为什么一直出错呀
unit apihook ;interface uses
SysUtils, Windows, WinSock, Dialogs;type
{ 要HOOK的API函数定义 }
TWideToMulti = function (cp:cardinal; deflags:cardinal; lpWideChar:PWideChar;
cchWideChar:Integer; lpMultiByteStr:PAnsiChar; cchMultiByte:Integer;
lpDefaultChar:PAnsiChar; lpUsedDefaultChar:PBOOL): Integer; stdcall;
procedure HookAPI;
procedure UnHookAPI;var
ProcessHandle: HWND;
BaseAddress: array [0..2] of Pointer;
OldProc: array [0..2] of array [0..7] of Byte;
NewPorc: array [0..2] of array [0..7] of Byte;implementation function MyWideToMulti(cp:cardinal; deflags:cardinal; lpWideChar:PWideChar;
cchWideChar:Integer; lpMultiByteStr:PAnsiChar; cchMultiByte:Integer;
lpDefaultChar:PAnsiChar; lpUsedDefaultChar:PBOOL): Integer; stdcall;
var
nSize: Cardinal;
begin
ShowMessage('已经调用自己'); 可以弹出这句,可是接下来就出错了
//ShowMessage(String(lpWideChar));
WriteProcessMemory(ProcessHandle, BaseAddress[0], @OldProc[0], 8, nSize);
Result := WideCharToMultiByte(cp, deflags, lpWideChar,
cchWideChar, lpMultiByteStr, cchMultiByte,
lpDefaultChar, lpUsedDefaultChar) ;
WriteProcessMemory(ProcessHandle, BaseAddress[0], @NewPorc[0], 8, nSize);//在程序正常打開後再修改成自定義函數的地址,使所有程序在下次打開時都要先調用自定義函數
// UnHookAPI;
end;procedure HookAPI;
var
DLLModule: THandle;
nSize: Cardinal;
Dat: DWORD;
Tmp : array [0..3] of Byte;
begin
ProcessHandle := DWORD(-1);
DLLModule := LoadLibrary('kernel32.dll');
{ 系统函数入口点地址 }
BaseAddress[0] := GetProcAddress(DLLModule,'WideCharToMultiByte');
Dat := DWORD(@MyWideToMulti);
Move(Dat, Tmp, 4);
NewPorc[0][0] := $B8; { 汇编跳转指令 }
NewPorc[0][1] := Tmp[0]; { 跳转到自身的函数 }
NewPorc[0][2] := Tmp[1];
NewPorc[0][3] := Tmp[2];
NewPorc[0][4] := Tmp[3];
NewPorc[0][5] := $FF;
NewPorc[0][6] := $E0;
NewPorc[0][7] := 0;
{ 读取系统函数内存地址 }
ReadProcessMemory(ProcessHandle, BaseAddress[0], @OldProc[0], 8, nSize);
{ 用自己的函数地址覆盖系统的函数地址 }
WriteProcessMemory(ProcessHandle, BaseAddress[0], @NewPorc[0], 8, nSize);
CloseHandle(ProcessHandle);
end; procedure UnHookAPI;
var
nSize: Cardinal;
begin
{ 恢复所修改的地址 }
WriteProcessMemory(ProcessHandle, BaseAddress[0], @OldProc[0], 8, nSize);
end; end.
unit apihook ;interface uses
SysUtils, Windows, WinSock, Dialogs;type
{ 要HOOK的API函数定义 }
TWideToMulti = function (cp:cardinal; deflags:cardinal; lpWideChar:PWideChar;
cchWideChar:Integer; lpMultiByteStr:PAnsiChar; cchMultiByte:Integer;
lpDefaultChar:PAnsiChar; lpUsedDefaultChar:PBOOL): Integer; stdcall;
procedure HookAPI;
procedure UnHookAPI;var
ProcessHandle: HWND;
BaseAddress: array [0..2] of Pointer;
OldProc: array [0..2] of array [0..7] of Byte;
NewPorc: array [0..2] of array [0..7] of Byte;implementation function MyWideToMulti(cp:cardinal; deflags:cardinal; lpWideChar:PWideChar;
cchWideChar:Integer; lpMultiByteStr:PAnsiChar; cchMultiByte:Integer;
lpDefaultChar:PAnsiChar; lpUsedDefaultChar:PBOOL): Integer; stdcall;
var
nSize: Cardinal;
begin
ShowMessage('已经调用自己'); 可以弹出这句,可是接下来就出错了
//ShowMessage(String(lpWideChar));
WriteProcessMemory(ProcessHandle, BaseAddress[0], @OldProc[0], 8, nSize);
Result := WideCharToMultiByte(cp, deflags, lpWideChar,
cchWideChar, lpMultiByteStr, cchMultiByte,
lpDefaultChar, lpUsedDefaultChar) ;
WriteProcessMemory(ProcessHandle, BaseAddress[0], @NewPorc[0], 8, nSize);//在程序正常打開後再修改成自定義函數的地址,使所有程序在下次打開時都要先調用自定義函數
// UnHookAPI;
end;procedure HookAPI;
var
DLLModule: THandle;
nSize: Cardinal;
Dat: DWORD;
Tmp : array [0..3] of Byte;
begin
ProcessHandle := DWORD(-1);
DLLModule := LoadLibrary('kernel32.dll');
{ 系统函数入口点地址 }
BaseAddress[0] := GetProcAddress(DLLModule,'WideCharToMultiByte');
Dat := DWORD(@MyWideToMulti);
Move(Dat, Tmp, 4);
NewPorc[0][0] := $B8; { 汇编跳转指令 }
NewPorc[0][1] := Tmp[0]; { 跳转到自身的函数 }
NewPorc[0][2] := Tmp[1];
NewPorc[0][3] := Tmp[2];
NewPorc[0][4] := Tmp[3];
NewPorc[0][5] := $FF;
NewPorc[0][6] := $E0;
NewPorc[0][7] := 0;
{ 读取系统函数内存地址 }
ReadProcessMemory(ProcessHandle, BaseAddress[0], @OldProc[0], 8, nSize);
{ 用自己的函数地址覆盖系统的函数地址 }
WriteProcessMemory(ProcessHandle, BaseAddress[0], @NewPorc[0], 8, nSize);
CloseHandle(ProcessHandle);
end; procedure UnHookAPI;
var
nSize: Cardinal;
begin
{ 恢复所修改的地址 }
WriteProcessMemory(ProcessHandle, BaseAddress[0], @OldProc[0], 8, nSize);
end; end.
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货