Simple Code Overwriting API Hook | 学步园

返回顶部
查看留言
转到底部

现在的位置: 首页 > 综合 > 正文

Simple Code Overwriting API Hook

2018年06月10日 ⁄ 综合 ⁄ 共 2402字 ⁄ 字号小中大 ⁄ 评论关闭

#include <windows.h>

#ifndef _HOOK_API_JMP_
#define _HOOK_API_JMP_
class CHookApi_Jmp  
{
public: 
    HANDLE hProc; 
    void Unlock(void);
    void Lock(void); 
    BOOL Initialize(LPCTSTR ModuleName, LPCSTR ApiName, FARPROC lpNewFunc);
    void SetHookOn(void); 
    void SetHookOff(void); 
    CHookApi_Jmp(void); 
    virtual ~CHookApi_Jmp();

protected: 
    BYTE m_OldFunc[8]; 
    BYTE m_NewFunc[8]; 
    FARPROC m_lpHookFunc; 
    CRITICAL_SECTION m_cs;
};
#endif


//---------------------------------------------------------------------------
#include "stdafx.h"
#include "ApiHookLib.h"

#pragma warning(disable: 4311)
//---------------------------------------------------------------------------
CHookApi_Jmp::CHookApi_Jmp(void)
{ 
    InitializeCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
CHookApi_Jmp::~CHookApi_Jmp()
{ 
    CloseHandle(hProc); 
    DeleteCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOn(void)
{ 
    DWORD dwOldFlag;
    if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag))
    {  
        if(WriteProcessMemory(hProc,m_lpHookFunc,m_NewFunc,5,0))  
        {   
            if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))    
                return;  
        } 
    }  
    return;
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOff(void)
{ 
    DWORD dwOldFlag; 
    if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag)) 
    {  
        if(WriteProcessMemory(hProc,m_lpHookFunc,m_OldFunc,5,0))  
        {   
            if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))    
                return;  
        }
    }
    return;
}
//---------------------------------------------------------------------------
BOOL CHookApi_Jmp::Initialize(LPCTSTR ModuleName, LPCSTR ApiName, FARPROC lpNewFunc)
{
    m_lpHookFunc = GetProcAddress(GetModuleHandle(ModuleName),ApiName);
    hProc = GetCurrentProcess();
    DWORD dwOldFlag;
    if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag)) 
    {  
        if(ReadProcessMemory(hProc,m_lpHookFunc,m_OldFunc,5,0))  
        {   
            if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))   
            {    
                m_NewFunc[0]=0xe9;    
                DWORD*pNewFuncAddress;    
                pNewFuncAddress=(DWORD*)&m_NewFunc[1];    
                *pNewFuncAddress=(DWORD)lpNewFunc-(DWORD)m_lpHookFunc-5;    
                return TRUE;   
            }  
        }
    }
    return FALSE;
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::Lock(void) //多线程下使用
{
    EnterCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::Unlock(void)
{ 
    LeaveCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------

返回

【上篇】Direct3D改变分辨率&真假全屏
【下篇】Hash函数

作者: Gmsxnqca

该日志由 Gmsxnqca 于6年前发表在综合分类下，最后更新于 2018年06月10日.
转载请注明: Simple Code Overwriting API Hook | 学步园 +复制链接

抱歉!评论已关闭.

返回首页

Copyright © 2013-2018 学步园保留所有权利.
软文销售 QQ客服：2265327166

点击这里给我发消息

（其他合作也可洽谈）