hook createfile!!??

各位大哥 小弟现在正在用apihook来捕捉createfile这个api
但是老是出现窗体冻结的情况 我想我可能是参数设置错误引起堆栈的错误
主要代码如下:
   TCreateFile = function(lpFileName:LPCTSTR;dwDesiredAccess:DWORD;
 dwShareMode:DWORD;lpSecurityAttributes:Tpoint                 {LPSECURITY_ATTRIBUTES};dwCreationDistribution:DWORD;
                          dwFlagsAndAttributes:DWORD;
                          hTemplateFile:HDC):HDC;stdcall;
var
   OldCreateFile:TCreateFile;function MyCreateFile(lpFileName:LPCTSTR;
                          dwDesiredAccess:DWORD;
                          dwShareMode:DWORD;
                          lpSecurityAttributes:Tpoint
                          dwCreationDistribution:DWORD;
                          dwFlagsAndAttributes:DWORD;
                          hTemplateFile:HDC):HDC;stdcall;
begin
   oldCreateFile('C:/sdad.txt',dwDesiredAccess,dwShareMode,
                 lpSecurityAttributes,dwCreationDistribution,dwFlagsAndAttributes,hTemplateFile);
end;
//locateFuntionAddress:取原地址
//repointfunction:用 NewFunc替代 OldFunc 
//钩住
procedure API_Hookup; stdcall;
begin
   if @oldCreateFile = nil then
      @oldCreateFile:=LocateFunctionAddress(@CreateFile);
   RepointFunction(@OldCreateFile,@CreateFile);
end;
//跳回原来地址
procedure API_HookDown; stdcall;
begin
   if @OldCreateFile <> nil then
      RepointFunction(@CreateFile,@OldCreateFile);
end;
大家帮忙看下吧~~~
我主要问题出在哪??就是怎么hook createfile这个api??

解决方案 »

  1.   

    unit Main;interface
    uses
      SysUtils,
      Windows,
      ShellAPI,
      Dialogs,
      Forms,
      Classes;  procedure API_Hookup; stdcall;
      procedure API_HookDown; stdcall;type
       TCreateFile = function(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
                     lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                     hTemplateFile: THandle): THandle; stdcall;
       TCreateFileA = function(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
                              lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                              hTemplateFile: THandle): THandle; stdcall;
       TCreateFileW = function(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
                              lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                              hTemplateFile: THandle): THandle; stdcall;var
       OldCreateFile: TCreateFile;
       OldCreateFileA: TCreateFileA;
       OldCreateFileW: TCreateFileW;implementationuses HookAPI;function MyCreateFile(lpFileName: PChar; dwDesiredAccess, dwShareMode: DWORD;
                          lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                          hTemplateFile: THandle): THandle; stdcall;
    begin
       Application.ProcessMessages;
       CreateDir('C:\CreateFile');
    end;function MyCreateFileA(lpFileName: PAnsiChar; dwDesiredAccess, dwShareMode: DWORD;
                              lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                              hTemplateFile: THandle): THandle; stdcall;
    begin
       Application.ProcessMessages;
       CreateDir('C:\CreateFileA');
    end;function MyCreateFileW(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
                              lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
                              hTemplateFile: THandle): THandle; stdcall;
    begin
       Application.ProcessMessages;
       CreateDir('C:\CreateFileW');
    end;procedure API_Hookup; stdcall;
    begin   if @OldCreateFile = nil then
          @OldCreateFile := LocateFunctionAddress(@CreateFile);
       if @OldCreateFileA = nil then
          @OldCreateFileA := LocateFunctionAddress(@CreateFileA);
       if @OldCreateFileW = nil then
          @OldCreateFileW := LocateFunctionAddress(@CreateFileW);   RepointFunction(@OldCreateFile, @MyCreateFile);
       RepointFunction(@OldCreateFileA, @MyCreateFileA);
       RepointFunction(@OldCreateFileW, @MyCreateFileW);end;procedure API_HookDown; stdcall;
    begin   if @OldCreateFile <> nil then
          RepointFunction(@MyCreateFile, @OldCreateFile);
       if @OldCreateFileA <> nil then
          RepointFunction(@MyCreateFileA, @OldCreateFileA);
       if @OldCreateFileW <> nil then
          RepointFunction(@MyCreateFileW, @OldCreateFileW);end;initializationfinalization
      API_HookDown;end.
    以上三个函数都要写上,一般来说在XP系统下会调用CreateFileW,还有就是需要把控制权交给操作系统。所以加上Application.ProcessMessages;
      

  2.   

    楼上用Application.ProcessMessages就能把控制权还给系统了吗?要知道现在你的钩子还是挂在上面,系统调用CreateFile的时候还是会进入你的函数,所以现在应该把函数的头地址改过来。
      

  3.   

    1楼的大哥这样的用法是否不要用到DLL??
      

  4.   

    大家帮忙看下 现在这不是全局的呀????
    我现在可以监控到本进程的createfile
    但是其他进程的不行呀???
    怎么办??
      

  5.   

    全局API,老外就用madCodeHook,可惜要MONEY
      

  6.   

    我刚搞定一个API HOOK问题,陷阱式,暂时解决了重入问题,不知对楼主有没有用,我Hook的是MessageBoxA,楼主稍作修改就可以了
    http://blog.csdn.net/zhaoyu_me/archive/2007/02/22/1512812.aspx
      

  7.   

    注册表里有一个键叫 "APPINIT_DLLS" (注意有不只一个位置,改其中对的一个即可.具体可以GOOGLE下.) 在这里加上你自己的DLL,那么所有调用 USER32.DLL 的进程都会调用你自己写的DLL. 也许对楼主有用.