hook
来源:互联网 发布:洗澡时能不能带玉 知乎 编辑:程序博客网 时间:2024/04/28 06:36
// HookApiDll1.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include "detours.h"
#include "winsock2.h"
#include <windows.h>
#include "ShellAPI.h"
#include "stdio.h"
#include <string>
using namespace std;
#pragma comment(lib,"ws2_32.lib")
//static int (WINAPI * TrueSend)(SOCKET s, const char FAR *buf, int len, int flags) = send;
static BOOL (WINAPI * TrueCreateProcess)(LPCTSTR lpApplicationName,LPTSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCTSTR lpCurrentDirectory,LPSTARTUPINFO lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation) = CreateProcess;
static BOOL (WINAPI *TrueShellExecuteEx)(LPSHELLEXECUTEINFO lpExecInfo)=ShellExecuteEx;
static BOOL (WINAPI * TrueCreateProcessW)(LPCWSTR lpApplicationName,LPWSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCWSTR lpCurrentDirectory,LPSTARTUPINFOW lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)=CreateProcessW;
BOOL MyCreateProcess(const char * szFile)
{
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
memset(&pinfo, 0, sizeof(pinfo));
memset(&sinfo, 0, sizeof(sinfo));
sinfo.lpTitle = (char *)szFile;
sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESHOWWINDOW;
sinfo.wShowWindow = SW_SHOW;
if (TrueCreateProcess(NULL, (char *)szFile, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &sinfo, &pinfo) == TRUE)
{
CloseHandle(pinfo.hProcess);
CloseHandle(pinfo.hThread);
WaitForSingleObject(pinfo.hProcess,INFINITE);
return TRUE;
}
else
return FALSE;
}
BOOL MyCreateProcessW(WCHAR * szFile)
{
STARTUPINFOW si;
PROCESS_INFORMATION pi;
memset(&si, 0, sizeof(si));
memset(&pi, 0, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = 0;
si.wShowWindow=SW_SHOW;
if (TrueCreateProcessW(NULL, (WCHAR *)szFile, 0, 0, TRUE,CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,NULL, NULL, &si, &pi)==TRUE)
{
return TRUE;
}
else
return FALSE;
}
__declspec(dllexport) BOOL WINAPI NewCreateProcessW(LPCWSTR lpApplicationName,LPWSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCWSTR lpCurrentDirectory,LPSTARTUPINFOW lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
{
//char buf[MAX_PATH];
//::sprintf(buf, "setdll /d:HookApiDll1.dll %S", lpCommandLine);
//MessageBox(NULL,buf,"exeW",NULL);
// MyCreateProcess(buf);
//return TrueCreateProcessW(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles, dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation);
return DetourCreateProcessWithDllW(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,
dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation,
"detoured.dll" ,"HookApiDll1.dll",TrueCreateProcessW);
}
__declspec(dllexport) BOOL WINAPI NewCreateProcess(LPCTSTR lpApplicationName,LPTSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCTSTR lpCurrentDirectory,LPSTARTUPINFO lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
{
MessageBox(NULL,lpApplicationName,lpCommandLine,NULL);
char PathName[MAX_PATH]={0};
lstrcpy(PathName, lpCommandLine);
if(strlen(PathName)>=3)
{
char filetype[MAX_PATH];
::sprintf(filetype, "%s",PathName+strlen(PathName)-3);//文件名称最后三位 类型
// MessageBox(NULL,filetype,"filetype",NULL);
if(strcmp(filetype,"bat")==0)
{
char buf[MAX_PATH];
//::sprintf(buf, "cmd.exe /c %S", lpCommandLine);
::sprintf(buf, "setdll /d:HookApiDll.dll %s",lpCommandLine);
MessageBox(NULL,buf,"bat",NULL);
size_t aLen = strlen( buf ) + 1;
int wLen = MultiByteToWideChar(CP_ACP,0,buf,aLen,NULL,0);
LPWSTR lpw = new WCHAR [wLen];
MultiByteToWideChar(CP_ACP,0,buf,aLen,lpw,wLen);
MyCreateProcessW(lpw);
delete []lpw;
// return DetourCreateProcessWithDllA(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,
// bInheritHandles,dwCreationFlags, lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation,
// "detoured.dll","HookApiDll1.dll",TrueCreateProcess);
}
else
{
char buf[MAX_PATH];
::sprintf(buf, "setdll /d:HookApiDll.dll /"%s/"", lpCommandLine);
MessageBox(NULL,buf,"exeProcess",NULL);
MyCreateProcess(buf);
return TrueCreateProcess(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation);
}
}
}
__declspec(dllexport) BOOL (__stdcall NewShellExecuteEx)(LPSHELLEXECUTEINFO lpExecInfo)
{
MessageBox(NULL,GetCommandLine(),"shell",NULL);
MessageBox(NULL,lpExecInfo->lpFile,"shell",NULL);
char PathName[MAX_PATH]={0};
lstrcpy(PathName, lpExecInfo->lpFile);
if(strlen(PathName)>=3)
{
char filetype[MAX_PATH];
::sprintf(filetype, " %s ",PathName+strlen(PathName)-3);//文件名称最后三位 类型
// MessageBox(NULL,filetype,"filetype",NULL);
if(filetype=="bat")
{
//char buf[MAX_PATH];
// ::sprintf(buf, "setdll /d:HookApiDll1.dll %s", GetBatExe(lpExecInfo->lpFile));
// MessageBox(NULL,buf,"BatBuf",NULL);
MyCreateProcess(lpExecInfo->lpFile);
MessageBox(NULL,lpExecInfo->lpFile,"Bat",NULL);
}
else
{
char buf[MAX_PATH];
::sprintf(buf, "setdll /d:HookApiDll.dll /"%s/"", lpExecInfo->lpFile);
MessageBox(NULL,buf,"exeShell",NULL);
MyCreateProcess(buf);
}
}
return TrueShellExecuteEx(lpExecInfo);
}
BOOL APIENTRY DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
if (dwReason == DLL_PROCESS_ATTACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueCreateProcessW, NewCreateProcessW);
DetourAttach(&(PVOID&)TrueCreateProcess, NewCreateProcess);
DetourAttach(&(PVOID&)TrueShellExecuteEx, NewShellExecuteEx);
DetourTransactionCommit();
DetourRestoreAfterWith();
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)TrueCreateProcessW, NewCreateProcessW);
DetourDetach(&(PVOID&)TrueCreateProcess, NewCreateProcess);
DetourDetach(&(PVOID&)TrueShellExecuteEx, NewShellExecuteEx);
DetourTransactionCommit();
}
return TRUE;
}
//
#include "stdafx.h"
#include "detours.h"
#include "winsock2.h"
#include <windows.h>
#include "ShellAPI.h"
#include "stdio.h"
#include <string>
using namespace std;
#pragma comment(lib,"ws2_32.lib")
//static int (WINAPI * TrueSend)(SOCKET s, const char FAR *buf, int len, int flags) = send;
static BOOL (WINAPI * TrueCreateProcess)(LPCTSTR lpApplicationName,LPTSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCTSTR lpCurrentDirectory,LPSTARTUPINFO lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation) = CreateProcess;
static BOOL (WINAPI *TrueShellExecuteEx)(LPSHELLEXECUTEINFO lpExecInfo)=ShellExecuteEx;
static BOOL (WINAPI * TrueCreateProcessW)(LPCWSTR lpApplicationName,LPWSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCWSTR lpCurrentDirectory,LPSTARTUPINFOW lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)=CreateProcessW;
BOOL MyCreateProcess(const char * szFile)
{
PROCESS_INFORMATION pinfo;
STARTUPINFO sinfo;
memset(&pinfo, 0, sizeof(pinfo));
memset(&sinfo, 0, sizeof(sinfo));
sinfo.lpTitle = (char *)szFile;
sinfo.cb = sizeof(sinfo);
sinfo.dwFlags = STARTF_USESHOWWINDOW;
sinfo.wShowWindow = SW_SHOW;
if (TrueCreateProcess(NULL, (char *)szFile, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &sinfo, &pinfo) == TRUE)
{
CloseHandle(pinfo.hProcess);
CloseHandle(pinfo.hThread);
WaitForSingleObject(pinfo.hProcess,INFINITE);
return TRUE;
}
else
return FALSE;
}
BOOL MyCreateProcessW(WCHAR * szFile)
{
STARTUPINFOW si;
PROCESS_INFORMATION pi;
memset(&si, 0, sizeof(si));
memset(&pi, 0, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = 0;
si.wShowWindow=SW_SHOW;
if (TrueCreateProcessW(NULL, (WCHAR *)szFile, 0, 0, TRUE,CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,NULL, NULL, &si, &pi)==TRUE)
{
return TRUE;
}
else
return FALSE;
}
__declspec(dllexport) BOOL WINAPI NewCreateProcessW(LPCWSTR lpApplicationName,LPWSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCWSTR lpCurrentDirectory,LPSTARTUPINFOW lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
{
//char buf[MAX_PATH];
//::sprintf(buf, "setdll /d:HookApiDll1.dll %S", lpCommandLine);
//MessageBox(NULL,buf,"exeW",NULL);
// MyCreateProcess(buf);
//return TrueCreateProcessW(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles, dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation);
return DetourCreateProcessWithDllW(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,
dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation,
"detoured.dll" ,"HookApiDll1.dll",TrueCreateProcessW);
}
__declspec(dllexport) BOOL WINAPI NewCreateProcess(LPCTSTR lpApplicationName,LPTSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,LPCTSTR lpCurrentDirectory,LPSTARTUPINFO lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
{
MessageBox(NULL,lpApplicationName,lpCommandLine,NULL);
char PathName[MAX_PATH]={0};
lstrcpy(PathName, lpCommandLine);
if(strlen(PathName)>=3)
{
char filetype[MAX_PATH];
::sprintf(filetype, "%s",PathName+strlen(PathName)-3);//文件名称最后三位 类型
// MessageBox(NULL,filetype,"filetype",NULL);
if(strcmp(filetype,"bat")==0)
{
char buf[MAX_PATH];
//::sprintf(buf, "cmd.exe /c %S", lpCommandLine);
::sprintf(buf, "setdll /d:HookApiDll.dll %s",lpCommandLine);
MessageBox(NULL,buf,"bat",NULL);
size_t aLen = strlen( buf ) + 1;
int wLen = MultiByteToWideChar(CP_ACP,0,buf,aLen,NULL,0);
LPWSTR lpw = new WCHAR [wLen];
MultiByteToWideChar(CP_ACP,0,buf,aLen,lpw,wLen);
MyCreateProcessW(lpw);
delete []lpw;
// return DetourCreateProcessWithDllA(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,
// bInheritHandles,dwCreationFlags, lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation,
// "detoured.dll","HookApiDll1.dll",TrueCreateProcess);
}
else
{
char buf[MAX_PATH];
::sprintf(buf, "setdll /d:HookApiDll.dll /"%s/"", lpCommandLine);
MessageBox(NULL,buf,"exeProcess",NULL);
MyCreateProcess(buf);
return TrueCreateProcess(lpApplicationName,lpCommandLine,lpProcessAttributes,lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,lpCurrentDirectory,lpStartupInfo,lpProcessInformation);
}
}
}
__declspec(dllexport) BOOL (__stdcall NewShellExecuteEx)(LPSHELLEXECUTEINFO lpExecInfo)
{
MessageBox(NULL,GetCommandLine(),"shell",NULL);
MessageBox(NULL,lpExecInfo->lpFile,"shell",NULL);
char PathName[MAX_PATH]={0};
lstrcpy(PathName, lpExecInfo->lpFile);
if(strlen(PathName)>=3)
{
char filetype[MAX_PATH];
::sprintf(filetype, " %s ",PathName+strlen(PathName)-3);//文件名称最后三位 类型
// MessageBox(NULL,filetype,"filetype",NULL);
if(filetype=="bat")
{
//char buf[MAX_PATH];
// ::sprintf(buf, "setdll /d:HookApiDll1.dll %s", GetBatExe(lpExecInfo->lpFile));
// MessageBox(NULL,buf,"BatBuf",NULL);
MyCreateProcess(lpExecInfo->lpFile);
MessageBox(NULL,lpExecInfo->lpFile,"Bat",NULL);
}
else
{
char buf[MAX_PATH];
::sprintf(buf, "setdll /d:HookApiDll.dll /"%s/"", lpExecInfo->lpFile);
MessageBox(NULL,buf,"exeShell",NULL);
MyCreateProcess(buf);
}
}
return TrueShellExecuteEx(lpExecInfo);
}
BOOL APIENTRY DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
if (dwReason == DLL_PROCESS_ATTACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueCreateProcessW, NewCreateProcessW);
DetourAttach(&(PVOID&)TrueCreateProcess, NewCreateProcess);
DetourAttach(&(PVOID&)TrueShellExecuteEx, NewShellExecuteEx);
DetourTransactionCommit();
DetourRestoreAfterWith();
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)TrueCreateProcessW, NewCreateProcessW);
DetourDetach(&(PVOID&)TrueCreateProcess, NewCreateProcess);
DetourDetach(&(PVOID&)TrueShellExecuteEx, NewShellExecuteEx);
DetourTransactionCommit();
}
return TRUE;
}
- hook
- HOOK
- hook
- Hook
- Hook
- hook
- Hook
- Hook
- hook
- hook
- Hook
- Hook?
- hook
- hook
- hook
- hook
- HOOK
- HOOK
- C++0x 走马观花:译者的话
- Cisco Voice over IP (CVoice) (Authorized Self-Study Guide) (2nd Edition)
- C++0x 走马观花:开始
- 全国计算机三级考试PC技术考试大纲
- Hello World GWT
- hook
- 用aspnetpager实现datalist分页
- 程序员应具备的素质【转】
- C++0x 走马观花:目录
- 从JTAG接口对DSP外部Flash的编程方法
- 不知道这空间能不能放gg
- 关于sizeof
- C++0x 走马观花:待定标准可能的变化
- susan corner的程序和网站介绍。
