小弟刚学Delphi(原来一直用VB)
现在我准备做一个游戏分析工具,想把 spy,wpe等工具中的精华部份合并到一个程序里.
在截获封包时出现了一些问题,我选择的是Hook send和recv部份代码如下:unit ApiHook;interfaceuses
SysUtils,
Windows, WinSock,Messages,Dialogs;const
WM_DATA1 = WM_USER + 1024;
WM_DATA2 = WM_USER + 1025;
MAPFILESIZE = 1000;
REQUEST_TIMEOUT = 1000;
type
//要HOOK的API函数定义
TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
PShareMem = ^TShareMem;
TShareMem = record
Data: array[0..1024]of pchar;
end;
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;
procedure OpenMap;
function LockMap: Boolean;
procedure UnlockMap;
procedure CloseMap;var
OldSend, OldRecv: TSockProc; //原来的API地址
JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
PShare: PShareMem;
HMapping: THandle;
HMapMutex: THandle;implementation{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
Str1:pchar;
begin
//这儿进行发送的数据处理
Str1:=pchar(Buf);
CopyMemory(@(pShare^.data), str1, Length(str1));//把封包数据写入内存映射文件
//通知主窗口有数据
PostMessage(FindWindow(nil, '游戏分析工具'), WM_DATA1, 1, 1);
//调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend(S, Buf, len, flags);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;出现问题的是CopyMemory(@(pShare^.data), str1, Length(str1));//把封包数据写入内存映射文件
去掉这一句调试都很正常,请各位老大指导一下,谢谢
现在我准备做一个游戏分析工具,想把 spy,wpe等工具中的精华部份合并到一个程序里.
在截获封包时出现了一些问题,我选择的是Hook send和recv部份代码如下:unit ApiHook;interfaceuses
SysUtils,
Windows, WinSock,Messages,Dialogs;const
WM_DATA1 = WM_USER + 1024;
WM_DATA2 = WM_USER + 1025;
MAPFILESIZE = 1000;
REQUEST_TIMEOUT = 1000;
type
//要HOOK的API函数定义
TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
PShareMem = ^TShareMem;
TShareMem = record
Data: array[0..1024]of pchar;
end;
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;
procedure OpenMap;
function LockMap: Boolean;
procedure UnlockMap;
procedure CloseMap;var
OldSend, OldRecv: TSockProc; //原来的API地址
JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
PShare: PShareMem;
HMapping: THandle;
HMapMutex: THandle;implementation{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
var
dwSize: cardinal;
Str1:pchar;
begin
//这儿进行发送的数据处理
Str1:=pchar(Buf);
CopyMemory(@(pShare^.data), str1, Length(str1));//把封包数据写入内存映射文件
//通知主窗口有数据
PostMessage(FindWindow(nil, '游戏分析工具'), WM_DATA1, 1, 1);
//调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend(S, Buf, len, flags);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;出现问题的是CopyMemory(@(pShare^.data), str1, Length(str1));//把封包数据写入内存映射文件
去掉这一句调试都很正常,请各位老大指导一下,谢谢
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货