查了n遍百度,都找不解决不了,只有上来求大牛帮帮忙了。直接上代码:c++ dll代码文件: HookApi.h#include <windows.h>
#ifndef _HOOKAPI_H
#define _HOOKAPI_Hclass HookApi {
public:
LPVOID pOldFunEntry, pNewFunEntry ; // 初始函数地址、HOOK后的函数地址
BYTE bOldByte[5], bNewByte[5] ; // 原始字节、目标字节public:
HookApi () {}
~HookApi() {}
// 实现HOOK API
void Hook (PSTR szModuleName,PSTR szFunName,FARPROC pFun)
{
HMODULE hMod = ::GetModuleHandleA ( szModuleName ) ;
if (hMod != NULL)
{
pNewFunEntry = (LPVOID)pFun ;
pOldFunEntry = (LPVOID)GetProcAddress ( hMod, szFunName ) ;
bNewByte[0] = 0xE9 ;
*((PDWORD)(&(bNewByte[1]))) = (DWORD)pNewFunEntry -(DWORD)pOldFunEntry - 5 ; DWORD dwProtect, dwWriteByte, dwReadByte ;
VirtualProtect ( (LPVOID)pOldFunEntry, 5, PAGE_READWRITE, &dwProtect );
ReadProcessMemory ( GetCurrentProcess(), (LPVOID)pOldFunEntry, bOldByte, 5, &dwReadByte ) ;
WriteProcessMemory ( GetCurrentProcess(), (LPVOID)pOldFunEntry, bNewByte, 5, &dwWriteByte ) ;
VirtualProtect ( (LPVOID)pOldFunEntry, 5, dwProtect, NULL ) ;
}
}
// 重新HOOK
void ReHook ()
{
DWORD dwProtect, dwWriteByte ;
VirtualProtect ( pOldFunEntry, 5, PAGE_READWRITE, &dwProtect );
WriteProcessMemory ( GetCurrentProcess(), pOldFunEntry, bNewByte, 5, &dwWriteByte ) ;
VirtualProtect ( pOldFunEntry, 5, dwProtect, NULL ) ;
}
// 撤消HOOK
void UnHook ()
{
DWORD dwProtect, dwWriteByte ;
VirtualProtect ( pOldFunEntry, 5, PAGE_READWRITE, &dwProtect );
WriteProcessMemory ( GetCurrentProcess(), pOldFunEntry, bOldByte, 5, &dwWriteByte ) ;
VirtualProtect ( pOldFunEntry, 5, dwProtect, NULL ) ;
}
} ;#endif文件 dllmain.cpp// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"#include "HookApi.h";
HookApi HookItem;// 定义MessageBoxA函数原型
typedef int (WINAPI* PFNMessageBoxA)( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType ) ;// 自定义的MessageBoxA函数
// 实现对原始MessageBoxA的输入、输出参数的监控,甚至是取消调用
int WINAPI New_MessageBoxA( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType )
{
// 撤消HOOK
HookItem.UnHook () ;
PFNMessageBoxA pfnMessageBoxA = (PFNMessageBoxA)HookItem.pOldFunEntry ;
// 调用原函数,修改输入参数
int ret = pfnMessageBoxA ( hWnd, "这是HOOK函数过程的消息框", "[测试]", uType ) ;
HookItem.ReHook () ;
return ret ;
} extern "C" __declspec(dllexport) void abc()
{
// HOOK API
MessageBoxA ( 0, "正常消息框", "测试", 0 ) ;
HookItem.Hook("USER32.dll","MessageBoxA",(FARPROC)New_MessageBoxA) ;
}BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{ switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
上面代码编译成:CHook.dllc#代码很简单 public partial class Form1 : Form
{
[DllImport("CHook.dll")]
public static extern void abc();
public Form1()
{
InitializeComponent();
} private void button1_Click(object sender, EventArgs e)
{
abc();//点这里开始调用c++ hook ,没报错,证明已经运行了
} private void button2_Click(object sender, EventArgs e)
{
MessageBox.Show("aaa");//这里报错,尝试读取或写入受保护的内存
}
}
请问,那里错了,c++水平不怎么样,很郁闷。大牛们救救小弟。。
#ifndef _HOOKAPI_H
#define _HOOKAPI_Hclass HookApi {
public:
LPVOID pOldFunEntry, pNewFunEntry ; // 初始函数地址、HOOK后的函数地址
BYTE bOldByte[5], bNewByte[5] ; // 原始字节、目标字节public:
HookApi () {}
~HookApi() {}
// 实现HOOK API
void Hook (PSTR szModuleName,PSTR szFunName,FARPROC pFun)
{
HMODULE hMod = ::GetModuleHandleA ( szModuleName ) ;
if (hMod != NULL)
{
pNewFunEntry = (LPVOID)pFun ;
pOldFunEntry = (LPVOID)GetProcAddress ( hMod, szFunName ) ;
bNewByte[0] = 0xE9 ;
*((PDWORD)(&(bNewByte[1]))) = (DWORD)pNewFunEntry -(DWORD)pOldFunEntry - 5 ; DWORD dwProtect, dwWriteByte, dwReadByte ;
VirtualProtect ( (LPVOID)pOldFunEntry, 5, PAGE_READWRITE, &dwProtect );
ReadProcessMemory ( GetCurrentProcess(), (LPVOID)pOldFunEntry, bOldByte, 5, &dwReadByte ) ;
WriteProcessMemory ( GetCurrentProcess(), (LPVOID)pOldFunEntry, bNewByte, 5, &dwWriteByte ) ;
VirtualProtect ( (LPVOID)pOldFunEntry, 5, dwProtect, NULL ) ;
}
}
// 重新HOOK
void ReHook ()
{
DWORD dwProtect, dwWriteByte ;
VirtualProtect ( pOldFunEntry, 5, PAGE_READWRITE, &dwProtect );
WriteProcessMemory ( GetCurrentProcess(), pOldFunEntry, bNewByte, 5, &dwWriteByte ) ;
VirtualProtect ( pOldFunEntry, 5, dwProtect, NULL ) ;
}
// 撤消HOOK
void UnHook ()
{
DWORD dwProtect, dwWriteByte ;
VirtualProtect ( pOldFunEntry, 5, PAGE_READWRITE, &dwProtect );
WriteProcessMemory ( GetCurrentProcess(), pOldFunEntry, bOldByte, 5, &dwWriteByte ) ;
VirtualProtect ( pOldFunEntry, 5, dwProtect, NULL ) ;
}
} ;#endif文件 dllmain.cpp// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"#include "HookApi.h";
HookApi HookItem;// 定义MessageBoxA函数原型
typedef int (WINAPI* PFNMessageBoxA)( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType ) ;// 自定义的MessageBoxA函数
// 实现对原始MessageBoxA的输入、输出参数的监控,甚至是取消调用
int WINAPI New_MessageBoxA( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType )
{
// 撤消HOOK
HookItem.UnHook () ;
PFNMessageBoxA pfnMessageBoxA = (PFNMessageBoxA)HookItem.pOldFunEntry ;
// 调用原函数,修改输入参数
int ret = pfnMessageBoxA ( hWnd, "这是HOOK函数过程的消息框", "[测试]", uType ) ;
HookItem.ReHook () ;
return ret ;
} extern "C" __declspec(dllexport) void abc()
{
// HOOK API
MessageBoxA ( 0, "正常消息框", "测试", 0 ) ;
HookItem.Hook("USER32.dll","MessageBoxA",(FARPROC)New_MessageBoxA) ;
}BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{ switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
上面代码编译成:CHook.dllc#代码很简单 public partial class Form1 : Form
{
[DllImport("CHook.dll")]
public static extern void abc();
public Form1()
{
InitializeComponent();
} private void button1_Click(object sender, EventArgs e)
{
abc();//点这里开始调用c++ hook ,没报错,证明已经运行了
} private void button2_Click(object sender, EventArgs e)
{
MessageBox.Show("aaa");//这里报错,尝试读取或写入受保护的内存
}
}
请问,那里错了,c++水平不怎么样,很郁闷。大牛们救救小弟。。
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货