zoukankan html css js c++ java

R3 HOOK OpenProcess 的问题

unit HookAPI;
//Download by http://www.codefans.net
interface

uses
   Windows, Classes;
function LocateFunctionAddress(Code: Pointer): Pointer;
function RepointFunction(OldFunc, NewFunc: Pointer): Integer;

type //定义一个入口结构
   PImage_Import_Entry = ^Image_Import_Entry;
   Image_Import_Entry = record
      Characteristics: DWORD;
      TimeDateStamp: DWORD;
      MajorVersion: Word;
      MinorVersion: Word;
      Name: DWORD;
      LookupTable: DWORD;
   end;

type //定义一个跳转的结构
   TImportCode = packed record
      JumpInstruction: Word; //定义跳转指令jmp
      AddressOfPointerToFunction: ^Pointer; //定义要跳转到的函数
   end;
   PImportCode = ^TImportCode;
implementation

function LocateFunctionAddress(Code: Pointer): Pointer;
var
   func: PImportCode;
begin
   Result := Code;
   if Code = nil then exit;
   try
      func := code;
      if (func.JumpInstruction = $25FF) then
      begin
         Result := func.AddressOfPointerToFunction^;
      end;
   except
      Result := nil;
   end;
end;

function RepointFunction(OldFunc, NewFunc: Pointer): Integer;
var
   IsDone: TList;
   function RepointAddrInModule(hModule: THandle; OldFunc, NewFunc: Pointer): Integer;
   var
      Dos: PImageDosHeader;
      NT: PImageNTHeaders;
      ImportDesc: PImage_Import_Entry;
      RVA: DWORD;
      Func: ^Pointer;
      DLL: string;
      f: Pointer;
      written: DWORD;
   begin
      Result := 0;
      Dos := Pointer(hModule);
      if IsDone.IndexOf(Dos) >= 0 then exit;
      IsDone.Add(Dos);

      OldFunc := LocateFunctionAddress(OldFunc);

      if IsBadReadPtr(Dos, SizeOf(TImageDosHeader)) then exit;
      if Dos.e_magic <> IMAGE_DOS_SIGNATURE then exit;
      NT := Pointer(Integer(Dos) + dos._lfanew);

      RVA := NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]
         .VirtualAddress;

      if RVA = 0 then exit;
      ImportDesc := pointer(integer(Dos) + RVA);
      while (ImportDesc^.Name <> 0) do
      begin
         DLL := PChar(Integer(Dos) + ImportDesc^.Name);
         RepointAddrInModule(GetModuleHandle(PChar(DLL)), OldFunc, NewFunc);
         Func := Pointer(Integer(DOS) + ImportDesc.LookupTable);
         while Func^ <> nil do
         begin
          f := LocateFunctionAddress(Func^);
          if f = OldFunc then
          begin
          WriteProcessMemory(GetCurrentProcess, Func, @NewFunc, 4, written);
          if Written > 0 then Inc(Result);
          end;
          Inc(Func);
         end;
         Inc(ImportDesc);
      end;
   end;

begin
   IsDone := TList.Create;
   try
      Result := RepointAddrInModule(GetModuleHandle(nil), OldFunc, NewFunc);
   finally
      IsDone.Free;
   end;
end;

进行OpenProcess时，单个程序HOOK时会正常，但同时运行两个一样的程序时，就会出问题，有没有更稳定的办法

可以看下AFXRootkit的代码.

http://code.google.com/p/delphi-hook-library/

http://bbs.2ccc.com/topic.asp?topicid=479563

http://bbs.2ccc.com/topic.asp?topicid=525150

查看全文

相关阅读:
Notes of the scrum meeting（12.7）
Notes of the scrum meeting（12.5）
事后分析报告（M1阶段）
锁屏软件发布说明
 Android 锁屏软件MemoryDebris测试报告
 锁屏软件功能介绍
 Notes of the scrum meeting(11/4)
Notes of the scrum meeting(11/3)
Notes of the scrum meeting(11/2)
SCRUM 12.17

原文地址：https://www.cnblogs.com/findumars/p/6294871.html