IAT hook

#include"stdafx.h"
#include <windows.h>
VOID __stdcall mySleep(DWORD m)
{
	MessageBoxA(0, "Hook 成功", "IAT hook", MB_OK);
}

PVOID EnumAPI()
{
	PBYTE ImageBase;
	PIMAGE_THUNK_DATA r;
	PIMAGE_NT_HEADERS pNtHeader;
	PIMAGE_IMPORT_DESCRIPTOR pImport;
	//取得DOS头基址
	ImageBase = (PBYTE)GetModuleHandle(NULL);//0x400000

	//PE头=ImageBase+[ImageBase+3c]
	pNtHeader = (PIMAGE_NT_HEADERS)(ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew);

	//IMAGE_DIRECTORY_ENTRY_IMPORT值为1 表示import tabale

	pImport = (PIMAGE_IMPORT_DESCRIPTOR)
		(ImageBase + pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);

		for (; pImport->Name; pImport++)
		{
			printf("导入模块:%s\n", ImageBase + pImport->Name);
			//遍历IAT信息  PIMAGE_THUNK_DATA基址
			for (r = (PIMAGE_THUNK_DATA)(ImageBase + pImport->FirstThunk); r->u1.Function; r++)   //枚举函数地址
			{
				if (Sleep == (PVOID)r->u1.Function)
				{
					DWORD pSleep = (DWORD)(&r->u1.Function);
					DWORD OldProtect = 0;
					DWORD fun = (DWORD)Sleep;
					VirtualProtect((PVOID)r, 0x10, PAGE_EXECUTE_READWRITE, &OldProtect);
					*(DWORD*)r = (DWORD)mySleep;
					VirtualProtect((PVOID)r->u1.Function, 0x10, OldProtect, NULL);

				}
			}

		}
	return NULL;
}



int main(int argc, char* argv[])
{   //MessageBoxA(0,NULL,NULL,MB_OK) ;
	//MessageBoxW(0,NULL,NULL,MB_OK);

	printf("Sleep函数地址 0x%x  Mysleep函数地址 0x%x\n", Sleep, mySleep);
	EnumAPI();
	
	Sleep(1000);
	getchar();
	return 0;
}