unit UnitDllMain;interfaceuses windows,UnitNt2000Hook,Sysutils,dialogs,messages;const
MappingFileName = 'Mapping File Comm DLL';
Trap=true; {True陷阱式,False改引入表式}
type
TShareMem = packed record
ComPortFile:array[0..255] of char;
FileHandle:THandle;
DatToWriteFile:array[0..255] of char;
DatToReadFile:array[0..255] of char;
end;
PShareMem = ^TShareMem;procedure StartHook(FileBeSpy,readfile,writefile:pchar); stdcall;
procedure StopHook; stdcall;implementationvar
pShMem : PShareMem;
hMappingFile : THandle;
hook:array[0..4]of THookClass;
FirstProcess:boolean;
MessageHook:Thandle;
function NewCreateFileA(lpFileName: PChar;dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes;dwCreationDisposition,dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle;stdcall;
type
TCreateFileA=function(lpFileName: PChar;dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes;dwCreationDisposition,dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle;stdcall;
begin
Hook[0].Restore; {改引入表式可以不使用此语句}
result:=TCreateFileA(hook[0].OldFunction)(lpFileName,dwDesiredAccess,dwShareMode,
lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,
hTemplateFile); //这里我不是很明白,能请教下这里的意思吗?
if (stricomp(lpFileName,pShMem^.ComPortFile)=0)or // COM2
((plongword(@lpFileName[0])^=$5c2e5c5c)and(stricomp(@lpFileName[4],pShMem^.ComPortFile)=0)) or // \\.\COM2
((strlicomp(lpFileName,pShMem^.ComPortFile,4)=0)and(pword(@lpFileName[4])^=$002e))then // COM2.
begin
pShMem^.FileHandle:=result;
end;
Hook[0].Change; {改引入表式可以不使用此语句}
end;
下面省略。。
MappingFileName = 'Mapping File Comm DLL';
Trap=true; {True陷阱式,False改引入表式}
type
TShareMem = packed record
ComPortFile:array[0..255] of char;
FileHandle:THandle;
DatToWriteFile:array[0..255] of char;
DatToReadFile:array[0..255] of char;
end;
PShareMem = ^TShareMem;procedure StartHook(FileBeSpy,readfile,writefile:pchar); stdcall;
procedure StopHook; stdcall;implementationvar
pShMem : PShareMem;
hMappingFile : THandle;
hook:array[0..4]of THookClass;
FirstProcess:boolean;
MessageHook:Thandle;
function NewCreateFileA(lpFileName: PChar;dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes;dwCreationDisposition,dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle;stdcall;
type
TCreateFileA=function(lpFileName: PChar;dwDesiredAccess, dwShareMode: DWORD;
lpSecurityAttributes: PSecurityAttributes;dwCreationDisposition,dwFlagsAndAttributes: DWORD;
hTemplateFile: THandle): THandle;stdcall;
begin
Hook[0].Restore; {改引入表式可以不使用此语句}
result:=TCreateFileA(hook[0].OldFunction)(lpFileName,dwDesiredAccess,dwShareMode,
lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,
hTemplateFile); //这里我不是很明白,能请教下这里的意思吗?
if (stricomp(lpFileName,pShMem^.ComPortFile)=0)or // COM2
((plongword(@lpFileName[0])^=$5c2e5c5c)and(stricomp(@lpFileName[4],pShMem^.ComPortFile)=0)) or // \\.\COM2
((strlicomp(lpFileName,pShMem^.ComPortFile,4)=0)and(pword(@lpFileName[4])^=$002e))then // COM2.
begin
pShMem^.FileHandle:=result;
end;
Hook[0].Change; {改引入表式可以不使用此语句}
end;
下面省略。。
TCreateFileA(hook[0].OldFunction)就是你自己写的那个HOOK函数,之后的都是这个函数的参数,也就相当于你自己指定了一个CreateFileA让程序执行