#include <windows.h>
#ifndef _HOOK_API_JMP_
#define _HOOK_API_JMP_
class CHookApi_Jmp
{
public:
HANDLE hProc;
void Unlock(void);
void Lock(void);
BOOL Initialize(LPCTSTR ModuleName, LPCSTR ApiName, FARPROC lpNewFunc);
void SetHookOn(void);
void SetHookOff(void);
CHookApi_Jmp(void);
virtual ~CHookApi_Jmp();
protected:
BYTE m_OldFunc[8];
BYTE m_NewFunc[8];
FARPROC m_lpHookFunc;
CRITICAL_SECTION m_cs;
};
#endif//---------------------------------------------------------------------------
#include "stdafx.h"
#include "ApiHookLib.h"
#pragma warning(disable: 4311)
//---------------------------------------------------------------------------
CHookApi_Jmp::CHookApi_Jmp(void)
{
InitializeCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
CHookApi_Jmp::~CHookApi_Jmp()
{
CloseHandle(hProc);
DeleteCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOn(void)
{
DWORD dwOldFlag;
if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag))
{
if(WriteProcessMemory(hProc,m_lpHookFunc,m_NewFunc,5,0))
{
if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))
return;
}
}
return;
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOff(void)
{
DWORD dwOldFlag;
if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag))
{
if(WriteProcessMemory(hProc,m_lpHookFunc,m_OldFunc,5,0))
{
if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))
return;
}
}
return;
}
//---------------------------------------------------------------------------
BOOL CHookApi_Jmp::Initialize(LPCTSTR ModuleName, LPCSTR ApiName, FARPROC lpNewFunc)
{
m_lpHookFunc = GetProcAddress(GetModuleHandle(ModuleName),ApiName);
hProc = GetCurrentProcess();
DWORD dwOldFlag;
if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag))
{
if(ReadProcessMemory(hProc,m_lpHookFunc,m_OldFunc,5,0))
{
if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))
{
m_NewFunc[0]=0xe9;
DWORD*pNewFuncAddress;
pNewFuncAddress=(DWORD*)&m_NewFunc[1];
*pNewFuncAddress=(DWORD)lpNewFunc-(DWORD)m_lpHookFunc-5;
return TRUE;
}
}
}
return FALSE;
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::Lock(void) //多线程下使用
{
EnterCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::Unlock(void)
{
LeaveCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
// HookApi.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include "ApiHookLib.h"
CHookApi_Jmp Hook;
int __stdcall HOOK_MessageBox( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption,UINT uType)
{
printf("HOOK_MessageBox Called!\r\n");
Hook.SetHookOff();
int iRet = MessageBox(hWnd,lpText,TEXT("hook到了!"),uType);
Hook.SetHookOn();
return iRet;
}
int _tmain(int argc, _TCHAR* argv[])
{
Hook.Initialize(TEXT("User32.dll"),"MessageBoxW",(FARPROC)HOOK_MessageBox);
Hook.SetHookOn();
MessageBox(NULL,TEXT("Hooked User32.dll MessageBoxW."),TEXT("SetHookOn"),MB_OK);
Hook.SetHookOff();
MessageBox(NULL,TEXT("UnHooked User32.dll MessageBoxW."),TEXT("SetHookOff"),MB_OK);
return getchar();
}
浙公网安备 33010602011771号