");
	DWORD dwOldProtect = 0;
	memcpy(g_OldAddress, MessageBoxW, 5);
	VirtualProtect(MessageBoxW, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect);
	memcpy(MessageBoxW, g_NewAddress, 5);
	VirtualProtect(MessageBoxW, 5, dwOldProtect, &dwOldProtect);
	OutputDebugString(L"Hook成功");
}
//取消Hook
void unHookMessageHook()
{
	DWORD dwOldProtect = 0;
	OutputDebugString(L"取消Hook");
	VirtualProtect(MessageBoxW, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect);
	memcpy(MessageBoxW, g_OldAddress, 5);
	VirtualProtect(MessageBoxW, 5, dwOldProtect, &dwOldProtect);
	OutputDebugString(L"取消Hook成功");
}

int WINAPI  MyMessageBoxW(
	_In_opt_ HWND hWnd,
	_In_opt_ LPCWSTR lpText,
	_In_opt_ LPCWSTR lpCaption,
	_In_ UINT uType
	)
{
	OutputDebugString(L"进入自己MessageBox");
	lpText = L"哈哈Hook成功!";
	int  nResault = 0;
	unHookMessageHook();
	nResault = MessageBoxW(hWnd, lpText, lpCaption, uType);
	HookMessageBox();
	OutputDebugString(L"退出自己MessageBox");
	return nResault;
}

//计算hook，要跳转的位置
void Init()
{
	DWORD *pOffect = (DWORD*)(g_NewAddress + 1);

	*pOffect = (DWORD)MyMessageBoxW -
		(DWORD)MessageBoxW -
		5;
}


BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	{
		OutputDebugString(L"开始初始化");
		Init();
		OutputDebugString(L"初始化完毕");
		HookMessageBox();
	}break;
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

随便用什么方法注入到程序,可以在有弹框的时候,弹出如下: