网友写的HookAPI源代码 | |
unit dllMain;
{********************************************************* 程序: HookAPI函数 作者: sunsjw QQ : 25656016 Blog: [url]http://www.kao8.cn/blog.asp?name=sunsjw[/url] **********************************************************} interface uses SysUtils,Windows,Winsock,Graphics,tlHelp32,madCodeHook; type //要HOOK的API函数定义 TSockSendProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; TSockRecvProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; TMsgBoxProc = function(hWnd: HWND; lpText, lpCaption: PChar; uType: UINT): Integer; stdcall; //--------------------函数声明--------------------------- function Sun_Send(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; function Sun_Recv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; function Sun_Box(hWnd: HWND; lpText, lpCaption: PChar; uType: UINT): Integer; stdcall; procedure Hook;stdcall;export; procedure UnHook;stdcall;export; var //用来保存原来函数的地址 sunSend: TSockSendProc; sunRecv: TSockRecvProc; sunMsg: TMsgBoxProc; i: Integer; implementation function Sun_Box(hWnd: HWND; lpText, lpCaption: PChar; uType: UINT): Integer; stdcall; var strTemp: string; begin strTemp := '珊瑚虫:sunsjw'; Result := sunMsg(hWnd,lpText,pchar(strTemp),uType); end; {---------------------------------------} {函数功能:Recv函数的HOOK {函数参数:同Recv {函数返回值:integer {---------------------------------------} function Sun_Recv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; begin //在这里要对接收的数据Buf进行处理 //暂时不处理了,随便响一声吧。 MessageBeep(0); //调用直正的Send函数 Result := sunRecv(s,Buf,len, flags); end; {---------------------------------------} {函数功能:Send函数的HOOK {函数参数:同Send {函数返回值:integer {---------------------------------------} function Sun_Send(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; var DeskDC: HDC; Can: TCanvas; str: string; found: boolean; Hand,CurrHand: THandle; lppe: TProcessEntry32; begin DeskDC := GetDC(0); Can := TCanvas.Create; Can.Handle := DeskDC; CurrHand := GetCurrentProcessID(); Hand := CreateToolhelp32Snapshot(TH32CS_SNAPALL,0); lppe.dwSize := sizeof(lppe); found := Process32First(Hand,lppe); while found do begin if lppe.th32ProcessID=CurrHand then begin str := lppe.szExeFile; found := false; end else found := Process32Next(Hand,lppe); end; try Inc(i); Can.TextOut(0,0,str+':正在发送数据...'); finally Can.Free; ReleaseDC(0,DeskDC); end; Result := sunSend(s,Buf,len, flags); end; {------------------------------------} {过程功能:HookAPI {过程参数:无 {------------------------------------} procedure Hook; begin HookAPI('ws2_32.dll','send',@Sun_Send,@sunSend); HookAPI('ws2_32.dll','recv',@Sun_Recv,@sunRecv); HookAPI('user32.dll','MessageBoxA',@sun_Box,@sunMsg); end; {------------------------------------} {过程功能:取消HOOKAPI {过程参数:无 {------------------------------------} procedure UnHook; begin UnHookAPI(@sunSend); UnHookAPI(@sunRecv); UnHookAPI(@sunMsg); end; end. //调用 unit callMain; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls,madCodeHook; type TForm1 = class(TForm) Button1: TButton; Button2: TButton; procedure Button1Click(Sender: TObject); procedure Button2Click(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; implementation {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); begin //把我们的函数注放到其它进程中 InjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES,'hookMsg.dll'); end; procedure TForm1.Button2Click(Sender: TObject); begin UninjectLibrary(ALL_SESSIONS or SYSTEM_PROCESSES,'hookMsg.dll'); end; end. |
转载于:https://blog.51cto.com/95545/41339