zoukankan      html  css  js  c++  java

  • IATHook

    IATHookClass.h

     1 #pragma once
 2 
 3 #include <Windows.h>
 4 
 5 class IATHookClass
 6 {
 7 private:
 8     DWORD oldAddr;
 9     DWORD newAddr;
10 
11 public:
12     BOOL Hook(char *apiName, DWORD callfunc);
13     BOOL UnHook(void);
14 };

    IATHookClass.cpp

     1 #include "IATHookClass.h"
 2 
 3 BOOL IATHookClass::Hook(char *apiName, DWORD callfunc)
 4 {
 5     BOOL bOk = FALSE;
 6     HMODULE hMod = GetModuleHandle(NULL);
 7     IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
 8     IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + 24);
 9     IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[1].VirtualAddress);
10 
11     while (pImportDesc->FirstThunk)
12     {
13         char *pszDllName = (char *)((BYTE *)hMod + pImportDesc->Name);
14         IMAGE_THUNK_DATA *pThunk = (IMAGE_THUNK_DATA *)((BYTE *)hMod + pImportDesc->FirstThunk);
15         IMAGE_THUNK_DATA *pThunkDesc = (IMAGE_THUNK_DATA *)((BYTE *)hMod + pImportDesc->OriginalFirstThunk);
16 
17         while (pThunkDesc->u1.Function)
18         {
19             if (!lstrcmpi(apiName, (char *)((BYTE *)hMod + (DWORD)pThunkDesc->u1.AddressOfData + 2)))
20             {
21                 IATHookClass::oldAddr = pThunk->u1.Function;
22                 IATHookClass::newAddr = (DWORD)callfunc;
23                 DWORD dwOldProtect = 0;
24 
25                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
26                 bOk = (pThunk->u1.Function = callfunc) ? TRUE : FALSE;
27                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, dwOldProtect, &dwOldProtect);
28                 CloseHandle(hMod);
29                 return bOk;
30             }
31             pThunk++;
32             pThunkDesc++;
33         }
34         pImportDesc++;
35     }
36     CloseHandle(hMod);
37     return bOk;
38 }
39 
40 BOOL IATHookClass::UnHook(void)
41 {
42     BOOL bOk = FALSE;
43     HMODULE hMod = GetModuleHandle(NULL);
44     IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
45     IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + 24);
46     IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[1].VirtualAddress);
47 
48     while (pImportDesc->FirstThunk)
49     {
50         char *pszDllName = (char *)((BYTE *)hMod + pImportDesc->Name);
51         IMAGE_THUNK_DATA *pThunk = (IMAGE_THUNK_DATA *)((BYTE *)hMod + pImportDesc->FirstThunk);
52         while (pThunk->u1.Function)
53         {
54             if (IATHookClass::newAddr == pThunk->u1.Function)
55             {
56                 DWORD dwOldProtect = 0;
57                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
58                 bOk = (pThunk->u1.Function = IATHookClass::oldAddr) ? TRUE : FALSE;
59                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, dwOldProtect, &dwOldProtect);
60                 CloseHandle(hMod);
61                 if (bOk)
62                 {
63                     IATHookClass::newAddr = 0;
64                     IATHookClass::oldAddr = 0;
65                 }
66                 return bOk;
67             }
68         }
69     }
70     CloseHandle(hMod);
71     return bOk;
72 }
  • 相关阅读:
    Python实现破解wifi密码8位(纯数字、数字与字母),并且记录破解开始和结束的时间
    WAPI相关了解及观点
    192.gulp-concat插件合并多个文件
    191.gulp处理JavaScript文件的任务
    190.gulp给文件重命名
    189.gulp创建处理css文件任务
    语句:{% url menu.url_name %}的作用
    Django2.0中的urlpattern匹配不输入任何网址时的写法
    python之函数递归
    python之全局变量与局部变量
  • 原文地址:https://www.cnblogs.com/biaoge140/p/8734239.html
Copyright © 2011-2022 走看看