标签:
见过网上有很多ApiHook的类,但是都不尽入人意,要么就是写的不够好不够完善,要么就是跑不起来.
用别人写的代码总是有种不安心,所以自己就花了一晚上写了CApiHook类.现在还在编写和测试中,尽量确保自己写的类是非常完善的.
//编写和测试环境: Microsoft Visual Studio 2015 Enterprise RC
CApiHook.h
1 #pragma once 2 3 #ifndef CAPIHOOK_H 4 #define CAPIHOOK_H 5 6 #include <cstdio> 7 #include <windows.h> 8 9 using namespace std; 10 11 class CApiHook 12 { 13 public: 14 bool status; // the status of Hook 15 HMODULE hModule; // the dll moudle handle of original function 16 LPVOID lpOldFunAddr; // the address of original function 17 LPVOID lpNewFunAddr; // the address of Hook function 18 BYTE bOldByte[5]; // the raw data of the original address 19 BYTE bNewByte[5]; // the new data of the original address / the key jump statement of structure 20 21 CApiHook(); 22 bool Install(PSTR szModuleName, PSTR szFunName, FARPROC pFun); 23 24 }; 25 26 #endif // define CAPIHOOK_H
CApiHook.cpp
1 #include "CApiHook.h" 2 3 CApiHook::CApiHook() 4 { 5 memset(this, 0, sizeof(CApiHook)); 6 } 7 8 bool CApiHook::Install(PSTR szModuleName, PSTR szFunName, FARPROC pFun) 9 { 10 if (status == true) 11 return false; 12 13 hModule = GetModuleHandleA(szModuleName); 14 if (hModule == NULL) 15 { 16 hModule = LoadLibraryA(szModuleName); 17 if (hModule == NULL) 18 return false; 19 } 20 21 lpNewFunAddr = (LPVOID)pFun; 22 lpOldFunAddr = (LPVOID)GetProcAddress(hModule, szFunName); 23 if (lpOldFunAddr == NULL) 24 { 25 CloseHandle(hModule); 26 return false; 27 } 28 29 RtlMoveMemory(bOldByte, lpOldFunAddr, 5); 30 31 bNewByte[0] = 0xE9; 32 *((PDWORD)(&(bNewByte[1]))) = (DWORD)lpNewFunAddr - (DWORD)lpOldFunAddr - 5; 33 34 35 MEMORY_BASIC_INFORMATION mbi; 36 if (VirtualQueryEx(GetCurrentProcess(), lpOldFunAddr, &mbi, sizeof(mbi)) == 0) 37 { 38 CloseHandle(hModule); 39 return false; 40 } 41 42 DWORD dwOldProtect; 43 if (VirtualProtectEx(GetCurrentProcess(), mbi.BaseAddress, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) == 0) 44 { 45 CloseHandle(hModule); 46 return false; 47 } 48 49 DWORD dwWriteByte; 50 if (WriteProcessMemory(GetCurrentProcess(), (LPVOID)lpOldFunAddr, bNewByte, 5, &dwWriteByte) == 0) 51 { 52 CloseHandle(hModule); 53 return false; 54 } 55 56 if (VirtualProtectEx(GetCurrentProcess(), mbi.BaseAddress, 5, dwOldProtect, &dwOldProtect) == 0) 57 { 58 CloseHandle(hModule); 59 return false; 60 } 61 62 return true; 63 }
main.cpp // 测试
1 #include <cstdio> 2 #include <windows.h> 3 4 #include "CApiHook.h" 5 6 using namespace std; 7 8 CApiHook apihook; 9 10 typedef int (WINAPI* PFNMessageBoxA)(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType); 11 12 int WINAPI HookMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) 13 { 14 printf("here~!"); 15 16 return 0; 17 } 18 19 int main() 20 { 21 apihook.Install("User32.dll", "MessageBoxA", (FARPROC)HookMessageBoxA); 22 23 MessageBoxA(NULL, "Hello Me~", "", MB_OK | MB_ICONINFORMATION); 24 25 printf("HelloWorld!\n\n"); 26 27 system("pause"); 28 return 0; 29 }
标签:
原文地址:http://www.cnblogs.com/gwsbhqt/p/4612233.html
