标题:[求助]关于API HOOK的问题,在线等~~~~~
只看楼主
xlin1033xl
Rank: 3Rank: 3
等 级:论坛游侠
帖 子:160
专家分:129
注 册:2007-6-24
结帖率:100%
 问题点数:0 回复次数:0 
[求助]关于API HOOK的问题,在线等~~~~~
我写了一个APIHOOK的DLL,利用远程注入
hook Messagebox能成功,但hook sendto或send函数,咋就不成功呢?
高手帮我看看,小弟谢谢了原代码如下:

//////////////////////////////////////////////////////////
// ULHook.h
#pragma once

class CULHook
{
public:
    CULHook(LPCTSTR pszModName,LPCSTR pszFuncName, PROC pfnHook);
   ~CULHook();
    void UnHook();
    void SetHook();

protected:
    LPCTSTR m_pszModName;
    LPCSTR m_pszFuncName;
    PROC m_pfnOrigAddr;         // 目标API函数的地址
    PROC m_pfnNewAdrr;          // 目标API函数的地址
    DWORD AsmCode[2];
    BOOL m_isHook;
    DWORD m_ProcessId;
    PROC GetOrigAddr();

};


///////////////////////////////////////////
// ULHook.cpp文件

#include "stdafx.h"
#include "ULHook.h"
#include "ShareMemory.h"
#include <stdio.h>

CULHook::CULHook(LPCTSTR pszModName,LPCSTR pszFuncName, PROC pfnHook)
{   
    m_pszModName=pszModName;
    m_pszFuncName=pszFuncName;
    m_isHook=FALSE;
    m_pfnOrigAddr=GetOrigAddr();// 目标API函数的地址
    m_pfnNewAdrr=pfnHook;          // MyFun函数的地址

    CShareMemory *sm= new CShareMemory(TEXT("INFO"), sizeof(DWORD), FALSE);
    LPVOID buf=sm->GetBuffer();
    LPVOID pData=&m_ProcessId;
    memcpy(pData, buf, sizeof(DWORD));

    SetHook();
}

CULHook::~CULHook()
{   
    if(m_isHook)UnHook();
}

PROC  CULHook::GetOrigAddr()
{   
    //已经加载,无需加载     
    PROC pfnOrigAddr=NULL;
    HMODULE hModule =GetModuleHandle(m_pszModName);
    if(hModule)
    {  
        // 目标API函数的地址
        ::MessageBox(NULL,TEXT("测试"),TEXT("信息"),NULL);
        pfnOrigAddr=GetProcAddress(hModule, m_pszFuncName);
    }
    return pfnOrigAddr;
}

void CULHook::SetHook()
{

    // 修改原API函数执行代码的前8个字节,使它跳向我们的函数
    if(m_pfnOrigAddr && m_pfnNewAdrr && !m_isHook)
    {

        //产生新执行代码
        BYTE btNewBytes[8]={0x0B8, 0x0, 0x0, 0x40, 0x0, 0x0FF, 0x0E0, 0 }; // mov eax,addr  jmp eax
        *(DWORD *)(btNewBytes + 1) = (DWORD)m_pfnNewAdrr;

        //获取内存映射
        MEMORY_BASIC_INFORMATION    mbi;
        ::VirtualQuery(m_pfnOrigAddr, &mbi, sizeof(mbi) );

        //取消内存保护
        DWORD dwOldProtect;
        ::VirtualProtect(AsmCode, sizeof(DWORD)*2, PAGE_READWRITE, &dwOldProtect);

        //保存原来的执行代码
        SIZE_T dwSize;
        HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, m_ProcessId);  
        if(hProcess)
        {
            ::ReadProcessMemory(hProcess, (void *)m_pfnOrigAddr,AsmCode, sizeof(AsmCode), &dwSize);

            //修改执行代码
            ::WriteProcessMemory(hProcess,(void *)m_pfnOrigAddr,btNewBytes,sizeof(btNewBytes), &dwSize);
             CloseHandle(hProcess);
        }

        //内存保护还原
        ::VirtualProtect(m_pfnOrigAddr, sizeof(DWORD)*2, mbi.Protect, 0);

        m_isHook=TRUE;
        
    }

    return;
}

void CULHook::UnHook()
{
    if(m_pfnOrigAddr  && m_isHook)
    {

        //获取内存映射
        MEMORY_BASIC_INFORMATION    mbi;
        ::VirtualQuery(m_pfnOrigAddr, &mbi, sizeof(mbi) );

        //取消内存保护
        DWORD dwOldProtect;
        ::VirtualProtect(AsmCode, sizeof(DWORD)*2, PAGE_READWRITE, &dwOldProtect);


        //修改执行代码
        SIZE_T dwSize;
        HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, m_ProcessId);  
        if(hProcess)
        {
            ::WriteProcessMemory(hProcess,(void *)m_pfnOrigAddr,AsmCode,sizeof(AsmCode), &dwSize);
             CloseHandle(hProcess);
        }

        //内存保护还原
        ::VirtualProtect(m_pfnOrigAddr, sizeof(DWORD)*2, mbi.Protect, 0);

        m_isHook=FALSE;
    }

    return;
}

// injert.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include "injert.h"
#include "ULHook.h"
#include <stdio.h>

#pragma comment(lib, "WS2_32")

#ifdef _MANAGED
#pragma managed(push, off)
#endif

//// 共享数据区
//#pragma data_seg(TEXT(".MyData")
//BOOL g_Hook = FALSE;    
//#pragma data_seg()
//
//#pragma comment(linker,"/section:.MyData,RWS");

//CULHook g_send(TEXT("Ws2_32.dll"),"send", (PROC)hook_send);
CULHook g_sendto(TEXT("Ws2_32.dll"), "sendto", (PROC)hook_sendto);
//CULHook g_Msg(TEXT("user32.dll"),"MessageBoxW", (PROC)MyMessageBox);

BOOL APIENTRY DllMain( HMODULE hModule,
                      DWORD  ul_reason_for_call,
                      LPVOID lpReserved
                      )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        Initialize();
        
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

void Initialize()
{   
    HANDLE hFile=CreateFile(TEXT("D://HookData.txt"), // 要打开的文件名
        GENERIC_WRITE,          // open for writing
        0,                      // do not share
        NULL,                   // default security
        CREATE_ALWAYS,            // Create it,if not existing
        FILE_ATTRIBUTE_NORMAL | // normal file
        FILE_FLAG_OVERLAPPED,   // asynchronous I/O
        NULL);                  // no attr. template
    CloseHandle(hFile);
    return ;
}

//int WINAPI hook_send(SOCKET s, const char FAR *buf, int len, int flags)
//{
//    //记录数据或者修改参数
//
//    //对文件进行写操作
//    FILE *fp;
//    errno_t err;
//
//    char a[]="aasdsdf";
//    err= fopen_s( &fp, "D:\\HookData.txt", "w");
//    if(0==err)
//    {
//        fprintf(fp,"%s\n",a);
//    }
//    fclose(fp);
//
//    //调用原函数
//    g_send.UnHook();
//    int nRet=::send(s,buf,len,flags);
//    g_send.SetHook();
//    return nRet;
//}

int WINAPI hook_sendto(SOCKET s, const char* buf,int len, int flags, const struct sockaddr* to, int tolen)
{
    //记录数据或者修改参数
    ::MessageBox(NULL,TEXT("测试"),TEXT("信息"),NULL);
    //对文件进行写操作
    FILE *fp;
    errno_t err;

    char a[]="aasdsdf";
    err= fopen_s( &fp, "D:\\HookData.txt", "w");
    if(0==err)
    {
        fprintf(fp,"%s\n",a);
    }
    fclose(fp);

    // 调用原来的函数,发送数据
    g_sendto.UnHook();
    int nRet = ::sendto(s, buf, len, flags, to, tolen);
    g_sendto.SetHook();
    return nRet;
}

//int WINAPI MyMessageBox(HWND hWnd,
//    LPCTSTR lpText,
//    LPCTSTR lpCaption,
//    UINT uType)
//{
//
//    g_Msg.UnHook();
//    int nRet=::MessageBoxW(hWnd,lpText,TEXT("APIHOOK"),uType);
//    g_Msg.SetHook();
//
//    return nRet;
//}

#ifdef _MANAGED
#pragma managed(pop)
#endif

[[it] 本帖最后由 xlin1033xl 于 2008-10-12 20:40 编辑 [/it]]
搜索更多相关主题的帖子: HOOK API 
2008-10-12 20:34



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-237851-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.144802 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved