解决方案 »
- delphi控件WindowsMediaPlayer1怎么让在看电视鼠标右键点击没有效果
- 救救我啊。。。关于Delphi邮件群发的问题。。。速度快死了我。。
- 我的窗休闪过后,原来的窗口或桌面能短时看到一片白(可能刷新不及时),但是。。。
- 我在使用clientDataSet时,当将一个OLEVARIANT数据付给它时,弹出一个错误提示:Error Loading MIDAS.DLL,应该怎样解决?
- fastreport中的信封打印,预览是好的,打印出来的始终旋转90度或180度
- 不在子界基类型范围之类的赋值竟然不会出错?
- 大虾请进----------这个相似度算法如何改?-----------
- 请教一个数据库的问题?
- midas问题求救
- 请问哪有ADO的升级包下载? 谢谢
- 很奇怪的现象,在动态窗体显示的时候,看不见控件
- 截获进程消息
上边这个API
读第2个参数
sockaddr_in = record
case Integer of
0: (sin_family: u_short;
sin_port: u_short;
sin_addr: TInAddr;
sin_zero: array[0..7] of Char);
1: (sa_family: u_short;
sa_data: array[0..13] of Char)
end;
TSockAddrIn = sockaddr_in;
上边就是你要的参数
type
Tconnect = function (s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;var
OldConnet: Tconnect;function connect(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcal
var
Ip:
begin
IP地址 := name.sin_addr;
端口号 := name.sin_port;
OldConnet(s, name, namelen);
end; if @OldConnet = nil then
@OldConnet := 保存地址函数(@connect);
替换函数(@OldConnet, @connect);中文的地方你自己加上去吧
unit APIHook;
interface
uses
SysUtils,
Windows, dialogs, WinSock;
type
//要HOOK的API函数定义
TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
Tconnect = function (s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;
//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;
var
OldSend, OldRecv: TSockProc; //原来的API地址
OldConnect: Tconnect;
JmpCode: TJmpCode;
OldProc: array [0..2] of TJmpCode;
AddSend, AddRecv , AddConnect: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation
{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行发送的数据处理 //调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend(S, Buf, len, flags);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;
{---------------------------------------}
{函数功能:Recv函数的HOOK
{函数参数:同Recv
{函数返回值:integer
{---------------------------------------}
function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行接收的数据处理 //调用直正的Recv函数
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
Result := OldRecv(S, Buf, len, flags);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);
end;
function connect(s: TSocket; var name: TSockAddr; namelen: Integer): Integer; stdcall;
var
Ip:string;
port:integer;
begin
ip := inet_ntoa(name.sin_addr);
port := ntohs(name.sin_port);
messagebox(0,pchar(ip),'',64);
OldConnect(s, name, namelen);
end;
{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('ws2_32.dll');
AddSend := GetProcAddress(DLLModule, 'send'); //取得API地址
AddRecv := GetProcAddress(DLLModule, 'recv');
AddConnect := GetProcAddress(DLLModule, 'Connect');
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口
ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口 ReadProcessMemory(ProcessHandle, addConnect, @OldProc[2], 8, dwSize);
JmpCode.Address := @connect;
WriteProcessMemory(ProcessHandle, addConnect, @JmpCode, 8, dwSize); //修改Send入口
OldSend := AddSend;
OldRecv := AddRecv;
OldConnect := AddConnect;
end;
{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
end;
end.
var
Ip:string;
port:integer;
begin
ip := inet_ntoa(name.sin_addr);
port := ntohs(name.sin_port);
messagebox(0,pchar(ip),'',64);
OldConnect(s, name, namelen);
end;