封装的一些windows进程相关的库

my_pro.h


/************************************************
	MY_PRO.H 	文件注释
	文件名:MY_PRO.H
	作者:czl
	创建时间:2021/3/31 21:22 
*************************************************/
#ifndef FINDID_H_INCLUDED
#define FINDID_H_INCLUDED
/**
    在window7 32位  gcc 4.7.1  编译运行通过
**/
#include <stdio.h>
#include "windows.h"
#include "tlhelp32.h"
#include <tchar.h>
#include <shlobj.h>
/**
    函数名称: 找到进程id
    功能描述:通过文件名找到进程id,找不到则返回0
    参数: char * filename
    返回值: int
**/
int findProcessID(WCHAR * filename)
{

    HANDLE snap = NULL;
    snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    PROCESSENTRY32 first;
    first.dwSize=sizeof(PROCESSENTRY32);
    BOOL flag=FALSE;
    BOOL findFlag = FALSE;
    flag = Process32First(snap,&first);
    for(; flag; flag =Process32Next(snap,&first))
    {
        if(!wcscmp(first.szExeFile,filename))
        {
            findFlag = TRUE;
            break;
        }
    }
    if(findFlag==TRUE)
    {
        return (int)first.th32ProcessID;
    }
    return 0;
}
/**
    函数名称: 找到进程id
    功能描述:通过窗口名打开获取进程id
    参数: char * filename
    返回值: int 失败则返回0
**/
int findProcessIDByWindowName(WCHAR * filename)
{
    HWND hWnd;
    DWORD pid;
    hWnd = FindWindow(NULL,filename);
    if(!hWnd)
    {
        return 0;
    }
    GetWindowThreadProcessId(hWnd, &pid);
    return pid;
}
///**
//    函数名称: 运行CMD
//    功能描述:通过cmd字符串运行CMD
//    参数: char * CMD
//    返回值: BOOL
//**/
//BOOL runCMD(char * CMD)
//{
//    STARTUPINFO si = {0,};
//    PROCESS_INFORMATION pi = {0,};
//    si.cb = sizeof(STARTUPINFO);
//    si.dwFlags = STARTF_USESHOWWINDOW;
//    si.wShowWindow = SW_SHOW;//取值为SW_SHOW则表示正常执行,若为SW_HIDE则表示后台运行
//    if(!CreateProcess(NULL,CMD,NULL,NULL,FALSE,NORMAL_PRIORITY_CLASS,NULL,NULL,&si,&pi)){
//        return FALSE;
//    }
//    return TRUE;
//}


/**
    名称:获得模块句柄
    功能:通过进程号与模块名获取模块句柄
    参数:DWORD pid,char * moduleName
    返回值:HANDLE  成功返回句柄,失败返回0
**/
HANDLE getModuleHandlebyName(DWORD pid,WCHAR * moduleName)
{
    HANDLE dllMessage;
    dllMessage = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);

    BOOL findFlag = FALSE;
    /**
        LPMODULEENTRY32 是 MODULEENTRY32的指针
        MODULEENTRY32的dwSize必须要赋值 sizeof(MODULEENTRY32)
    */
    MODULEENTRY32 first;
    first.dwSize = sizeof(MODULEENTRY32);
    BOOL flag=FALSE;
    flag = Module32First(dllMessage,&first);
    for(; flag; flag = Module32Next(dllMessage,&first))
    {
        if(!wcscmp(first.szModule,moduleName) || !wcscmp(first.szExePath,moduleName))
        {
            findFlag = TRUE;
            break;
        }
    }
    if(findFlag==TRUE){
        return first.modBaseAddr;
    }
    else{
        return 0;
    }
}
///***
//    名称:设置最高权限
//    功能:将进程的权限提升到系统级别
//    返回值: BOOL TRUE 成功   FALSE 失败
//*/
//BOOL setDebugPrivilege(){
//    TOKEN_PRIVILEGES tkp;
//    HANDLE hToken;
//    if (!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken))
//    {
//      //  MessageBox(NULL,"OpenProcessToken failed!","",MB_OK); //获得进程句柄失败
//         return FALSE;
//    }
//    if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&tkp.Privileges[0].Luid))
//    {
//
//       // MessageBox(NULL,"LookupPrivilegeValue","",MB_OK); //获得进程句柄失败
//         return FALSE;
//    }
//    tkp.PrivilegeCount = 1;
//    tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
//    if(!AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,NULL, 0))
//    {
//        //MessageBox(NULL,"AdjustTokenPrivileges enable failed!","",MB_OK);  //修改权限失败
//        return FALSE;
//    }
//    return TRUE;
//}
/**
	函数名称:通过进程号找到窗口句柄
参数:
**/
	HWND g_windowHandle = 0;
BOOL WINAPI windowProc(HWND hwnd,LPARAM lparam){
	DWORD pid = 0;
	GetWindowThreadProcessId(hwnd,&pid);
	if((DWORD)lparam == pid){
		g_windowHandle = hwnd;
		return FALSE;
	}
	return TRUE;
}
HWND findwindowByPid(DWORD pid){
	EnumWindows(windowProc,pid);
	return g_windowHandle;
}
///**
//    名称:发送信息给窗口
//    功能:通过窗口句柄把信息发送给目标窗口
//    参数:HWND hWindow,char * message
//    返回值: BOOL
//**/
//BOOL sendMessageToWindow(HWND hWindow,char * message)
//{   DROPFILES * pDrop;
//     DWORD size = sizeof(DROPFILES) + strlen(message)+1;
//    HGLOBAL hGlo = GlobalAlloc(GMEM_ZEROINIT,size);
//    LPVOID pBuf = GlobalLock(hGlo);
////    DROPFILE dropf = {0,};
////    dropf.drop.pFiles = sizeof(DROPFILES);
////    strcpy(dropf.msg,message);
//    pDrop = (DROPFILES *)pBuf;
//    pDrop->pFiles = sizeof(DROPFILES);
//    strcpy((pBuf+sizeof(DROPFILES)),message);
//    GlobalUnlock(hGlo);
//    return PostMessage(hWindow,WM_DROPFILES,(WPARAM)pBuf,0);
//}
#endif // FINDID_H_INCLUDED

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
//EnumWindows设置的回调函数,系统每发现一个窗口都会调用该回调函数
//HWND是窗口句柄类型
//第一个参数返回的是当前窗口句柄,第二个参数类型可以自己定,我传入的是目标进程id
{
	DWORD CurrentWindowProcessId; //当前窗口进程id
	DWORD CurrentWindowThreadId; //当前窗口线程id

	CurrentWindowThreadId = GetWindowThreadProcessId(hwnd, &CurrentWindowProcessId);
	//GetWindowThreadProcessId()可以通过窗口句柄,获取该窗口的所在的进程及线程
	//第一个参数是输入参数,输入目标窗口句柄
	//第二个参数是输出参数,类型是LPDWORD,及指向DWORD的指针,所以要取地址,函数执行成功后CurrentWindowProcessId值就是返回的当前窗口进程id
	//返回值是值传递的,DWORD类型,直接赋值给DWORD类型就行了,值是当前窗口线程id
	if (CurrentWindowProcessId == lParam) {
		//如果当前窗口进程id等于目标进程的进程id
		//则得到的当前窗口线程id就是目标窗口线程id
		threadID = CurrentWindowThreadId;
		//得到了线程id后就可以注入了
		return false; //当找到后就返回false,这样才会终止遍历
	}

	return true; //不是当前窗口,返回true,继续遍历
}
DWORD getTheadIDByProcessID(DWORD processID) {
	EnumWindows(EnumWindowsProc, processID);
	return threadID;
}

process_plus.h

/************************************************
	PROCESS_PLUS.H 	文件注释
	文件名:PROCESS_PLUS.H
	作者:czl
	创建时间:2021/3/31 21:19 
*************************************************/

#include "my_pro.h"
#include <io.h>


BOOL isVistaOrLater(){
	OSVERSIONINFO osVersion;
	ZeroMemory(&osVersion,sizeof(OSVERSIONINFO));
	osVersion.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
	GetVersionEx(&osVersion);
	if(osVersion.dwMajorVersion==6)
		return TRUE;
	else
		return FALSE;
}
/**
	功能:通过进程名称找到进程句柄
    getHANDLEFromName(char* processName)
*/
HANDLE getHANDLEFromName(TCHAR* processName){

    DWORD pid = findProcessID(processName);

    if(!pid){
        //printf("calc.exe not open!\n");
        return 0;
    }
    else{
        //printf("get calc pid successful\n");
    }
    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);
    if(!hProcess){
      //  printf("get Process Handle failed!\n");
        return 0;
    }
    else{
       // printf("get Process Handle successful!\n");
    }
    return hProcess;
}

/**	 
	 名称:  writeStringToObjectProcess
	 功能: 向目标进程空间写入字符串
	 参数:HANDLE hProcess	被写入字符串的进程句柄	 TCHAR * dllName  写入的字符串	注意:是宽字符
	 返回值:PVOID 写入的地址(目标进程的地址)
**/
PVOID writeStringToObjectProcess(HANDLE hProcess,TCHAR * dllName){
	
	int dllNameSize = wcslen(dllName)*2;
    PVOID pBuf = VirtualAllocEx(hProcess,NULL,dllNameSize+1,MEM_COMMIT,PAGE_READWRITE);
 
	if(!pBuf)
    {
        return 0;
    }
    BOOL flag = WriteProcessMemory(hProcess,pBuf, dllName, dllNameSize+2, NULL);
    if(!flag){
        return 0;
    }
  //  printf("write to %X\n",(int)pBuf);
    return pBuf;
}

/**	 
	 名称:getAPIAddress
	 功能: 根据模块名称和函数名称获取函数地址
	 参数: TCHAR * moduleName  模块名称		TCHAR * funcName  函数名称
	 返回值:return 1 represent moduleName is wrong
			 return 0 represent funcName is wrong
**/
FARPROC getAPIAddress(TCHAR * moduleName,TCHAR * wFuncName){
	char funcName[MAX_PATH] = {0,};


	WideCharToMultiByte(CP_ACP, NULL,(LPCWSTR)wFuncName,-1,funcName,MAX_PATH,0,0);


	HMODULE hKer;
	hKer = GetModuleHandle(moduleName);
	if(!hKer)
		return (FARPROC)-1;
	return GetProcAddress(hKer,funcName);
}
/**	 
	 名称:getAPIAddress
	 功能: 根据模块名称和函数名称获取函数地址
	 参数: TCHAR * moduleName  模块名称		CHAR * wFuncName  函数名称
	 返回值:return 1 represent moduleName is wrong
			 return 0 represent funcName is wrong
**/
FARPROC getAPIAddress(TCHAR * moduleName,CHAR * wFuncName){
	/*char funcName[MAX_PATH] = {0,};

		
	WideCharToMultiByte(CP_ACP, NULL,(LPCWSTR)wFuncName,-1,funcName,MAX_PATH,0,0);
*/
	
	HMODULE hKer;
	hKer = GetModuleHandle(moduleName);
	if(!hKer)
		return (FARPROC)-1;
	return GetProcAddress(hKer,wFuncName);
}
FARPROC getAPIAddress(CHAR * moduleName,CHAR * wFuncName){
	/*char funcName[MAX_PATH] = {0,};

		
	WideCharToMultiByte(CP_ACP, NULL,(LPCWSTR)wFuncName,-1,funcName,MAX_PATH,0,0);
*/
	
	HMODULE hKer;
	hKer = GetModuleHandleA(moduleName);
	if(!hKer)
		return (FARPROC)-1;
	return GetProcAddress(hKer,wFuncName);
}
//检查字符串是否为文件
BOOL isFile(TCHAR * wDllName){
	char  dllName[MAX_PATH] = {0,}; 
	WideCharToMultiByte(CP_ACP, NULL,wDllName,-1,dllName,MAX_PATH,0,0);
	if (!_access(dllName,0))
	{
		char * typeOfFile = strrchr(dllName,'.');
		
			if (typeOfFile&&!strcmp(typeOfFile,".dll"))
			{
				return TRUE;
			}
			;
	}
	return FALSE;
}
typedef DWORD (WINAPI  *PFNTCREATETHREADEX)  
	(   
	PHANDLE                 ThreadHandle,     
	ACCESS_MASK             DesiredAccess,    
	LPVOID                  ObjectAttributes,     
	HANDLE                  ProcessHandle,    
	LPTHREAD_START_ROUTINE  lpStartAddress,   
	LPVOID                  lpParameter,      
	BOOL                    CreateSuspended,      
	DWORD                   dwStackSize,      
	DWORD
	dw1,   
	DWORD                   dw2,   
	LPVOID                  Unknown   
	); 

BOOL MyCreateRemoteThread(HANDLE hProcess,LPTHREAD_START_ROUTINE pThreadPorc,PVOID pRemoteBuf){
	PFNTCREATETHREADEX ntCreateThreadEx;
	HANDLE hThread;
	if (isVistaOrLater()==TRUE) //如果内核版本为6以上则采用NtCreateThreadEx创建远程线程
	{	
		ntCreateThreadEx = (PFNTCREATETHREADEX)getAPIAddress((char *)"ntdll.dll",(char *)"NtCreateThreadEx"); //获取NtCreateThreadEx的地址
		if (!ntCreateThreadEx)
		{
			char bugBuf[MAX_PATH];
			char * errorMsg= (char*)"NtCreateThreadEx函数获取失败  可能是没有导入ntdll.dll(一般不太可能)";
			sprintf_s(bugBuf,MAX_PATH,"\n%s/%s/%s:  %s\n",__FILE__,__FUNCTION__,__LINE__,errorMsg);
			OutputDebugStringA(bugBuf);
			return FALSE;
		}
		ntCreateThreadEx(&hThread,0x1fffff,NULL,hProcess,pThreadPorc,pRemoteBuf,FALSE,NULL,NULL,NULL,NULL);
		if (hThread==0)
		{
			char bugBuf[MAX_PATH];
			char * errorMsg= (char*)"获取线程失败 ";
			sprintf_s(bugBuf,MAX_PATH,"\n%s/%s/%s:  %s\n",__FILE__,__FUNCTION__,__LINE__,errorMsg);
			OutputDebugStringA(bugBuf);
			return FALSE;
		}
		  
	}
	else{  //否则则采用CreateRemoteThread创建远程线程
		hThread = CreateRemoteThread(hProcess,0,0,pThreadPorc,pRemoteBuf,0,0);
		if (hThread==0)
		{
			char bugBuf[MAX_PATH];
			char * errorMsg= (char*)"获取线程失败 ";
			sprintf_s(bugBuf,MAX_PATH,"\n%s/%s/%s:  %s\n",__FILE__,__FUNCTION__,__LINE__,errorMsg);
			OutputDebugStringA(bugBuf);
			return FALSE;
		}
	}
	if (WaitForSingleObject(hThread,INFINITE)==WAIT_FAILED)
	{
			char bugBuf[MAX_PATH];
			char * errorMsg= (char*)"WaitForSingleObject失败";
			sprintf_s(bugBuf,MAX_PATH,"\n%s/%s/%s:  %s\n",__FILE__,__FUNCTION__,__LINE__,errorMsg);
			OutputDebugStringA(bugBuf);
			return FALSE;
	}
	

	return TRUE;
}

/**	 
	 名称:dllInject
	 功能: 将dll文件注入到目标进程空间
	 参数:DWORD pid 目标进程的pid    TCHAR * wDllName dll路径 
	 返回值:bool  是否成功
**/
void dllInject(DWORD pid,TCHAR * wDllName){
	//获取目标进程句柄
	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	if(!hProcess)
		OutputDebugStringA("\n1:进程句柄获取失败   dllInject(DWORD pid,TCHAR * wDllName) 错误原因: 有可能是pid错误\n");
	//检查字符串是否为dll文件
	
	if (!isFile(wDllName)) {
		OutputDebugStringA("\n2:输入得文件路径不是dll  dllInject(DWORD pid,TCHAR * wDllName) 错误原因: 有可能是字符串写错了\n");
	}
	//将字符串注入目标进程地址空间
	PVOID pBuf = writeStringToObjectProcess(hProcess,wDllName);
	if(!pBuf)
		OutputDebugStringA("\n3:将字符串注入目标进程地址空间失败   dllInject(DWORD pid,TCHAR * wDllName)  错误原因: 有可能是pid错误\n");
	//获取loadlibary函数地址
	FARPROC pFun = getAPIAddress((wchar_t*)L"kernel32.dll", (wchar_t*)L"LoadLibraryW");
	if(!pFun)
		OutputDebugStringA("\n4:获取loadlibary函数地址失败   dllInject(DWORD pid,TCHAR * wDllName) 错误原因: 有可能是本进程没有导入LoadLibraryW函数\n");
	//创建远程
	
	MyCreateRemoteThread(hProcess,(LPTHREAD_START_ROUTINE)pFun,pBuf);
}

/**	 
	 名称:dllEnject
	 功能: 卸载目标进程的模块
	 参数:DWORD pid 目标进程的pid    TCHAR * wDllName dll路径 
	 返回值:bool  是否成功
**/

void dllEnject(DWORD pid,TCHAR * wDllName){
	//获取目标进程句柄
	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
	if(!hProcess)
		OutputDebugStringA("\n1:进程句柄获取失败   dllEnject(DWORD pid,TCHAR * wDllName) 错误原因: 有可能是pid错误\n");
	//通过进程id和模块名找到目标进程的模块地址
	HANDLE hModule = getModuleHandlebyName(pid,wDllName);
	if (!hModule) {
		OutputDebugStringA("\n2: 获取模块地址失败 dllEnject(DWORD pid,TCHAR * wDllName) 错误原因: 有可能是字符串写错了或目标进程没有该模块\n");
	}
	//获取freelibary函数地址
	FARPROC pFun = getAPIAddress((wchar_t*)L"kernel32.dll", (wchar_t*)L"FreeLibrary");
	if(!pFun)
		OutputDebugStringA("\n3:获取FreeLibrary函数地址失败   dllInject(DWORD pid,TCHAR * wDllName) 错误原因: 有可能是本进程没有导入FreeLibrary函数\n");
	//创建远程线程
	CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)pFun,hModule,0,NULL);
}
/**	 
	 名称:GlobalInjectOrEnject 
	 功能:	将所有进程中的某个dll卸载(可以选定下限)
	 参数:	 TCHAR * wDllName 被卸载的dll路径 int line 进程pid下限,pid低于line的不会被卸载 BOOL mode 是否为注入模式
	 返回值: void
**/
void GlobalInjectOrEnject(TCHAR * wDllName,int line,BOOL mode){
	//获取所有进程的pid
	HANDLE          hSnapShot = INVALID_HANDLE_VALUE;  
	PROCESSENTRY32         pe;  

	// Get the snapshot of the system  
	pe.dwSize = sizeof( PROCESSENTRY32 );  
	hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPALL, NULL );  

	// find process  
	Process32First(hSnapShot, &pe);  
	do  
	{ 
		//排除不能注入的pid
		if(pe.th32ProcessID>=(unsigned int)line)
			if(mode==TRUE)
				dllInject(pe.th32ProcessID,wDllName);
			else
				dllEnject(pe.th32ProcessID,wDllName);
	}  
	while( Process32Next(hSnapShot, &pe) );  

	CloseHandle(hSnapShot); 

}

/**	 
	 名称:GlobalInject
	 功能:	将dll注入到所有进程中(可以选定下限)
	 参数:	 TCHAR * wDllName 被用来注入的dll路径 int line 进程pid下限,pid低于line的不会被注入
	 返回值: void
**/
void GlobalInject(TCHAR * wDllName,int line){
	GlobalInjectOrEnject(wDllName,line,TRUE);
}
/**	 
	 名称:GlobalEnject
	 功能:	将所有进程中的某个dll卸载(可以选定下限)
	 参数:	 TCHAR * wDllName 被卸载的dll路径 int line 进程pid下限,pid低于line的不会被卸载
	 返回值: void
**/
void GlobalEnject(TCHAR * wDllName,int line){
	GlobalInjectOrEnject(wDllName,line,FALSE);
}
/**	 
	 名称:hookByCode
	 功能:	在某个API下钩子
	 参数:PVOID APIAddr 被钩取的函数地址  PVOID hookProc 钩子函数 PBYTE pBuf  保存前五个字节的缓冲区
	 返回值:PBYTE 返回被下钩子的API的前5个字节 用于脱钩
**/
VOID hookByCode(PVOID APIAddr,PVOID hookProc,PBYTE pBuf){
	memcpy(pBuf,APIAddr,5);
	//计算跳转距离
	// 若已经被钩取则返回FALSE  
	if( ((PBYTE)APIAddr)[0] == 0xE9 )  
		return ; 
	//目标位置
		DWORD desPos = (DWORD)hookProc;
	//源位置
		DWORD srcPos = (DWORD)APIAddr+5;
		DWORD jmpDistance = desPos-srcPos;
	//取得可写权限
		DWORD lpflOldProtect;
		VirtualProtect(APIAddr,5,PAGE_READWRITE,&lpflOldProtect);
	//设置跳转语句

		memcpy((byte *)APIAddr+1,&jmpDistance,4);
		*(BYTE *)APIAddr = 0xE9;
		
		VirtualProtect(APIAddr,5,lpflOldProtect,&lpflOldProtect);
}

BOOL hookByCode(LPCSTR szDllName, LPCSTR szFuncName, PROC pfnNew, PBYTE pOrgBytes)  
{  
	FARPROC pfnOrg;  
	BYTE pBuf[5] = {0xE9, 0, };  
	PBYTE pByte;  

	// 获取要钩取的API地址  
	pfnOrg = (FARPROC)GetProcAddress(GetModuleHandleA(szDllName), szFuncName);  
	pByte = (PBYTE)pfnOrg;  

	//hookByCode((PVOID)pfnOrg,(PVOID)pfnNew,pOrgBytes);
	PVOID APIAddr = pfnOrg;
	PVOID hookProc = pfnNew;
	memcpy(pOrgBytes,APIAddr,5);
	//计算跳转距离
	// 若已经被钩取则返回FALSE  
	if( ((PBYTE)APIAddr)[0] == 0xE9 )  
		return TRUE; 
	//目标位置
	DWORD desPos = (DWORD)hookProc;
	//源位置
	DWORD srcPos = (DWORD)APIAddr+5;
	DWORD jmpDistance = desPos-srcPos;
	//取得可写权限
	DWORD lpflOldProtect;
	VirtualProtect(APIAddr,5,PAGE_EXECUTE_READWRITE,&lpflOldProtect);
	//设置跳转语句

	memcpy((byte *)APIAddr+1,&jmpDistance,4);
	*(BYTE *)APIAddr = 0xE9;

	VirtualProtect(APIAddr,5,lpflOldProtect,&lpflOldProtect);
	return TRUE;  
}  
BOOL hookByCode(WCHAR* szDllName, WCHAR* szFuncName, PROC pfnNew, PBYTE pOrgBytes)  
{	char  muti1[MAX_PATH];
WideCharToMultiByte(CP_ACP, NULL,szDllName,-1,muti1,MAX_PATH,NULL, NULL);
char  muti2[MAX_PATH];
WideCharToMultiByte(CP_ACP, NULL,szFuncName,-1,muti2,MAX_PATH,NULL, NULL);
hookByCode(muti1,muti2,pfnNew,pOrgBytes);
return TRUE;
}  
/**	 
	 名称:unhookByCode
	 功能:	解除某个API的钩子
	 参数:TCHAR * moduleName 模块名	TCHAR * funcName 函数名  PVOID hookProc 钩子函数	
	 返回值:PBYTE 返回被下钩子的API的前5个字节 用于脱钩
**/
PBYTE unhookByCode(PVOID APIAddr,PBYTE pBuf){	
	
	//取得可写权限
		DWORD lpflOldProtect;
		VirtualProtect(APIAddr,5,PAGE_EXECUTE_READWRITE,&lpflOldProtect);
	//检查是否被下钩子
		PBYTE pByte  =(PBYTE)APIAddr;
		if(*pByte==0xE9)
			memcpy(APIAddr,pBuf,5);
		VirtualProtect(APIAddr,5,lpflOldProtect,&lpflOldProtect);
	return pBuf;
}

BOOL unhookByCode(LPCSTR szDllName, LPCSTR szFuncName, PBYTE pOrgBytes)  
{  
	FARPROC pFunc;  
	PBYTE pByte;  

	// 获取API地址  
	pFunc = GetProcAddress(GetModuleHandleA(szDllName), szFuncName);  
	pByte = (PBYTE)pFunc;  
unhookByCode((PVOID)pFunc,pOrgBytes);

	return TRUE;  
}  
BOOL unhookByCode(WCHAR *szDllName, WCHAR *szFuncName, PBYTE pOrgBytes)  
{  
	char  muti1[MAX_PATH];
	WideCharToMultiByte(CP_ACP, NULL,szDllName,-1,muti1,MAX_PATH,NULL, NULL);
	char  muti2[MAX_PATH];
	WideCharToMultiByte(CP_ACP, NULL,szFuncName,-1,muti2,MAX_PATH,NULL, NULL);


	return unhookByCode(muti1,muti2,pOrgBytes);;  
}  



posted @ 2022-11-09 23:50  乘舟凉  阅读(65)  评论(0编辑  收藏  举报