有没有人遇到这种情况怎么,怎么决绝啊。差了很多hookAPI的例子但都存在这问题。
1有时第一次关闭没发生ExePlorer.exe崩溃
2但第二次打开在关闭就会有。以后就会一直抱。不知道那位达人可以解决下这个问题代码{------------------APIHook.pas---------------------}unit APIHook;interface uses
SysUtils, Windows, TlHelp32, Dialogs;type
{ 要HOOK的API函数定义 }
TMyOpenProcess = function (dwDesiredAccess: DWORD; bInheritHandle:
BOOL; dwProcessId: DWORD): THandle; stdcall; procedure HookAPI;
procedure UnHookAPI;var
ProcessHandle: HWND;
BaseAddress: Pointer;
MainHooK: Cardinal;
OldProc: array [0..7] of Byte;
NewPorc: array [0..7] of Byte;
implementationfunction GetFileName(dwProcessID: Cardinal): string;
var
me: MODULEENTRY32;
hm: Thandle;
begin
hm := CreateToolHelp32SnapShot(TH32CS_SNAPmodule, dwProcessID);
me.dwSize := sizeof(ModuleEntry32);
Module32First(hm, me);
Result := me.szExePath;
end;function MyOpenProcess(dwDesiredAccess: DWORD; bInheritHandle:
BOOL; dwProcessId: DWORD): THandle; stdcall;
const
INPMCLASS = 'TSuperTCPChannelChat_ClientMainForm';
var
nSize :Cardinal;
Hwnds: HWND;
AppProID: DWORD;
begin
if dwDesiredAccess = PROCESS_TERMINATE then
begin
Hwnds := FindWindow(INPMCLASS,nil );
if Hwnds <> 0 then
begin
GetWindowThreadProcessId(Hwnds, @AppProID);
if dwProcessId = AppProID then
begin
// WriteProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize);
Result := 0;
// Abort ;
// WriteProcessMemory(ProcessHandle, BaseAddress, @NewPorc, 8, nSize);
Exit;
end;
end;
end;
WriteProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize);
Result := OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
WriteProcessMemory(ProcessHandle, BaseAddress, @NewPorc, 8, nSize);
end;procedure HookAPI();
var
DLLModule: THandle;
nSize: Cardinal;
Dat: DWORD;
Tmp : array [0..3] of Byte;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('kernel32.dll');
{ 系统函数入口点地址 }
BaseAddress := GetProcAddress(DLLModule, 'OpenProcess');
Dat := DWORD(@MyOpenProcess);
Move(Dat, Tmp, 4);
NewPorc[0] := $B8; { 汇编跳转指令 }
NewPorc[1] := Tmp[0]; { 跳转到自身的函数 }
NewPorc[2] := Tmp[1];
NewPorc[3] := Tmp[2];
NewPorc[4] := Tmp[3];
NewPorc[5] := $FF;
NewPorc[6] := $E0;
NewPorc[7] := 0;
{ 读取系统函数内存地址 }
if ReadProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize) then
{ 用自己的函数地址覆盖系统的函数地址 }
if WriteProcessMemory(ProcessHandle, BaseAddress, @NewPorc, 8, nSize) then
end;procedure UnHookAPI;
var
nSize: Cardinal;
begin
{ 恢复所修改的地址 }
WriteProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize);end;end.{-------------------Hook.dpr----------------------}
{ 这个是DLL }
library Hook;uses
SysUtils,
windows,
Messages,
APIHook in 'APIHook.pas';var
DLLHook: HHOOK;
Bol: Boolean = False;procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall;
begin
if not Bol then
CallNextHookEx(DLLHook, nCode, wParam, lParam);
end;{ 状态挂钩 }
function InstallHook(MainHandle: HWND): Boolean; stdcall;
const
INPMCLASS = 'TSuperTCPChannelChat_ClientMainForm';
var
nSize :Cardinal;
Hwnds: HWND;
AppProID: DWORD;
begin Hwnds := FindWindow(INPMCLASS,nil );
GetWindowThreadProcessId(Hwnds, @AppProID);
DLLHook := SetWindowsHookEx(WH_GETMESSAGE, @HookProc, Hinstance,0);
Result := DLLHook <> 0;
end;{ 卸载挂钩 }
procedure UnHook; stdcall;
begin
UnHookAPI;
UnhookWindowsHookEx(DLLHook);
end;procedure MyDLLHandler(Reason: Integer);
begin
case Reason of
DLL_PROCESS_ATTACH: HookAPI;
DLL_PROCESS_DETACH: UnHook;
end;
end;exports
InstallHook;begin
DLLProc := @MyDLLHandler;
MyDLLhandler(DLL_PROCESS_ATTACH);
Bol := False;
end.
1有时第一次关闭没发生ExePlorer.exe崩溃
2但第二次打开在关闭就会有。以后就会一直抱。不知道那位达人可以解决下这个问题代码{------------------APIHook.pas---------------------}unit APIHook;interface uses
SysUtils, Windows, TlHelp32, Dialogs;type
{ 要HOOK的API函数定义 }
TMyOpenProcess = function (dwDesiredAccess: DWORD; bInheritHandle:
BOOL; dwProcessId: DWORD): THandle; stdcall; procedure HookAPI;
procedure UnHookAPI;var
ProcessHandle: HWND;
BaseAddress: Pointer;
MainHooK: Cardinal;
OldProc: array [0..7] of Byte;
NewPorc: array [0..7] of Byte;
implementationfunction GetFileName(dwProcessID: Cardinal): string;
var
me: MODULEENTRY32;
hm: Thandle;
begin
hm := CreateToolHelp32SnapShot(TH32CS_SNAPmodule, dwProcessID);
me.dwSize := sizeof(ModuleEntry32);
Module32First(hm, me);
Result := me.szExePath;
end;function MyOpenProcess(dwDesiredAccess: DWORD; bInheritHandle:
BOOL; dwProcessId: DWORD): THandle; stdcall;
const
INPMCLASS = 'TSuperTCPChannelChat_ClientMainForm';
var
nSize :Cardinal;
Hwnds: HWND;
AppProID: DWORD;
begin
if dwDesiredAccess = PROCESS_TERMINATE then
begin
Hwnds := FindWindow(INPMCLASS,nil );
if Hwnds <> 0 then
begin
GetWindowThreadProcessId(Hwnds, @AppProID);
if dwProcessId = AppProID then
begin
// WriteProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize);
Result := 0;
// Abort ;
// WriteProcessMemory(ProcessHandle, BaseAddress, @NewPorc, 8, nSize);
Exit;
end;
end;
end;
WriteProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize);
Result := OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
WriteProcessMemory(ProcessHandle, BaseAddress, @NewPorc, 8, nSize);
end;procedure HookAPI();
var
DLLModule: THandle;
nSize: Cardinal;
Dat: DWORD;
Tmp : array [0..3] of Byte;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('kernel32.dll');
{ 系统函数入口点地址 }
BaseAddress := GetProcAddress(DLLModule, 'OpenProcess');
Dat := DWORD(@MyOpenProcess);
Move(Dat, Tmp, 4);
NewPorc[0] := $B8; { 汇编跳转指令 }
NewPorc[1] := Tmp[0]; { 跳转到自身的函数 }
NewPorc[2] := Tmp[1];
NewPorc[3] := Tmp[2];
NewPorc[4] := Tmp[3];
NewPorc[5] := $FF;
NewPorc[6] := $E0;
NewPorc[7] := 0;
{ 读取系统函数内存地址 }
if ReadProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize) then
{ 用自己的函数地址覆盖系统的函数地址 }
if WriteProcessMemory(ProcessHandle, BaseAddress, @NewPorc, 8, nSize) then
end;procedure UnHookAPI;
var
nSize: Cardinal;
begin
{ 恢复所修改的地址 }
WriteProcessMemory(ProcessHandle, BaseAddress, @OldProc, 8, nSize);end;end.{-------------------Hook.dpr----------------------}
{ 这个是DLL }
library Hook;uses
SysUtils,
windows,
Messages,
APIHook in 'APIHook.pas';var
DLLHook: HHOOK;
Bol: Boolean = False;procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall;
begin
if not Bol then
CallNextHookEx(DLLHook, nCode, wParam, lParam);
end;{ 状态挂钩 }
function InstallHook(MainHandle: HWND): Boolean; stdcall;
const
INPMCLASS = 'TSuperTCPChannelChat_ClientMainForm';
var
nSize :Cardinal;
Hwnds: HWND;
AppProID: DWORD;
begin Hwnds := FindWindow(INPMCLASS,nil );
GetWindowThreadProcessId(Hwnds, @AppProID);
DLLHook := SetWindowsHookEx(WH_GETMESSAGE, @HookProc, Hinstance,0);
Result := DLLHook <> 0;
end;{ 卸载挂钩 }
procedure UnHook; stdcall;
begin
UnHookAPI;
UnhookWindowsHookEx(DLLHook);
end;procedure MyDLLHandler(Reason: Integer);
begin
case Reason of
DLL_PROCESS_ATTACH: HookAPI;
DLL_PROCESS_DETACH: UnHook;
end;
end;exports
InstallHook;begin
DLLProc := @MyDLLHandler;
MyDLLhandler(DLL_PROCESS_ATTACH);
Bol := False;
end.
每次都报,不知道怎么处理
我现在想了一个办法就是比较歪歪。
吧我写的APIHook的Dll注入到Explorer.exe这样我自己的程序就不用装载和卸载dll了。这样就绕过去了。
但问题的根本原因还是不知道怎么回事。