#include<windows.h>
#include"LDasm.c"
int (_stdcall * pMessageBox)(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType);
int _stdcall myMessageBox(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType)
{
lpText="hello";
return ( *pMessageBox)(hWnd,lpText,lpCaption,uType);
}
bool hookapi_p(
LPCTSTR dll,//dll的名称
LPCSTR api,//API的名称
DWORD *lpfunc,//自己函数的地址
LPVOID *NextHook//NextHook的地址
)
{
FARPROC handle;
PBYTE bytec;
PDWORD dwordc;
int pSize;
unsigned long oldpoint;
handle=GetProcAddress(LoadLibrary(dll),api);
if(!handle) return 0;
if (*((PUCHAR)handle)==0xe8) return 0;
pSize = SizeOfHook_push(handle);
if (VirtualProtect(handle,pSize,PAGE_EXECUTE_READWRITE,&oldpoint))//开启可写属性
{
*NextHook = VirtualAlloc(NULL,0x1000, MEM_COMMIT,PAGE_EXECUTE_READWRITE); //'申请内存空间
//将原函数 前pSize个字节复制到NextHook中
CopyMemory ((PVOID)*NextHook,handle,pSize); //读取n字节保存
//再已复制的字节后添加 跳转至 原函数+pSize
bytec=(PBYTE)(*NextHook);
*(bytec+pSize)=0xe9;
dwordc=(PDWORD)((DWORD)*NextHook+pSize+1);
*(dwordc)=(DWORD)handle-(DWORD)*NextHook-5;
// '保存被Hook API函数的地址
dwordc=(PDWORD)((DWORD)*NextHook+pSize+5);
*(dwordc)=(DWORD)handle;
//将原函数修改为跳转 到指定的函数
bytec=(PBYTE)(handle);
*(bytec)=0x68;
dwordc=(PDWORD)((DWORD)handle+1);
*(dwordc)=(DWORD)lpfunc;
*(bytec+5)=0xc3;
FlushInstructionCache(GetCurrentProcess(), handle, pSize); //'确保执行更改
VirtualProtect(handle, pSize, oldpoint, &oldpoint); // '恢复原来的属性
}
else
return 0;
return 1;
}
bool unhookapi_p(LPVOID *NextHook)//NextHook的地址
{
BYTE bytec;
LPVOID lOldAddrs;
int pSize;
unsigned long oldpoint;
pSize = SizeOfHook_push(*NextHook);
if (NextHook)
{
bytec=(BYTE)*((PBYTE)*NextHook+pSize);
if (bytec==0xe9)
{
lOldAddrs=(LPVOID)*(PDWORD)((DWORD)*NextHook+pSize+5);
VirtualProtect(lOldAddrs, pSize, PAGE_EXECUTE_READWRITE, &oldpoint); // '修改内存属性页为可写
CopyMemory ((PVOID)lOldAddrs,*NextHook,pSize);
FlushInstructionCache(GetCurrentProcess(), lOldAddrs, pSize); //'确保执行更改
VirtualProtect(*NextHook, pSize, oldpoint, &oldpoint); // '恢复原来的属性
if(VirtualFree(*NextHook, NULL, MEM_RELEASE)) // '释放内存空间
*NextHook = NULL; // '把自己函数地址设为NULL
}
else
return 0;
}
else
return 0;
return 1;
}
void main()
{
MessageBoxA(NULL,"1","2",MB_OK);
hookapi_p("user32.dll","MessageBoxA",(PDWORD)myMessageBox,(LPVOID*)&pMessageBox);
MessageBoxA(NULL,"4","3",MB_OK);
unhookapi_p((LPVOID*)&pMessageBox);
MessageBoxA(NULL,"4","3",MB_OK);
}
/**********************************
连城制作 注意版权哦。
QQ:173661967
**********************************/
hook api (push xxxx/retn)
最新推荐文章于 2022-04-11 15:44:10 发布