HOOKAPI--初步
来源:互联网 发布:java if语句 编辑:程序博客网 时间:2024/06/05 08:19
library hookapi;
uses
Windows, Classes, Controls, Forms,StdCtrls;
{$R *.res}
var
hProcess: THandle;
pFnMsgBox: DWord;
dwOld: DWord;
jmp: array[1..5] of Byte;
enter: array[1..5] of Byte;
function MessageBoxProxy(hWnd: THandle; lpText: PAnsichar; lpcStr: PAnsichar; uType: Word): Integer; stdcall;
begin
CopyMemory(Pointer(pFnMsgBox), @enter, 5); //恢复入口指令
FlushInstructionCache(hWnd, Pointer(pFnMsgBox), 5);
lptext:='嘿嘿,代理函数哦';
Result := MessageBox(hWnd, lpText, lpcStr, uType); //调用原函数
CopyMemory(Pointer(pFnMsgBox), @jmp, 5); //写入跳转指令
FlushInstructionCache(hProcess,Pointer(pFnMsgBox),5);
end;
procedure RemoveHook;
var
dwTemp: DWord;
begin
CopyMemory(Pointer(pFnMsgBox), @enter, 5);
FlushInstructionCache(hProcess, Pointer(pFnMsgBox), 5);
VirtualProtect(Pointer(pFnMsgBox), 5, dwOld, @dwTemp);
end;
procedure SetupHook;
begin
pFnMsgBox := DWord(GetProcAddress(GetModuleHandle(Pchar('user32.dll')),PChar('MessageBoxA')));
ZeroMemory(pChar(@enter),sizeof(enter));
CopyMemory(@enter, Pointer(pfnMsgBox), 5); //保存入口指令
ZeroMemory(pChar(@jmp),sizeof(jmp));
jmp[1]:= $E9;
PInteger(@jmp[2])^ := (Integer(@MessageBoxProxy)-(Integer(pFnMsgBox)+5));
VirtualProtect(Pointer(pFnMsgBox), 5, PAGE_EXECUTE_READWRITE,@dwOld);
CopyMemory(Pointer(pFnMsgBox), @jmp, 5);
end;
function DLLEnterPoint(dwReason:dword):Pointer;stdcall;
begin
result:=nil;
if dwReason=DLL_PROCESS_ATTACH then begin //进程进入时
SetupHook;
end;
if dwReason=DLL_PROCESS_DETACH then begin //进程退出时
RemoveHook;
end;
if dwReason=dLL_THREAD_ATTACH then begin //线程进入时
SetupHook;
end;
if dwReason=DLL_THREAD_DETACH then begin //线程退出时
RemoveHook;
end;
end;
exports
setuphook,removehook;
begin
DLLProc := @DLLEnterPoint;
DllEnterPoint(DLL_PROCESS_ATTACH);
end.
以上部分为DLL 主体,以下为测试部分
procedure TForm1.Button1Click(Sender: TObject);
begin
LoadLibrary('e:/delphi hook api/hookapi.dll');
MessageBox(0,0,0,0);
end;
- HOOKAPI--初步
- HookAPI函数
- C#hookapi
- HookAPI函数
- HookAPI通信
- HookAPI source code
- HookAPI 之 ExitWindowsEX
- PB HOOKAPI函数
- 外挂框架开发(1)HOOKAPI
- HOOKAPI之修改IAT法则
- 简单的hookapi C语言版
- Windows 7 64位 HookApi例子
- 初步
- 首发:变态VB之HookAPI(陈辉作品)
- 自己写的一个HOOKAPI的汇编例子
- 另一个HookAPI 源码,来自EurekaLog for Delphi中的EHook.pas
- 自己写的一个HOOKAPI的汇编例子
- 首次使用HOOKAPI暴力破解SQLITE3加密的数据库
- TreeView控件实现选中父节点时全选子节点
- Building Your Own Plugin Framework
- OCP认证考试指南(3):创建Oracle数据库(1)
- TreeView树形菜单
- java多线程:No enclosing instance of type ProducerConsumer is accessible. Must qualify the allocation with an enclosing instance o
- HOOKAPI--初步
- 获取 GridView 编辑状态下单元格里的值
- 你不懂
- Wpf资源目录相关例子
- 关于对象的转型01的运用
- 成功心态和信念
- dom4j xpath 操作 xml 乱码
- 页面刷新的问题
- ubuntu引导与XP引导修复