串口监视(CreateFile,CreateFileA,CreateFileW)

各位高手:
   我用HOOK拦截CreateFile,CreateFileA,CreateFileW,希望得到串口的控制权,我是用串口助手调试程序的,发现并非每次开启串口的操作都被我拦截了,程序启动时那次自动开启串口操作总是拦截不到,必需关闭串口再开启才能成功拦截,是否串口还有其他开启方式?
(程序是DELPHI写的,操作系统是XP)

解决方案 »

  1.   

    你是如何Hook的?什么时候Hook的?一般只针对进程Hook吧?要在进程启动时Hook,也就是把目标进程当成子进程创建,并挂起主线程,然后Hook,然后唤醒主线程。
      

  2.   

    Delphi下深入Windows核心编程\第2章  钩子原理\钩子实现文件或端口读写的截取&
    看下这个源码咯.
      

  3.   

    给你个网上的例子:library MYAPIDLL;uses
      SysUtils,
      Windows,
      Classes,
      HookAPI in 'HookAPI.pas',
      Main in 'Main.pas';var
      hhk: HHOOK;function GetMsgProc(nCode: Integer; wParam: wParam; lParam: lParam): LRESULT; stdcall;
    begin
      Result:= CallNextHookEx(hhk, nCode, wParam, lParam);
    end;function SetHook: Boolean; stdcall; export;
    begin
      Result:= False;
      if hhk <> 0 then exit;
      hhk:= SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc, hInstance, 0);
      if hhk <> 0 then Result:= True;
    end;function RemoveHook: Boolean; stdcall; export;
    begin
      if hhk <> 0 then
      begin
        UnHookWindowsHookEx(hhk);
        hhk:= 0;
      end;
      Result:= hhk = 0;
    end;{$R *.res}exports
      SetHook,
      RemoveHook;begin
      API_Hookup;
    end.//-----------------------------------------------------------------------------------unit HookAPI;interfaceuses
      Windows, Classes;  function LocateFunctionAddress(Code: Pointer): Pointer;
      function RepointFunction(OldFunc, NewFunc: Pointer): Integer;type
      PImage_Import_Entry = ^Image_Import_Entry;
      Image_Import_Entry = record
        Characteristics: DWORD;
        TimeDateStamp: DWORD;
        MajorVersion: Word;
        MinorVersion: Word;
        Name: DWORD;
        LookupTable: DWORD;
      end;type
      TImportCode = packed record
        JumpInstruction: Word;
        AddressOfPointerToFunction: ^Pointer;
      end;
      PImportCode = ^TImportCode;
        
    implementationfunction LocateFunctionAddress(Code: Pointer): Pointer;
    var
      func: PImportCode;
    begin
      Result:= Code;
      if Code = nil then exit;
      try
        func:= code;
        if (func.JumpInstruction = $25FF) then
        begin
          Result:= func.AddressOfPointerToFunction^;
        end;
      except
        Result:= nil;
      end;
    end;function RepointFunction(OldFunc, NewFunc: Pointer): Integer;
    var
      IsDone: TList;
      function RepointAddrInModule(hModule: THandle; OldFunc, NewFunc: Pointer): Integer;
      var
        Dos: PImageDosHeader;
        NT: PImageNTHeaders;
        ImportDesc: PImage_Import_Entry;
        RVA: DWORD;
        Func: ^Pointer;
        DLL: string;
        f: Pointer;
        written: DWORD;
      begin
        Result:= 0;
        Dos:= Pointer(hModule);
        if IsDone.IndexOf(Dos) >= 0 then exit;
        IsDone.Add(Dos);
        OldFunc:= LocateFunctionAddress(OldFunc);
        if IsBadReadPtr(Dos, SizeOf(TImageDosHeader)) then exit;
        if Dos.e_magic <> IMAGE_DOS_SIGNATURE then exit;
        NT:= Pointer(Integer(Dos) + dos._lfanew);
        RVA:= NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
        if RVA = 0 then exit;
        ImportDesc:= pointer(integer(Dos) + RVA);
        while (ImportDesc^.Name <> 0) do
        begin
          DLL:= PChar(Integer(Dos) + ImportDesc^.Name);
          RepointAddrInModule(GetModuleHandle(PChar(DLL)), OldFunc, NewFunc);
          Func:= Pointer(Integer(DOS) + ImportDesc.LookupTable);
          while Func^ <> nil do
          begin
            f:= LocateFunctionAddress(Func^);
            if f = OldFunc then
            begin
              WriteProcessMemory(GetCurrentProcess, Func, @NewFunc, 4, written);
              if Written > 0 then Inc(Result);
            end;
            Inc(Func);
          end;
          Inc(ImportDesc);
        end;
      end;
    begin
      IsDone:= TList.Create;
      try
        Result:= RepointAddrInModule(GetModuleHandle(nil), OldFunc, NewFunc);
      finally
        IsDone.Free;
      end;
    end;end./--------------------------------------------------------------------------------------unit Main;interfaceuses
      Windows, SysUtils, Classes, Dialogs, ShellAPI;  procedure API_Hookup; stdcall;
      procedure API_HookDown; stdcall;type
      TCreateProcess = function(lpApplicationName: PChar; lpCommandLine: PChar;
                lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
                bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
                lpCurrentDirectory: PChar; const lpStartupInfo: TStartupInfo;
                var lpProcessInformation: TProcessInformation): BOOL; stdcall;
      TCreateProcessA = function(lpApplicationName: PAnsiChar; lpCommandLine: PAnsiChar;
                lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
                bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
                lpCurrentDirectory: PAnsiChar; const lpStartupInfo: TStartupInfo;
                var lpProcessInformation: TProcessInformation): BOOL; stdcall;
      TCreateProcessW = function(lpApplicationName: PWideChar; lpCommandLine: PWideChar;
                lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
                bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
                lpCurrentDirectory: PWideChar; const lpStartupInfo: TStartupInfo;
                var lpProcessInformation: TProcessInformation): BOOL; stdcall;var
      OldCreateProcess: TCreateProcess;
      OldCreateProcessA: TCreateProcessA;
      OldCreateProcessW: TCreateProcessW;implementationuses HookAPI;function MyCreateProcess(lpApplicationName: PChar; lpCommandLine: PChar;
                lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
                bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
                lpCurrentDirectory: PChar; const lpStartupInfo: TStartupInfo;
                var lpProcessInformation: TProcessInformation): BOOL; stdcall;
    begin
      ShowMessage('MyCreateProcess');
    end;function MyCreateProcessA(lpApplicationName: PAnsiChar; lpCommandLine: PAnsiChar;
                lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
                bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
                lpCurrentDirectory: PAnsiChar; const lpStartupInfo: TStartupInfo;
                var lpProcessInformation: TProcessInformation): BOOL; stdcall;
    begin
      ShowMessage('MyCreateProcessA');
    end;function MyCreateProcessW(lpApplicationName: PWideChar; lpCommandLine: PWideChar;
                lpProcessAttributes, lpThreadAttributes: PSecurityAttributes;
                bInheritHandles: BOOL; dwCreationFlags: DWORD; lpEnvironment: Pointer;
                lpCurrentDirectory: PWideChar; const lpStartupInfo: TStartupInfo;
                var lpProcessInformation: TProcessInformation): BOOL; stdcall;
    begin
      ShowMessage('MyCreateProcessW');
    end;procedure API_Hookup; stdcall;
    begin
      if @OldCreateProcess = nil then
        @OldCreateProcess:= LocateFunctionAddress(@CreateProcess);
      if @OldCreateProcessA = nil then
        @OldCreateProcessA:= LocateFunctionAddress(@CreateProcessA);
      if @OldCreateProcessW = nil then
        @OldCreateProcessW:= LocateFunctionAddress(@CreateProcessW);  RepointFunction(@OldCreateProcess, @MyCreateProcess);
      RepointFunction(@OldCreateProcessA, @MyCreateProcessA);
      RepointFunction(@OldCreateProcessW, @MyCreateProcessW);
    end;procedure API_HookDown; stdcall;
    begin
      if @OldCreateProcess <> nil then
        RepointFunction(@MyCreateProcess, @OldCreateProcess);
      if @OldCreateProcess <> nil then
        RepointFunction(@MyCreateProcessA, @OldCreateProcessA);
      if @OldCreateProcess <> nil then
        RepointFunction(@MyCreateProcessW, @OldCreateProcessW);
    end;initializationfinalization
      API_HookDown;
      
    end.