hook NtUserCreateWindowEx
来源:互联网 发布:中国对外工程承包数据 编辑:程序博客网 时间:2024/06/05 11:21
1. 附加个有窗口的进程(确保会加载 user32.dll), 一开始还以为这个函数在 ntdll.dll 中
2. 查找函数地址
0:012> x user32!NtUserCreateWindowEx
758aa948 USER32!NtUserCreateWindowEx = <no type information>
0:012> uf 758aa948
USER32!NtUserCreateWindowEx:
758aa948 b876100000 mov eax,1076h
758aa94d b900000000 mov ecx,0
758aa952 8d542404 lea edx,[esp+4]
758aa956 64ff15c0000000 call dword ptr fs:[0C0h]
758aa95d 83c404 add esp,4
758aa960 c23c00 ret 3Ch
3. 看能不能按以前修改首部5字节跳转。。。
引用 http://bbs.csdn.net/topics/360133376 里 aiwnx的分析
CreateWindowExW -> _CreateWindowEx -> VerNtUserCreateWindowEx -> (kernel: 0x157:NtUserCreateWindowEx)
CreateWindowExA -> _CreateWindowEx -> VerNtUserCreateWindowEx -> (kernel: 0x157:NtUserCreateWindowEx)
DialogBoxParam -> DialogBoxIndirectParamAorW -> InternalDialogBox -> InternalCreateDialog -> VerNtUserCreateWindowEx -> (kernel: 0x157:NtUserCreateWindowEx)
CreateDialogParam -> CreateDialogIndirectParamAorW -> InternalCreateDialog -> VerNtUserCreateWindowEx -> (kernel: 0x157:NtUserCreateWindowEx)
函数原型:
NtUserCreateWindowEx(DWORD dwExStyle,PUNICODE_STRING UnsafeClassName,PUNICODE_STRING UnsafeWindowName,DWORD dwUnknown1,DWORD dwStyle,LONG x, LONG y,LONG nWidth, LONG nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE hInstance,LPVOID lpParam,DWORD dwShowMode,DWORD dwUnknown2)
- hook NtUserCreateWindowEx
- hook
- HOOK
- hook
- Hook
- Hook
- hook
- Hook
- Hook
- hook
- hook
- Hook
- Hook?
- hook
- hook
- hook
- hook
- HOOK
- MVC已过时,MOVE时代来临?
- 60个开发者不容错过的免费资源库
- opensuse 安装firefox的flash插件
- 如何使用Valgrind memcheck工具进行C/C++的内存泄漏检测
- eclipse下导入android源码并调试Android原生应用程序
- hook NtUserCreateWindowEx
- 如何解决双击打开文件缓慢问题
- eclipse导入的Android项目没有android的.jar包并报错
- InstallShield Setup.rul 简单示例
- Cocos2d-x 屏幕适配
- C#连接sql server2005数据库
- WINDOWS.H already included. MFC apps must not #include
- Linux定时器的使用
- android调用系统相机实现拍照功能