全局HOOK的问题(分以后一定补上)

我做了一个拦截MESSAGEBOX函数的程序,可是它只能拦截本进程的MESSAGEBOX函数,我想拦截其它进程的怎么办啊?如何把DLL注入到其它的进程?希望大家能给出源代码,我想好好学学。。谢谢

解决方案 »

  1.   

    用google或baidu搜索,一定能找到不少的资料。
      

  2.   

    用setwindowhook设置勾子(比如WM_GETMESSAGE),代码放在dll文件里,再在这个dll文件里面获得MESSAGEBOX函数的地址并修改(这个你应该知道怎么做)。这样就能拦截到其它程序的MESSAGEBOX函数.
      

  3.   

    我是这样做的啊,当写在一个工程文件就可以拦截到本进程的MESSAGEBOX,但写到DLL里面,再注册一个鼠标钩子后,连本进程的都拦截不到了。。大家能不能帮我看看我的源代码,我的DLL:
    library mousehook;uses
      SysUtils,
      Classes,
      Windows,
      messages,
      shellapi,
      dialogs;type
    Tmousehook=record 
    isrun:boolean; 
    hook:hhook;  
    end; 
    TlmportCode =packed record
        Jumplnstruction: Word; //是$25FF,JUMP指令
    AddressOfPointerToFunction: PPointer;//真正开始的地址
    end;
    PlmportCode = ^TlmportCode;type
       TmessageA = function(hwn: hwnd; Iptext: pchar; Ipcapion:pchar; utype: cardinal): integer;stdcall;
       TmessageW = function(hwn: hwnd; Iptext: pchar; Ipcapion:pchar; utype: cardinal): integer;stdcall;
    var
    mymousehook:Tmousehook;
    FuncMessageboxA,FuncMessageBoxw:PlmportCode;
    OldMessageBoxA: TmessageA;
    OldMessageBoxW: TmessageW;{$R *.res}
    function TrueFunctionAddress(func: Pointer): Pointer;
    var
      Code: PlmportCode;
    Begin
      Result:= func;
      if func = nil then exit;
      try
       Code := func;
       if (Code.jumplnstruction = $25FF) then begin
         Result := Code.AddressOfPointerToFunction^;
       end;
       except
         Result :=nil;
      end;
    end;
    //这样,只要用自己的函数的地址代替它就可以了。替换函数:
    Procedure PermuteFunction(OldFunc:Ppointer; NewFunc:Pointer);
    var
      written: DWORD;
    begin
      WriteProcessMemory(GetCurrentProcess,OldFunc,@NewFunc,4,written);
    end;
    function MyBoxA (hwn: hwnd; Iptext: pchar; Ipcapion:pchar; utype: cardinal): integer;stdcall;
    begin
    PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@OldMessageboxA);
    result :=OldMessageBoxA(hwn,'Succes Hook A!', Ipcapion,utype);
    PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@MyBoxA);
    end;function MyBoxW (hwn: hwnd; Iptext: pchar; Ipcapion:pchar; utype: cardinal): integer;stdcall;
    begin
    PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@OldMessageboxW);
    result :=OldMessageBoxW(hwn,'成功挂上W!',Ipcapion,utype);
    PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@MyBoxW);
    end;procedure API_Hookup;
    begin
       if @OldMessageBoxA = nil then
         @OldMessageBoxA := TrueFunctionAddress(@messageboxA);
       if @OldMessageBoxW = nil then
       @OldMessageBoxW := TrueFunctionAddress(@messageboxW);
    PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@MyBoxA);
    PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@MyBoxW);
    end;procedure Un_API_Hook;
    begin
      if @OldMessageBoxA <> nil then begin
             PermuteFunction(FuncMessageboxA.AddressOfPointerToFunction,@OldMessageboxA);
             PermuteFunction(FuncMessageboxW.AddressOfPointerToFunction,@OldMessageboxW);
      end;
    end;
    function gethookinfo(code:integer;wp:WPARAM;lp:LPARAM):LResult;stdcall; begin 
    result:= CallNextHookEx(mymousehook.hook,code,wp,lp); 
    end; procedure installmousehook();stdcall; 
    begin 
    if not mymousehook.isrun then 
    begin 
    mymousehook.hook:=setwindowshookex(WH_MOUSE,@gethookinfo,HInstance,0);
    mymousehook.isrun:=not mymousehook.isrun; 
    end; 
    end; procedure uninstallmousehook(); stdcall; 
    begin 
    if mymousehook.isrun then 
    begin 
    UnHookWindowsHookEx(mymousehook.hook); 
    mymousehook.isrun:=not mymousehook.isrun; 
    end; 
    end; Procedure DLLEntryPoint(dwReason:DWord); begin 
    Case dwReason of 
    DLL_PROCESS_ATTACH:begin 
    mymousehook.isrun:=false;
    FuncMessageboxA := @MessageboxA;
    FuncMessageBoxw := @MessageboxW;
    API_Hookup;end; 
    DLL_PROCESS_DETACH:
    begin
    Un_API_Hook;
    end;
    DLL_THREAD_ATTACH:;
    DLL_THREAD_DETACH:; 
    End; 
    end; exports 
    installmousehook, 
    uninstallmousehook; 
    begin 
    DLLProc := @DLLEntryPoint;
    DLLEntryPoint(DLL_PROCESS_ATTACH); 
    end. 我的工程文件是这样写的:
    unit Unit1;interfaceuses
      Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
      Dialogs, StdCtrls;type
      TForm1 = class(TForm)
        Memo1: TMemo;
        Button1: TButton;
        Button2: TButton;
        Button3: TButton;
        procedure Button1Click(Sender: TObject);
        procedure Button2Click(Sender: TObject);
        procedure Button3Click(Sender: TObject);
      private
        { Private declarations }
      public
        { Public declarations }
      end;var
      Form1: TForm1;implementation
    procedure installmousehook();stdcall;external 'mousehook.dll';
    procedure uninstallmousehook();stdcall;external 'mousehook.dll'; {$R *.dfm}procedure TForm1.Button1Click(Sender: TObject);
    begin
        installmousehook();
    end;procedure TForm1.Button2Click(Sender: TObject);
    begin
    uninstallmousehook();
    end;procedure TForm1.Button3Click(Sender: TObject);
    begin
    MessageBoxA(Form1.Handle,'NO HOOK UP A','MessageBoxA',MB_OK);
    MessageBoxW(Form1.Handle,'NO HOOK UP W','MessageBoxW',MB_OK);
    MessageBox (Form1.Handle,'NO HOOK UP BOX','MessageBox',MB_OK);
    end;end.
    结果居然拦截不到MESSAGEBOX,包括本进程的都拦截不到,请大家帮忙分析一下。。
    不胜感激~~~~~
      

  4.   

    请仔细看下面的文章,http://blog.csdn.net/linzhengqun
    找钩子及其应用,相信一定能帮你。