[Error] APIHook.pas(10): Undeclared identifier: 'LPWSABUF'
[Error] APIHook.pas(11): Undeclared identifier: 'LPWSAOVERLAPPED_COMPLETION_ROUTINE'
[Fatal Error] Hook.dpr(7): Could not compile used unit 'APIHook.pas'请看一下,我今天找了一下午,现在请高手定点一下。我有多少分就给多少分。
[Error] APIHook.pas(11): Undeclared identifier: 'LPWSAOVERLAPPED_COMPLETION_ROUTINE'
[Fatal Error] Hook.dpr(7): Could not compile used unit 'APIHook.pas'请看一下,我今天找了一下午,现在请高手定点一下。我有多少分就给多少分。
Windows, WinSock,dialogs,WinSock2;type
TWSASend = function ( s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : LPWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall; TWSARecv = function ( s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesRecvd : DWORD; var lpFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : LPWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall; PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
AddressSend: TWSASend;
AddressRecv: TWSARecv;
MovEAX: Array [0..2] of BYTE;
end; //--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;var
OldSend:TWSASend;
OldRecv:TWSARecv; //原来的API地址 JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend( s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : LPWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall;
var
dwSize: cardinal;
tmp:string;
begin
//这儿进行发送的数据处理
setlength(tmp,dwBufferCount);
move(lpBuffers,tmp[1],dwBufferCount);
showmessage(tmp);
//MessageBeep(1000); //简单的响一声
//ShowMessage('hooked the send!');
//调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend( s , lpBuffers , dwBufferCount, lpNumberOfBytesSent , dwFlags , lpOverlapped , lpCompletionRoutine );
JmpCode.AddressSend := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;{---------------------------------------}
{函数功能:Recv函数的HOOK
{函数参数:同Recv
{函数返回值:integer
{---------------------------------------}
function MyRecv( s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesRecvd : DWORD; var lpFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : LPWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall;
var
dwSize: cardinal;
tmp:string;
begin
//这儿进行接收的数据处理
setlength(tmp,dwBufferCount);
move(lpBuffers,tmp[1],dwBufferCount);
showmessage(tmp);
//MessageBeep(1000); //简单的响一声
//ShowMessage('hooked the recv!');
//调用直正的Recv函数
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
Result := OldRecv( s,lpBuffers,dwBufferCount,lpNumberOfBytesRecvd,lpFlags,lpOverlapped,lpCompletionRoutine);
JmpCode.AddressRecv := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);
end;{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('WS2_32.DLL');
AddSend := GetProcAddress(DLLModule, 'WSASend'); //取得API地址
AddRecv := GetProcAddress(DLLModule, 'WSARecv');
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.AddressSend := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口
ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
JmpCode.AddressRecv := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口
OldSend := AddSend;
OldRecv := AddRecv;
end;{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
end;end.
我是所有的代码
TWSASend = function ( s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : LPWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall; 是这里面的'LPWSABUF' 'LPWSAOVERLAPPED_COMPLETION_ROUTINE' 没有定义
LPWSAOVERLAPPED_COMPLETION_ROUTINE -> PWSAOVERLAPPED_COMPLETION_ROUTINE
你查看一下winsock2.pas里的pack record定义我估计你的winsock2.pas里的是下面这样typePWSABUF = ^TWSABUF;
TWSABUF = packed record
len : u_long; { the length of the buffer }
buf : Pointer; //PChar; { the pointer to the buffer }
end;所以你的APIHOOK.PAS里的应该不是LPWSABUF,而是少一个L的 PWSABUF.同样APIHOOK里的 LPWSAOVERLAPPED_COMPLETION_ROUTINE 应该改成 PWSAOVERLAPPED_COMPLETION_ROUTINE
unit APIHook;interface uses
Windows, dialogs, Winsock2,Winsock;type
TWSASend = function ( s : TSocket; lpBuffers : PWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : PWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall; TWSARecv = function ( s : TSocket; lpBuffers : PWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesRecvd : DWORD; var lpFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : PWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall; PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
AddressSend: TWSASend;
AddressRecv: TWSARecv;
MovEAX: Array [0..2] of BYTE;
end; //--------------------????---------------------------
procedure HookAPI;
procedure UnHookAPI; var
OldSend:TWSASend;
OldRecv:TWSARecv; //???API?? JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //API??
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation {---------------------------------------}
{????:Send???HOOK
{????:?Send
{?????:integer
{---------------------------------------}
function MySend( s : TSocket; lpBuffers : PWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : PWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall;
var
dwSize: cardinal;
tmp:string;
begin
//???????????
setlength(tmp,dwBufferCount);
move(lpBuffers,tmp[1],dwBufferCount);
showmessage(tmp);
//MessageBeep(1000); //??????
//ShowMessage('hooked the send!');
//?????Send??
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend( s , lpBuffers , dwBufferCount, lpNumberOfBytesSent , dwFlags , lpOverlapped , lpCompletionRoutine );
JmpCode.AddressSend := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end; {---------------------------------------}
{????:Recv???HOOK
{????:?Recv
{?????:integer
{---------------------------------------}
function MyRecv( s : TSocket; lpBuffers : PWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesRecvd : DWORD; var lpFlags : DWORD;
lpOverlapped : LPWSAOVERLAPPED; lpCompletionRoutine : PWSAOVERLAPPED_COMPLETION_ROUTINE ): Integer; stdcall;
var
dwSize: cardinal;
tmp:string;
begin
//???????????
setlength(tmp,dwBufferCount);
move(lpBuffers,tmp[1],dwBufferCount);
showmessage(tmp);
//MessageBeep(1000); //??????
//ShowMessage('hooked the recv!');
//?????Recv??
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
Result := OldRecv( s,lpBuffers,dwBufferCount,lpNumberOfBytesRecvd,lpFlags,lpOverlapped,lpCompletionRoutine);
JmpCode.AddressRecv := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);
end; {------------------------------------}
{????:HookAPI
{????:?
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('WS2_32.DLL');
AddSend := GetProcAddress(DLLModule, 'WSASend'); //??API??
AddRecv := GetProcAddress(DLLModule, 'WSARecv');
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.AddressSend := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //??Send??
ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
JmpCode.AddressRecv := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //??Recv??
OldSend := AddSend;
OldRecv := AddRecv;
end; {------------------------------------}
{????:??HOOKAPI
{????:?
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
end; end.