// myDetours.cpp : 定义控制台应用程序的入口点。
//
#pragma once
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <syelog.h>
#include <detours.h>
#include <TlHelp32.h>
#include <detver.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "syelog.lib")
#define PULONG_PTR PVOID
#define PLONG_PTR PVOID
#define ULONG_PTR PVOID
#define ENUMRESNAMEPROCA PVOID
#define ENUMRESNAMEPROCW PVOID
#define ENUMRESLANGPROCA PVOID
#define ENUMRESLANGPROCW PVOID
#define ENUMRESTYPEPROCA PVOID
#define ENUMRESTYPEPROCW PVOID
#define STGOPTIONS PVOID
//
#pragma warning(disable:4127) // Many of our asserts are constants.
//
static HMODULE s_hInst = NULL;
static CHAR s_szDllPath[MAX_PATH];
using namespace std;
//定义目标API的函数指针
static int (WINAPI* OLD_MessageBoxW)(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType) = MessageBoxW;
int WINAPI NEW_MessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType)
{
//修改输入参数,调用原函数
int ret = OLD_MessageBoxW(hWnd, L"输入参数已修改", L"[测试]", uType);
//Syelog(SYELOG_SEVERITY_NOTICE, "Attach failed");
return ret;
}
VOID Hook()
{
//恢复原来状态
DetourRestoreAfterWith();
//拦截开始
DetourTransactionBegin();
//刷新当前线程
DetourUpdateThread(GetCurrentThread());
//这里可以连续多次调用DetourAttach,表明HOOK多个函数
DetourAttach(&(PVOID&)OLD_MessageBoxW, NEW_MessageBoxW);
//拦截生效
DetourTransactionCommit();
}
VOID UnHook()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//这里可以连续多次调用DetourDetach,表明撤销多个函数HOOK
DetourDetach(&(PVOID&)OLD_MessageBoxW, NEW_MessageBoxW);
DetourTransactionCommit();
}
void testFunc()
{
MessageBoxW(0, L"正常消息框", L"测试2", 0);
}
int main()
{
MessageBoxW(0, L"正常消息框", L"测试0", 0);
Hook();
MessageBoxW(0, L"正常消息框", L"测试1", 0);
testFunc();
UnHook();
MessageBoxW(0, L"正常消息框", L"测试3", 0);
return 0;
}
//
#pragma once
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <syelog.h>
#include <detours.h>
#include <TlHelp32.h>
#include <detver.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "syelog.lib")
#define PULONG_PTR PVOID
#define PLONG_PTR PVOID
#define ULONG_PTR PVOID
#define ENUMRESNAMEPROCA PVOID
#define ENUMRESNAMEPROCW PVOID
#define ENUMRESLANGPROCA PVOID
#define ENUMRESLANGPROCW PVOID
#define ENUMRESTYPEPROCA PVOID
#define ENUMRESTYPEPROCW PVOID
#define STGOPTIONS PVOID
//
#pragma warning(disable:4127) // Many of our asserts are constants.
//
static HMODULE s_hInst = NULL;
static CHAR s_szDllPath[MAX_PATH];
using namespace std;
//定义目标API的函数指针
static int (WINAPI* OLD_MessageBoxW)(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType) = MessageBoxW;
int WINAPI NEW_MessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType)
{
//修改输入参数,调用原函数
int ret = OLD_MessageBoxW(hWnd, L"输入参数已修改", L"[测试]", uType);
//Syelog(SYELOG_SEVERITY_NOTICE, "Attach failed");
return ret;
}
VOID Hook()
{
//恢复原来状态
DetourRestoreAfterWith();
//拦截开始
DetourTransactionBegin();
//刷新当前线程
DetourUpdateThread(GetCurrentThread());
//这里可以连续多次调用DetourAttach,表明HOOK多个函数
DetourAttach(&(PVOID&)OLD_MessageBoxW, NEW_MessageBoxW);
//拦截生效
DetourTransactionCommit();
}
VOID UnHook()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//这里可以连续多次调用DetourDetach,表明撤销多个函数HOOK
DetourDetach(&(PVOID&)OLD_MessageBoxW, NEW_MessageBoxW);
DetourTransactionCommit();
}
void testFunc()
{
MessageBoxW(0, L"正常消息框", L"测试2", 0);
}
int main()
{
MessageBoxW(0, L"正常消息框", L"测试0", 0);
Hook();
MessageBoxW(0, L"正常消息框", L"测试1", 0);
testFunc();
UnHook();
MessageBoxW(0, L"正常消息框", L"测试3", 0);
return 0;
}
1890
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
