#include <windows.h>
#include <iostream>
#include <iomanip>
using namespace std;
IMAGE_IMPORT_DESCRIPTOR* GetImportDesc(HMODULE);
typedef int (_stdcall *PFNMESSAGEBOX)(HWND,LPCTSTR,LPCTSTR,UINT);
PROC g_orgProc=(PROC)MessageBoxA;
int _stdcall MyMessageBox(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType )
{
return ((PFNMESSAGEBOX)g_orgProc)(hWnd,"LHook",lpCaption,uType);
}
bool SetHook(HMODULE hMod);
void main()
{
::MessageBox(NULL,"PreHook","IAT",MB_OK);
HMODULE hMod=::GetModuleHandle(NULL);
if(SetHook(hMod)
::MessageBox(NULL,"PreHook","IAT",MB_OK);}
IMAGE_IMPORT_DESCRIPTOR* GetImportDesc(HMODULE hMod)
{
IMAGE_DOS_HEADER* pDosHeader=(IMAGE_DOS_HEADER*)hMod;
IMAGE_NT_HEADERS* pNtHeader=(IMAGE_NT_HEADERS*)((BYTE*)hMod+pDosHeader->e_lfanew);
IMAGE_OPTIONAL_HEADER* pOptHeader=(IMAGE_OPTIONAL_HEADER*)((BYTE*)hMod+pDosHeader->e_lfanew+24);
IMAGE_IMPORT_DESCRIPTOR* pImportDesc=(IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)hMod+pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
return pImportDesc;
}bool SetHook(HMODULE hMod)
{
IMAGE_IMPORT_DESCRIPTOR* pImportDesc=GetImportDesc(hMod);
while(pImportDesc->FirstThunk)
{
char* pszName=(char*)((BYTE*)hMod+pImportDesc->Name);
if(lstrcmpiA(pszName,"User32.dll")==0)
break;
pImportDesc++;
}
if(pImportDesc->FirstThunk)
{
IMAGE_THUNK_DATA* pThunk=(IMAGE_THUNK_DATA*)((BYTE*)hMod+pImportDesc->FirstThunk);
while(pThunk->u1.Function)
{
DWORD* lpAddr=(DWORD*)&(pThunk->u1.Function);
if(*lpAddr==(DWORD)g_orgProc)
{
DWORD* lpNewProc=(DWORD*)MyMessageBox;
MEMORY_BASIC_INFORMATION mbi;
DWORD dwOld;
memset(&mbi, 0, sizeof(MEMORY_BASIC_INFORMATION));
::VirtualQuery(lpAddr,&mbi,sizeof(mbi));
::VirtualProtect(lpAddr,sizeof(DWORD),PAGE_READWRITE,&dwOld);
::WriteProcessMemory(::GetCurrentProcess(),
lpAddr,&lpNewProc,sizeof(DWORD),NULL);
::VirtualProtect(lpAddr,sizeof(DWORD),dwOld,0);
return true;
}
}
}
return false;}
DEBUG运行是可以看到MessageBoxA已经被HOOK了,但在Release下可以运行并且SetHook也是返回true,但结果是MessageBoxA没被HOOK掉,
这里已经调用了
::VirtualQuery(lpAddr,&mbi,sizeof(mbi));
::VirtualProtect(lpAddr,sizeof(DWORD),PAGE_READWRITE,&dwOld);
::WriteProcessMemory(::GetCurrentProcess(),
lpAddr,&lpNewProc,sizeof(DWORD),NULL);
::VirtualProtect(lpAddr,sizeof(DWORD),dwOld,0);
改变内存属性了,为什么啊,怎么解决???
#include <iostream>
#include <iomanip>
using namespace std;
IMAGE_IMPORT_DESCRIPTOR* GetImportDesc(HMODULE);
typedef int (_stdcall *PFNMESSAGEBOX)(HWND,LPCTSTR,LPCTSTR,UINT);
PROC g_orgProc=(PROC)MessageBoxA;
int _stdcall MyMessageBox(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType )
{
return ((PFNMESSAGEBOX)g_orgProc)(hWnd,"LHook",lpCaption,uType);
}
bool SetHook(HMODULE hMod);
void main()
{
::MessageBox(NULL,"PreHook","IAT",MB_OK);
HMODULE hMod=::GetModuleHandle(NULL);
if(SetHook(hMod)
::MessageBox(NULL,"PreHook","IAT",MB_OK);}
IMAGE_IMPORT_DESCRIPTOR* GetImportDesc(HMODULE hMod)
{
IMAGE_DOS_HEADER* pDosHeader=(IMAGE_DOS_HEADER*)hMod;
IMAGE_NT_HEADERS* pNtHeader=(IMAGE_NT_HEADERS*)((BYTE*)hMod+pDosHeader->e_lfanew);
IMAGE_OPTIONAL_HEADER* pOptHeader=(IMAGE_OPTIONAL_HEADER*)((BYTE*)hMod+pDosHeader->e_lfanew+24);
IMAGE_IMPORT_DESCRIPTOR* pImportDesc=(IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)hMod+pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
return pImportDesc;
}bool SetHook(HMODULE hMod)
{
IMAGE_IMPORT_DESCRIPTOR* pImportDesc=GetImportDesc(hMod);
while(pImportDesc->FirstThunk)
{
char* pszName=(char*)((BYTE*)hMod+pImportDesc->Name);
if(lstrcmpiA(pszName,"User32.dll")==0)
break;
pImportDesc++;
}
if(pImportDesc->FirstThunk)
{
IMAGE_THUNK_DATA* pThunk=(IMAGE_THUNK_DATA*)((BYTE*)hMod+pImportDesc->FirstThunk);
while(pThunk->u1.Function)
{
DWORD* lpAddr=(DWORD*)&(pThunk->u1.Function);
if(*lpAddr==(DWORD)g_orgProc)
{
DWORD* lpNewProc=(DWORD*)MyMessageBox;
MEMORY_BASIC_INFORMATION mbi;
DWORD dwOld;
memset(&mbi, 0, sizeof(MEMORY_BASIC_INFORMATION));
::VirtualQuery(lpAddr,&mbi,sizeof(mbi));
::VirtualProtect(lpAddr,sizeof(DWORD),PAGE_READWRITE,&dwOld);
::WriteProcessMemory(::GetCurrentProcess(),
lpAddr,&lpNewProc,sizeof(DWORD),NULL);
::VirtualProtect(lpAddr,sizeof(DWORD),dwOld,0);
return true;
}
}
}
return false;}
DEBUG运行是可以看到MessageBoxA已经被HOOK了,但在Release下可以运行并且SetHook也是返回true,但结果是MessageBoxA没被HOOK掉,
这里已经调用了
::VirtualQuery(lpAddr,&mbi,sizeof(mbi));
::VirtualProtect(lpAddr,sizeof(DWORD),PAGE_READWRITE,&dwOld);
::WriteProcessMemory(::GetCurrentProcess(),
lpAddr,&lpNewProc,sizeof(DWORD),NULL);
::VirtualProtect(lpAddr,sizeof(DWORD),dwOld,0);
改变内存属性了,为什么啊,怎么解决???
解决方案 »
- 谁会配置 DirectShow 环境
- COleDateTimeSpan GetTotalSeconds 负数问题
- [活动]可用分捐赠,欢迎贫下中农认领!(第四周)
- 很难的提问:如何让Gdiplus显示PNG图像时不透明
- 在对话框A里调用 dlg.DoModal()产生对话框B,点击对话框B的按钮时怎么把消息发到对话框A里去?
- 总结:在一个工程中添加别的工程的中已创建好的对话框资源。(或是。。。)
- 请问,VC++中的SDK在哪里呀?我想学习Win32 编程
- 关于窗口Menu的问题
- 让静态控件响应鼠标单击事件?
- 如何扩展VC6的动画控件??扩展VC动画控件...
- 不懂!!
- GetTextMetrics的问题!
http://blog.donews.com/dukejoe/archive/2007/03/26/1144903.aspx
我不用这种方法,
我用JMP的方法
就MessageBoxA把,简单点,就用main把,谢谢
[email protected]