各位高手:
我用HOOK拦截CreateFile,CreateFileA,CreateFileW,希望得到串口的控制权,我是用串口助手调试程序的,发现并非每次开启串口的操作都被我拦截了,程序启动时那次自动开启串口操作总是拦截不到,必需关闭串口再开启才能成功拦截,是否串口还有其他开启方式?
(程序是DELPHI写的,操作系统是XP)
我用HOOK拦截CreateFile,CreateFileA,CreateFileW,希望得到串口的控制权,我是用串口助手调试程序的,发现并非每次开启串口的操作都被我拦截了,程序启动时那次自动开启串口操作总是拦截不到,必需关闭串口再开启才能成功拦截,是否串口还有其他开启方式?
(程序是DELPHI写的,操作系统是XP)
解决方案 »
- 请教showmodal 与show的用法??
- 线程函数返回值的疑问
- 将鼠标限制在图片上,如何取消限制;
- 关于线程synchronize函数的用法问题
- 新病毒!!!!大家小心!!!数量不断递增!!!现在你的机子都染了吧!!csdn有可能因此瘫痪!!!!
- 鼠标状态问题
- 怎么样能实现向Photoshop里面的魔术棒功能?
- 怎样在DBGRID中将有些字段值为0的显示为空白??
- 请问,我用三个DBComboBox代表图书的大分类、中分类、小分类,要怎样才能使大类改变时中类、小类也跟着改变?
- 请教,ADO sp1在那下载!!!!!!知道的请进。急!!!!!!!!!
- 动态分配的数组的空间问题
- 三层结构,如何在服务端看到在线情况和客户端IP等信息
看下这个源码咯.
SysUtils,
Windows,
Classes,
HookAPI in 'HookAPI.pas',
Main in 'Main.pas';var
hhk: HHOOK;function GetMsgProc(nCode: Integer; wParam: wParam; lParam: lParam): LRESULT; stdcall;
begin
Result:= CallNextHookEx(hhk, nCode, wParam, lParam);
end;function SetHook: Boolean; stdcall; export;
begin
Result:= False;
if hhk <> 0 then exit;
hhk:= SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, hInstance, 0);
if hhk <> 0 then Result:= True;
end;function RemoveHook: Boolean; stdcall; export;
begin
if hhk <> 0 then
begin
UnHookWindowsHookEx(hhk);
hhk:= 0;
end;
Result:= hhk = 0;
end;{$R *.res}exports
SetHook,
RemoveHook;begin
API_Hookup;
end.//-----------------------------------------------------------------------------------unit HookAPI;interfaceuses
Windows, Classes; function LocateFunctionAddress(Code: Pointer): Pointer;
function RepointFunction(OldFunc, NewFunc: Pointer): Integer;type
PImage_Import_Entry = ^Image_Import_Entry;
Image_Import_Entry = record
Characteristics: DWORD;
TimeDateStamp: DWORD;
MajorVersion: Word;
MinorVersion: Word;
Name: DWORD;
LookupTable: DWORD;
end;type
TImportCode = packed record
JumpInstruction: Word;
AddressOfPointerToFunction: ^Pointer;
end;
PImportCode = ^TImportCode;
implementationfunction LocateFunctionAddress(Code: Pointer): Pointer;
var
func: PImportCode;
begin
Result:= Code;
if Code = nil then exit;
try
func:= code;
if (func.JumpInstruction = $25FF) then
begin
Result:= func.AddressOfPointerToFunction^;
end;
except
Result:= nil;
end;
end;function RepointFunction(OldFunc, NewFunc: Pointer): Integer;
var
IsDone: TList;
function RepointAddrInModule(hModule: THandle; OldFunc, NewFunc: Pointer): Integer;
var
Dos: PImageDosHeader;
NT: PImageNTHeaders;
ImportDesc: PImage_Import_Entry;
RVA: DWORD;
Func: ^Pointer;
DLL: string;
f: Pointer;
written: DWORD;
begin
Result:= 0;
Dos:= Pointer(hModule);
if IsDone.IndexOf(Dos) >= 0 then exit;
IsDone.Add(Dos);
OldFunc:= LocateFunctionAddress(OldFunc);
if IsBadReadPtr(Dos, SizeOf(TImageDosHeader)) then exit;
if Dos.e_magic <> IMAGE_DOS_SIGNATURE then exit;
NT:= Pointer(Integer(Dos) + dos._lfanew);
RVA:= NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
if RVA = 0 then exit;
ImportDesc:= pointer(integer(Dos) + RVA);
while (ImportDesc^.Name <> 0) do
begin
DLL:= PChar(Integer(Dos) + ImportDesc^.Name);
RepointAddrInModule(GetModuleHandle(PChar(DLL)), OldFunc, NewFunc);
Func:= Pointer(Integer(DOS) + ImportDesc.LookupTable);
while Func^ <> nil do
begin
f:= LocateFunctionAddress(Func^);
if f = OldFunc then
begin
WriteProcessMemory(GetCurrentProcess, Func, @NewFunc, 4, written);
if Written > 0 then Inc(Result);
end;
Inc(Func);
end;
Inc(ImportDesc);
end;
end;
begin
IsDone:= TList.Create;
try
Result:= RepointAddrInModule(GetModuleHandle(nil), OldFunc, NewFunc);
finally
IsDone.Free;
end;
end;end./--------------------------------------------------------------------------------------unit Main;interfaceuses
Windows, SysUtils, Classes, Dialogs, ShellAPI; procedure API_Hookup; stdcall;
procedure API_HookDown; stdcall;type
TCreateProcess = function(lpApplicationName: PChar; lpCommandLine: PChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;
TCreateProcessA = function(lpApplicationName: PAnsiChar; lpCommandLine: PAnsiChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PAnsiChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;
TCreateProcessW = function(lpApplicationName: PWideChar; lpCommandLine: PWideChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PWideChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;var
OldCreateProcess: TCreateProcess;
OldCreateProcessA: TCreateProcessA;
OldCreateProcessW: TCreateProcessW;implementationuses HookAPI;function MyCreateProcess(lpApplicationName: PChar; lpCommandLine: PChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;
begin
ShowMessage('MyCreateProcess');
end;function MyCreateProcessA(lpApplicationName: PAnsiChar; lpCommandLine: PAnsiChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PAnsiChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;
begin
ShowMessage('MyCreateProcessA');
end;function MyCreateProcessW(lpApplicationName: PWideChar; lpCommandLine: PWideChar;
lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
lpCurrentDirectory: PWideChar; const lpStartupInfo: TStartupInfo;
var lpProcessInformation: TProcessInformation): BOOL; stdcall;
begin
ShowMessage('MyCreateProcessW');
end;procedure API_Hookup; stdcall;
begin
if @OldCreateProcess = nil then
@OldCreateProcess:= LocateFunctionAddress(@CreateProcess);
if @OldCreateProcessA = nil then
@OldCreateProcessA:= LocateFunctionAddress(@CreateProcessA);
if @OldCreateProcessW = nil then
@OldCreateProcessW:= LocateFunctionAddress(@CreateProcessW); RepointFunction(@OldCreateProcess, @MyCreateProcess);
RepointFunction(@OldCreateProcessA, @MyCreateProcessA);
RepointFunction(@OldCreateProcessW, @MyCreateProcessW);
end;procedure API_HookDown; stdcall;
begin
if @OldCreateProcess <> nil then
RepointFunction(@MyCreateProcess, @OldCreateProcess);
if @OldCreateProcess <> nil then
RepointFunction(@MyCreateProcessA, @OldCreateProcessA);
if @OldCreateProcess <> nil then
RepointFunction(@MyCreateProcessW, @OldCreateProcessW);
end;initializationfinalization
API_HookDown;
end.