各位大哥 小弟现在正在用apihook来捕捉createfile这个api
但是老是出现窗体冻结的情况 我想我可能是参数设置错误引起堆栈的错误
主要代码如下:
TCreateFile = function(lpFileName:LPCTSTR;dwDesiredAccess:DWORD;
dwShareMode:DWORD;lpSecurityAttributes:Tpoint {LPSECURITY_ATTRIBUTES};dwCreationDistribution:DWORD;
dwFlagsAndAttributes:DWORD;
hTemplateFile:HDC):HDC;stdcall;
var
OldCreateFile:TCreateFile;function MyCreateFile(lpFileName:LPCTSTR;
dwDesiredAccess:DWORD;
dwShareMode:DWORD;
lpSecurityAttributes:Tpoint
dwCreationDistribution:DWORD;
dwFlagsAndAttributes:DWORD;
hTemplateFile:HDC):HDC;stdcall;
begin
oldCreateFile('C:/sdad.txt',dwDesiredAccess,dwShareMode,
lpSecurityAttributes,dwCreationDistribution,dwFlagsAndAttributes,hTemplateFile);
end;
//locateFuntionAddress:取原地址
//repointfunction:用 NewFunc替代 OldFunc
//钩住
procedure API_Hookup; stdcall;
begin
if @oldCreateFile = nil then
@oldCreateFile:=LocateFunctionAddress(@CreateFile);
RepointFunction(@OldCreateFile,@CreateFile);
end;
//跳回原来地址
procedure API_HookDown; stdcall;
begin
if @OldCreateFile <> nil then
RepointFunction(@CreateFile,@OldCreateFile);
end;
大家帮忙看下吧~~~
我主要问题出在哪??就是怎么hook createfile这个api??
但是老是出现窗体冻结的情况 我想我可能是参数设置错误引起堆栈的错误
主要代码如下:
TCreateFile = function(lpFileName:LPCTSTR;dwDesiredAccess:DWORD;
dwShareMode:DWORD;lpSecurityAttributes:Tpoint {LPSECURITY_ATTRIBUTES};dwCreationDistribution:DWORD;
dwFlagsAndAttributes:DWORD;
hTemplateFile:HDC):HDC;stdcall;
var
OldCreateFile:TCreateFile;function MyCreateFile(lpFileName:LPCTSTR;
dwDesiredAccess:DWORD;
dwShareMode:DWORD;
lpSecurityAttributes:Tpoint
dwCreationDistribution:DWORD;
dwFlagsAndAttributes:DWORD;
hTemplateFile:HDC):HDC;stdcall;
begin
oldCreateFile('C:/sdad.txt',dwDesiredAccess,dwShareMode,
lpSecurityAttributes,dwCreationDistribution,dwFlagsAndAttributes,hTemplateFile);
end;
//locateFuntionAddress:取原地址
//repointfunction:用 NewFunc替代 OldFunc
//钩住
procedure API_Hookup; stdcall;
begin
if @oldCreateFile = nil then
@oldCreateFile:=LocateFunctionAddress(@CreateFile);
RepointFunction(@OldCreateFile,@CreateFile);
end;
//跳回原来地址
procedure API_HookDown; stdcall;
begin
if @OldCreateFile <> nil then
RepointFunction(@CreateFile,@OldCreateFile);
end;
大家帮忙看下吧~~~
我主要问题出在哪??就是怎么hook createfile这个api??
uses
SysUtils,
Windows,
ShellAPI,
Dialogs,
Forms,
Classes; procedure API_Hookup; stdcall;
procedure API_HookDown; stdcall;type
TCreateFile = function(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
TCreateFileA = function(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
TCreateFileW = function(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;var
OldCreateFile: TCreateFile;
OldCreateFileA: TCreateFileA;
OldCreateFileW: TCreateFileW;implementationuses HookAPI;function MyCreateFile(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
begin
Application.ProcessMessages;
CreateDir('C:\CreateFile');
end;function MyCreateFileA(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
begin
Application.ProcessMessages;
CreateDir('C:\CreateFileA');
end;function MyCreateFileW(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle; stdcall;
begin
Application.ProcessMessages;
CreateDir('C:\CreateFileW');
end;procedure API_Hookup; stdcall;
begin if @OldCreateFile = nil then
@OldCreateFile := LocateFunctionAddress(@CreateFile);
if @OldCreateFileA = nil then
@OldCreateFileA := LocateFunctionAddress(@CreateFileA);
if @OldCreateFileW = nil then
@OldCreateFileW := LocateFunctionAddress(@CreateFileW); RepointFunction(@OldCreateFile, @MyCreateFile);
RepointFunction(@OldCreateFileA, @MyCreateFileA);
RepointFunction(@OldCreateFileW, @MyCreateFileW);end;procedure API_HookDown; stdcall;
begin if @OldCreateFile <> nil then
RepointFunction(@MyCreateFile, @OldCreateFile);
if @OldCreateFileA <> nil then
RepointFunction(@MyCreateFileA, @OldCreateFileA);
if @OldCreateFileW <> nil then
RepointFunction(@MyCreateFileW, @OldCreateFileW);end;initializationfinalization
API_HookDown;end.
以上三个函数都要写上,一般来说在XP系统下会调用CreateFileW,还有就是需要把控制权交给操作系统。所以加上Application.ProcessMessages;
我现在可以监控到本进程的createfile
但是其他进程的不行呀???
怎么办??
http://blog.csdn.net/zhaoyu_me/archive/2007/02/22/1512812.aspx