admin管理员组文章数量:1622295
/*========================================================================
文件: exports.h
说明:全局消息钩子
时间:2004-09-15
编写:oshj || oshj@21cn
环境:VC6.0/Win2000 Pro/SP4/1024*768
特别说明:本程序目的是更改其他程序窗口的显示内容(如数值)。用枚举主窗口
和子窗口的方法只能只能找到有句柄的控件,发消息进行更改。对无句柄
的控件就无能为力了,在spy++里都无法枚举Delphi/BCB/VB的label控件的
只能采用截获TextOut的方法了,没想到其他更好的办法:-)这种就是
所谓的屏幕取词技术了,金山词霸用的就是这种方法。
=========================================================================*/
//-------------------------------------------------------------------------
#ifndef _INC_EXPORTS
#define _INC_EXPORTS
#include <windows.h>
#include <stdio.h>
//-------------------------------------------------------------------------
#define DLLEXPORT __declspec(dllexport)
//-------------------------------------------------------------------------
#define MAX_TEXTLEN 1024
#define UM_GETTEXT WM_USER + 0x392
//-------------------------------------------------------------------------
//开始钩
void HookAllTextOut();
//停止钩子
void UnHookAllTextOut();
//-------------------------------------------------------------------------
//消息回调函数
LRESULT CALLBACK GetMsgProc(int nCode, WPARAM wParam, LPARAM lParam);
//枚举子窗体回调函数
BOOL CALLBACK EnumChildWindowsProc( HWND hWnd, LPARAM lParam );
//-------------------------------------------------------------------------
// hook api
DLLEXPORT BOOL WINAPI NHBitBlt(HDC hdcDest,
int nXDest,
int nYDest,
int nWidth,
int nHeight,
HDC hdcSrc,
int nXSrc,
int nYSrc,
DWORD dwRop);
DLLEXPORT BOOL WINAPI NHTextOutA(HDC hdc,
int nXStart,
int nYStart,
LPCTSTR lpString,
int cbString);
DLLEXPORT BOOL WINAPI NHTextOutW(HDC hdc,
int nXStart,
int nYStart,
LPCWSTR lpString,
int cbString);
DLLEXPORT BOOL WINAPI NHExtTextOutA(HDC hdc,
int X,
int Y,
UINT fuOptions,
CONST RECT *lprc,
LPCTSTR lpString,
UINT cbCount,
CONST INT *lpDx);
DLLEXPORT BOOL WINAPI NHExtTextOutW(HDC hdc,
int X,
int Y,
UINT fuOptions,
CONST RECT *lprc,
LPCWSTR lpString,
UINT cbCount,
CONST INT *lpDx);
DLLEXPORT BOOL WINAPI ReadFile2(HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped );
//-------------------------------------------------------------------------
#endif // _INC_EXPORTS
/*========================================================================
文件: exports.cpp
说明:全局消息钩子
时间:2004-09-15
编写:oshj || oshj@21cn
环境:VC6.0/Win2000 Pro/SP4/1024*768
特别说明:本程序目的是更改其他程序窗口的显示内容(如数值)。用枚举主窗口
和子窗口的方法只能找到有句柄的控件,发消息进行更改。对无句柄
的控件就无能为力了,在spy++里都无法枚举Delphi/BCB/VB的label控件的
只能采用截获TextOut的方法了,没想到其他更好的办法:-)这种就是
所谓的屏幕取词技术了,金山词霸用的就是这种方法。
版权累死人,想用就用吧:-)
=========================================================================*/
//-------------------------------------------------------------------------
//原理:
// 采用类似屏幕取词的方式,动态注入DLL到EXE进程。截获TextOut并判断当前要写
//到屏幕的内容是否是数字(Int或者Float等),如果是则×0.5(或其他预先设定的基数)
//然后再写到屏幕上。
// 所以一定要清楚的认识到:本程序只是临时欺骗,更改屏幕显示的数字而已,
//并不更改实际的数据,包括报表打印和数据导出(如导出到Excel等)均无能为力。
//唯一的办法就是屏蔽,使之无效。或者干脆彻底注销界面上的这些按钮。
//已知BUG或缺陷:
//1、时间控件类的时间也被HOOK更改了;
//2、由于HOOK的数据×0.50(或其他基数)之后可能有了少数点,长度增长,可能导致
// 新写到屏幕上的数据位置不准确;
//3、类似0010123的序号也被当作数字HOOK了,并×0.5,可以增加类似的判断;
// 但由于采用的全局消息钩子,如果判断太多会导致系统消耗太大,必须精简算法。
//4、类似 [1234],:235,...等凡是中文和数字、字母和数字、符号和数字混合的,
// 均会忽略掉,不进行计算。
//5、由于无法更改打印和数据导出等实际数据,所以将包含有“导出”、“Excel”、
// “打印”字样的有句柄的窗口(button、form等)全部注销!
//-------------------------------------------------------------------------
//; 警告:本程序仅为学习研究作品,不涉及任何商业利益。
//; 请慎重使用,由此产生的一切后果由使用者承担!
//; FNUM为计算的基数 (0 < FNUM < 1),保留两位小数点。
//; 如果配置文件损坏或删除,程序将采用缺省值:0.50
//-------------------------------------------------------------------------
//系统热键定义如下:
//呼叫程序窗口:Alt + A
//彻底隐藏运行:Alt + B
//开始数据钩子:Alt + C
//停止数据钩子:Alt + D
//悄悄退出程序:Alt + E
//-------------------------------------------------------------------------
#include "exports.h"
#include "hookapi.h"
#include "public.h"
#include <string.h>
#include <TCHAR.H>
#include "PSAPI.H"
#pragma comment(lib, "psapi.lib")
#define BUFSIZE 512
//-------------------------------------------------------------------------
#pragma data_seg(".sdata")
//缺省为0.5,从配置文件中读取
float m_fNumber = 0.50; //用于作弊计算的基数 0 < m_fNumber < 1
#pragma data_seg()
#pragma comment(linker,"-section:.sdata,rws")
//-------------------------------------------------------------------------
HHOOK g_hHook = NULL; // 安装的鼠标钩子句柄
HINSTANCE g_hinstDll = NULL; // DLL实例句柄
HWND g_hWndTag = NULL; //注入的EXE窗体句柄
//-------------------------------------------------------------------------
//
APIHOOKSTRUCT g_MessageBoxAHook = {
"user32.dll",
"MessageBoxA",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHMessageBoxA",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_MessageBoxWHook = {
"user32.dll",
"MessageBoxW",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHMessageBoxW",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_BitBltHook = {
"gdi32.dll",
"BitBlt",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHBitBlt",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_TextOutAHook = {
"gdi32.dll",
"TextOutA",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHTextOutA",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_TextOutWHook = {
"gdi32.dll",
"TextOutW",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHTextOutW",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_ExtTextOutAHook = {
"gdi32.dll",
"ExtTextOutA",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHExtTextOutA",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_ExtTextOutWHook = {
"gdi32.dll",
"ExtTextOutW",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"NHExtTextOutW",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
APIHOOKSTRUCT g_ReadFile = {
"kernel32.dll",
"ReadFile",
0,
NULL,
{0, 0, 0, 0, 0, 0, 0},
NULL,
"ReadFile2",
NULL,
{0, 0, 0, 0, 0, 0, 0},
0,
{0XFF, 0X15, 0XFA, 0X13, 0XF3, 0XBF, 0X33}
};
//************************************
// Method : ReadFile2
// FullName :
// Returns : BOOL
// Parameter:
// Remark : our api ReadFile to hook ReadFile in WINAPI
//************************************
DLLEXPORT BOOL WINAPI ReadFile2(HANDLE hFile,LPVOID lpBuffer,DWORD nNumberOfBytesToRead,LPDWORD lpNumberOfBytesRead,LPOVERLAPPED lpOverlapped )
{
// restore
RestoreWin32Api(&g_ReadFile, HOOK_NEED_CHECK);
// call BitBlt
MessageBoxA(NULL,"","【独钓寒江雪】",0);
//RestoreWin32Api(&g_ReadFile, HOOK_NEED_CHECK);
//GetFileNameFromHandle(hFile);
BOOL ret = ReadFile(hFile,lpBuffer,nNumberOfBytesToRead,lpNumberOfBytesRead,lpOverlapped );
HookWin32Api(&g_ReadFile, HOOK_NEED_CHECK);
//HookWin32Api(&g_ReadFile, HOOK_NEED_CHECK);
//return ret;
return TRUE;
}
//-------------------------------------------------------------------------
//dll main
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hinstDll = hinstDLL;
//g_BitBltHook.hInst = hinstDLL;
g_TextOutAHook.hInst = hinstDLL;
g_TextOutWHook.hInst = hinstDLL;
g_ExtTextOutAHook.hInst = hinstDLL;
g_ExtTextOutWHook.hInst = hinstDLL;
g_MessageBoxAHook.hInst = hinstDLL;
g_MessageBoxWHook.hInst = hinstDLL;
//DisableThreadLibraryCalls(hinstDLL);
//MessageBox(NULL,"before","",0);
g_ReadFile.hInst = hinstDLL;
//MessageBox(NULL,"after","",0);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
UnHookAllTextOut();
break;
}
return TRUE;
}
//-------------------------------------------------------------------------
//从这里转到各HOOK函数
void HookAllTextOut()
{
//HookWin32Api(&g_BitBltHook, HOOK_CAN_WRITE);
HookWin32Api(&g_TextOutAHook, HOOK_CAN_WRITE);
HookWin32Api(&g_TextOutWHook, HOOK_CAN_WRITE);
HookWin32Api(&g_ExtTextOutAHook, HOOK_CAN_WRITE);
HookWin32Api(&g_ExtTextOutWHook, HOOK_CAN_WRITE);
HookWin32Api(&g_MessageBoxAHook, HOOK_CAN_WRITE);
HookWin32Api(&g_MessageBoxWHook, HOOK_CAN_WRITE);
//HookWin32Api(&g_ReadFile, HOOK_CAN_WRITE);
}
//-------------------------------------------------------------------------
//恢复HOOK函数
void UnHookAllTextOut()
{
//RestoreWin32Api(&g_BitBltHook, HOOK_NEED_CHECK);
RestoreWin32Api(&g_TextOutAHook, HOOK_NEED_CHECK);
RestoreWin32Api(&g_TextOutWHook, HOOK_NEED_CHECK);
RestoreWin32Api(&g_ExtTextOutAHook, HOOK_NEED_CHECK);
RestoreWin32Api(&g_ExtTextOutWHook, HOOK_NEED_CHECK);
RestoreWin32Api(&g_MessageBoxAHook, HOOK_NEED_CHECK);
RestoreWin32Api(&g_MessageBoxWHook, HOOK_NEED_CHECK);
//RestoreWin32Api(&g_ReadFile, HOOK_NEED_CHECK);
}
//-------------------------------------------------------------------------
//以下的函数干的就是狸猫换太子的勾当:-)
DLLEXPORT BOOL WINAPI NHMessageBoxA(HWND hWnd,
LPCTSTR lpText,
LPCTSTR lpCaption,
UINT uType )
{
// restore
RestoreWin32Api(&g_MessageBoxAHook, HOOK_NEED_CHECK);
// call BitBlt
MessageBoxA(hWnd,lpText,"【独钓寒江雪】",uType);
HookWin32Api(&g_MessageBoxAHook, HOOK_NEED_CHECK);
return TRUE;
}
DLLEXPORT BOOL WINAPI NHMessageBoxW(HWND hWnd,
LPCWSTR lpText,
LPCWSTR lpCaption,
UINT uType )
{
// restore
RestoreWin32Api(&g_MessageBoxWHook, HOOK_NEED_CHECK);
// call BitBlt
MessageBoxW(hWnd,lpText,L"【独钓寒江雪】",uType);
HookWin32Api(&g_MessageBoxWHook, HOOK_NEED_CHECK);
return TRUE;
}
DLLEXPORT BOOL WINAPI NHBitBlt(HDC hdcDest,
int nXDest,
int nYDest,
int nWidth,
int nHeight,
HDC hdcSrc,
int nXSrc,
int nYSrc,
DWORD dwRop)
{
// restore
RestoreWin32Api(&g_BitBltHook, HOOK_NEED_CHECK);
// call BitBlt
BitBlt(hdcDest, nXDest, nYDest, nWidth, nHeight,
hdcSrc, nXSrc, nYSrc, dwRop);
HookWin32Api(&g_BitBltHook, HOOK_NEED_CHECK);
return TRUE;
}
DLLEXPORT BOOL WINAPI NHTextOutA(HDC hdc,
int nXStart,
int nYStart,
LPCTSTR lpString,
int cbString)
{
float fNumTmp;
char sTmp[1024]={'/0'};
// restore
RestoreWin32Api(&g_TextOutAHook, HOOK_NEED_CHECK);
//---------------------------------------------------
try
{
//---------------------------------------------------
if( IsDigital(lpString) || IsFloat(lpString) )
{
fNumTmp = (float)(m_fNumber * strtod(lpString,NULL));
sprintf(sTmp,"%0.2f",fNumTmp);
TextOutA(hdc, nXStart, nYStart, sTmp, strlen(sTmp));
}
else
{
TextOutA(hdc, nXStart, nYStart, lpString, cbString);
}
}
catch(...)
{
TextOutA(hdc, nXStart, nYStart, lpString, cbString);
}
//---------------------------------------------------
//TextOutA(hdc, nXStart, nYStart, lpString, cbString);
HookWin32Api(&g_TextOutAHook, HOOK_NEED_CHECK);
return TRUE;
}
DLLEXPORT BOOL WINAPI NHTextOutW(HDC hdc,
int nXStart,
int nYStart,
LPCWSTR lpString,
int cbString)
{
float fNumTmp;
wchar_t sTmp[1024]={'/0'};
// restore
RestoreWin32Api(&g_TextOutWHook, HOOK_NEED_CHECK);
//--------------------------------------------------------------
try
{
if( IsWDigital(lpString) || IsWFloat(lpString) )
{
fNumTmp = (float)(wcstod(lpString,NULL) * m_fNumber);
swprintf(sTmp,L"%0.2f",fNumTmp);
TextOutW(hdc, nXStart, nYStart, sTmp, wcslen(sTmp));
}
else
{
// call ExtTextOutA
TextOutW(hdc, nXStart, nYStart, lpString, cbString);
}
}
catch(...)
{
TextOutW(hdc, nXStart, nYStart, lpString, cbString);
}
//--------------------------------------------------------------
// call TextOutW
//TextOutW(hdc, nXStart, nYStart, lpString, cbString);
HookWin32Api(&g_TextOutWHook, HOOK_NEED_CHECK);
return TRUE;
}
DLLEXPORT BOOL WINAPI NHExtTextOutA(HDC hdc,
int X,
int Y,
UINT fuOptions,
CONST RECT *lprc,
LPCTSTR lpString,
UINT cbCount,
CONST INT *lpDx)
{
float fNumTmp=0;
char sTmp[1024]={'/0'};
// restore
RestoreWin32Api(&g_ExtTextOutAHook, HOOK_NEED_CHECK);
try
{
//---------------------------------------------------
if( IsDigital(lpString) || IsFloat(lpString) )
{
fNumTmp = (float)(m_fNumber * strtod(lpString,NULL));
sprintf(sTmp,"%0.2f",fNumTmp);
ExtTextOutA(hdc, X-6, Y, fuOptions, lprc, sTmp, strlen(sTmp), lpDx);
}
else
{
// call ExtTextOutA
ExtTextOutA(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
}
}
catch(...)
{
ExtTextOutA(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
}
// call ExtTextOutA
//ExtTextOutA(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
HookWin32Api(&g_ExtTextOutAHook, HOOK_NEED_CHECK);
return TRUE;
}
DLLEXPORT BOOL WINAPI NHExtTextOutW(HDC hdc,
int X,
int Y,
UINT fuOptions,
CONST RECT *lprc,
LPCWSTR lpString,
UINT cbCount,
CONST INT *lpDx)
{
float fNumTmp;
wchar_t sTmp[1024]={'/0'};
// restore
RestoreWin32Api(&g_ExtTextOutWHook, HOOK_NEED_CHECK);
//---------------------------------------------------
try
{
if( IsWDigital(lpString) || IsWFloat(lpString) )
{
fNumTmp = (float)(wcstod(lpString,NULL) * m_fNumber);
swprintf(sTmp,L"%0.2f",fNumTmp);
ExtTextOutW(hdc, X-6, Y, fuOptions, lprc, sTmp, wcslen(sTmp), lpDx);
}
else
{
// call ExtTextOutA
ExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
}
}
catch(...)
{
ExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
}
// call ExtTextOutW
//ExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
HookWin32Api(&g_ExtTextOutWHook, HOOK_NEED_CHECK);
return TRUE;
}
//-------------------------------------------------------------------------
//消息回调函数
LRESULT CALLBACK GetMsgProc(int nCode, WPARAM wParam, LPARAM lParam)
{
HookAllTextOut();
char sClass[255]={'/0'};
if(nCode >= 0)
{
LPMSG pMsg = (LPMSG)lParam;
g_hWndTag = pMsg->hwnd;
if(NULL != g_hWndTag)
{
GetClassName(g_hWndTag,sClass,256);
//如果这个窗口的类名是T开头的
if( 0 == strncmp(sClass,"T",1) )
{
EnumChildWindows(g_hWndTag, EnumChildWindowsProc,0);
}
}
}
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
//-------------------------------------------------------------------------
//枚举子窗体回调函数
BOOL CALLBACK EnumChildWindowsProc( HWND hWnd, LPARAM lParam )
{
char buff[256]={'/0'};
if(::GetWindowLong(hWnd,GWL_STYLE)& WS_VISIBLE)
{
::GetWindowText(hWnd,buff,256);
//注销这些按钮或窗体
if(NULL != strstr(buff,"打印") ||
NULL != strstr(buff,"Excel") ||
NULL != strstr(buff,"导出") )
{
//这种只是屏蔽,界面上仍可看见
//EnableWindow(hWnd,FALSE);
//彻底注销,一劳永逸:-)
DestroyWindow(hWnd);
}
}
return TRUE;
}
//-------------------------------------------------------------------------
///
//-------------------------------------------------------------------------
//输出函数
//开始钩
DLLEXPORT BOOL WINAPI SetNHW32()
{
//------------------------------------------------------------
LPCTSTR iniFile = ".//config.ini"; // “.//”表示当前路径
char sTmp[256] = {'/0'};
GetPrivateProfileString("NUM","FNUM",NULL,sTmp,256,iniFile);
//MsgErr(sTmp);
m_fNumber = strtod(sTmp,NULL);
if(m_fNumber<=0.00)
{
m_fNumber = 0.50;
}
//------------------------------------------------------------
if(g_hHook == NULL)
{
g_hHook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, g_hinstDll, 0);
if (g_hHook == NULL)
{
//MessageBox(NULL, __TEXT("Error hooking."),
// __TEXT("GetWord"), MB_OK);
return FALSE;
}
}
return TRUE;
}
//-------------------------------------------------------------------------
//输出函数
//停止钩子
DLLEXPORT BOOL WINAPI ResetNHW32()
{
if (g_hHook != NULL)
{
if (!UnhookWindowsHookEx(g_hHook))
{
return FALSE;
}
g_hHook = NULL;
}
return TRUE;
}
hook api 的主要方法
/
//
// hookapi.c
//
// Date : 04/18/99
//
// oshj add 20040916 有这些现成的函数真爽,原作者好像是个台湾同胞
//
/
#include <windows.h>
#include "hookapi.h"
#include "string.h"
//#pragma comment(lib, "k32lib.lib")
//extern BOOL g_bCanWrite;
/
// Hook Api
/
FARPROC WINAPI NHGetFuncAddress(HINSTANCE hInst, LPCSTR lpMod, LPCSTR lpFunc)
{
HMODULE hMod;
FARPROC procFunc;
if (NULL != lpMod)
{
hMod=GetModuleHandle(lpMod);
procFunc = GetProcAddress(hMod,lpFunc);
}
else
{
procFunc = GetProcAddress(hInst,lpFunc);
}
return procFunc;
}
void MakeJMPCode(LPBYTE lpJMPCode, LPVOID lpCodePoint)
{
BYTE temp;
WORD wHiWord = HIWORD(lpCodePoint);
WORD wLoWord = LOWORD(lpCodePoint);
WORD wCS;
_asm // 取當前選擇符﹒
{
push ax;
push cs;
pop ax;
mov wCS, ax;
pop ax;
};
lpJMPCode[0] = 0xea; // 填入 JMP 指令的機器碼﹒
temp = LOBYTE(wLoWord); // -------------------------
lpJMPCode[1] = temp;
temp = HIBYTE(wLoWord);
lpJMPCode[2] = temp; // 填入地址﹒在內存中的順序為;
temp = LOBYTE(wHiWord); // Point: 0x1234
lpJMPCode[3] = temp; // 內存: 4321
temp = HIBYTE(wHiWord);
lpJMPCode[4] = temp; // -------------------------
temp = LOBYTE(wCS); // 填入選擇符﹒
lpJMPCode[5] = temp;
temp = HIBYTE(wCS);
lpJMPCode[6] = temp;
return;
}
void HookWin32Api(LPAPIHOOKSTRUCT lpApiHook, int nSysMemStatus)
{
DWORD dwReserved;
DWORD dwTemp;
BYTE bWin32Api[5];
bWin32Api[0] = 0x00;
//TextOut(GetDC(GetActiveWindow()),2,15,"here",20);
// 取得被攔截函數地址﹒
if(lpApiHook->lpWinApiProc == NULL)
{
lpApiHook->lpWinApiProc = (LPVOID)NHGetFuncAddress(lpApiHook->hInst, lpApiHook->lpszApiModuleName,lpApiHook->lpszApiName);
if (lpApiHook->dwApiOffset != 0)
lpApiHook->lpWinApiProc = (LPVOID)((DWORD)lpApiHook->lpWinApiProc + lpApiHook->dwApiOffset);
}
// 取得替代函數地址﹒
if(lpApiHook->lpHookApiProc == NULL)
{
lpApiHook->lpHookApiProc = (LPVOID)NHGetFuncAddress(lpApiHook->hInst,
lpApiHook->lpszHookApiModuleName,lpApiHook->lpszHookApiName);
}
// 形成 JMP 指令﹒
if (lpApiHook->HookApiFiveByte[0] == 0x00)
{
MakeJMPCode(lpApiHook->HookApiFiveByte, lpApiHook->lpHookApiProc);
}
if (!VirtualProtect(lpApiHook->lpWinApiProc, 16, PAGE_READWRITE,
&dwReserved))
{
MessageBox(NULL, "VirtualProtect-READWRITE", NULL, MB_OK);
return;
}
if (nSysMemStatus == HOOK_NEED_CHECK)
{
memcpy(lpApiHook->lpWinApiProc, (LPVOID)lpApiHook->HookApiFiveByte,BUFFERLEN);
}
else
{
if (lpApiHook->WinApiFiveByte[0] == 0x00) // 判斷是否已經攔截﹒
{
// 否﹒
// 備份 API 函數頭五個字節﹒
memcpy(lpApiHook->WinApiFiveByte,(LPVOID)lpApiHook->lpWinApiProc,BUFFERLEN);
// 判斷是否重複攔截﹒(即判斷備份的頭五個字節是否為形成的JMP指令)
if (strncmp((const char*)lpApiHook->WinApiFiveByte,
(const char*)lpApiHook->HookApiFiveByte, BUFFERLEN) == 0)
{
// 恢復備份的字節﹒
memcpy(lpApiHook->WinApiFiveByte,(LPVOID)lpApiHook->WinApiBakByte,BUFFERLEN);
}
}
else
{
// 是﹒
memcpy(bWin32Api,(LPVOID)lpApiHook->lpWinApiProc,BUFFERLEN);
}
if (strncmp((const char*)bWin32Api, (const char*)lpApiHook->HookApiFiveByte,
BUFFERLEN) != 0)
{
// 將 JMP 指定填入 API 函數的頭﹒
memcpy(lpApiHook->lpWinApiProc, (LPVOID)lpApiHook->HookApiFiveByte,BUFFERLEN);
}
}
if (!VirtualProtect(lpApiHook->lpWinApiProc, 16, dwReserved, &dwTemp))
{
MessageBox(NULL, "VirtualProtect-RESTORE", NULL, MB_OK);
return;
}
}
void RestoreWin32Api(LPAPIHOOKSTRUCT lpApiHook, int nSysMemStatus)
{
DWORD dwReserved;
DWORD dwTemp;
if (lpApiHook->lpWinApiProc == NULL)
return;
if (!VirtualProtect(lpApiHook->lpWinApiProc, 16, PAGE_READWRITE,
&dwReserved))
{
MessageBox(NULL, "VirtualProtect-READWRITE", NULL, MB_OK);
return;
}
memcpy(lpApiHook->lpWinApiProc,(LPVOID)lpApiHook->WinApiFiveByte,BUFFERLEN);
if (!VirtualProtect(lpApiHook->lpWinApiProc, 16, dwReserved, &dwTemp))
{
MessageBox(NULL, "VirtualProtect-RESTORE", NULL, MB_OK);
return;
}
}
版权声明:本文标题:改造的HookYou的代码,但是出现access violation 错误,不知如何是好,着急 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/xitong/1728852093a1176798.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论