我想将一个C写的API HOOK改为DELPHI的,
可是我改了半天还是有问题。
大家谁帮我看看,还要怎么改啊?
谢谢
原C程序地址
http://www.xfocus.net/article_view.php?id=336
下面是我改的
unit M_Unit;interfaceuses
Variants, SysUtils, Classes, windows, messages;var
g_hHook:hhook;
g_hinstDll:THandle;
pfMessageBoxA:FARPROC; OldMessageBoxACode,NewMessageBoxACode:array [0..4] of byte;
hModule:THandle;
dwIdOld,dwIdNew:Thandle;
bHook:boolean;function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;
procedure HookOn();
procedure HookOff();
function init():boolean;
function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;
function UninstallHook():boolean;implementation
function DllMain( hModule:THANDLE;
ul_reason_for_call:DWORD;
lpReserved:Tpoint
):boolean;
begin
case ul_reason_for_call of
DLL_PROCESS_ATTACH:
if not init() then
begin
MessageBoxA(null,'Init','ERROR',MB_OK);
result:=false;
exit;
end;
DLL_THREAD_ATTACH:;
DLL_THREAD_DETACH:;
DLL_PROCESS_DETACH:;
end;
if bHook then
UninstallHook();
result:=TRUE;
end;function InstallHook():boolean;//输出安装空的钩子函数
begin
g_hinstDll:=LoadLibrary('HookApi2.dll');
g_hHook:=SetWindowsHookEx(WH_GETMESSAGE,@MyMessageBoxA,g_hinstDll,0);
if g_hHook=0 then
begin
MessageBoxA(NULL,'SET ERROR','ERROR',MB_OK);
result:=false;
exit;
end;
result:=true;
end;function UninstallHook():boolean;//输出御在钩子函数
begin
result:=UnhookWindowsHookEx(g_hHook);
end;//首先关闭拦截,然后才能调用被拦截的Api 函数
function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;
var
nReturn:integer;
begin
nReturn:=0;
HookOff();
nReturn:=MessageBoxA(hWnd,'Hook',lpCaption,uType);
HookOn();
result:=nReturn;
end;procedure HookOn();
var
hProc:THANDLE;
begin
dwIdOld:=dwIdNew;
hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);//得到所属进程的句柄
VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为可写
WriteProcessMemory(hProc,pfMessageBoxA,@NewMessageBoxACode, 5,0);//将所属进程中MessageBoxA的前5个字节改为JMP 到MyMessageBoxA
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为原来的属性
bHook:=true;
end;procedure HookOff();//将所属进程中JMP MyMessageBoxA的代码改为Jmp MessageBoxA
var
hProc:THANDLE;
begin
dwIdOld:=dwIdNew;
hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);
VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);
WriteProcessMemory(hProc,pfMessageBoxA,@OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);
bHook:=false;
end;function init():boolean;//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令
begin
hModule:=LoadLibrary('user32.dll');
pfMessageBoxA:=GetProcAddress(hModule,'MessageBoxA');
if pfMessageBoxA=nil then
begin
result:=false;
exit
end;
asm
lea edi,OldMessageBoxACode
mov esi,pfMessageBoxA
cld
movsd
movsb
end;
NewMessageBoxACode[0]:=0xe9;//jmp MyMessageBoxA的相对地址的指令
asm
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
end;
dwIdNew:=GetCurrentProcessId(); //得到所属进程的ID
dwIdOld:=dwIdNew;
HookOn();//开始拦截
result:=true;
end;function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;
beginend;end.
可是我改了半天还是有问题。
大家谁帮我看看,还要怎么改啊?
谢谢
原C程序地址
http://www.xfocus.net/article_view.php?id=336
下面是我改的
unit M_Unit;interfaceuses
Variants, SysUtils, Classes, windows, messages;var
g_hHook:hhook;
g_hinstDll:THandle;
pfMessageBoxA:FARPROC; OldMessageBoxACode,NewMessageBoxACode:array [0..4] of byte;
hModule:THandle;
dwIdOld,dwIdNew:Thandle;
bHook:boolean;function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;
procedure HookOn();
procedure HookOff();
function init():boolean;
function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;
function UninstallHook():boolean;implementation
function DllMain( hModule:THANDLE;
ul_reason_for_call:DWORD;
lpReserved:Tpoint
):boolean;
begin
case ul_reason_for_call of
DLL_PROCESS_ATTACH:
if not init() then
begin
MessageBoxA(null,'Init','ERROR',MB_OK);
result:=false;
exit;
end;
DLL_THREAD_ATTACH:;
DLL_THREAD_DETACH:;
DLL_PROCESS_DETACH:;
end;
if bHook then
UninstallHook();
result:=TRUE;
end;function InstallHook():boolean;//输出安装空的钩子函数
begin
g_hinstDll:=LoadLibrary('HookApi2.dll');
g_hHook:=SetWindowsHookEx(WH_GETMESSAGE,@MyMessageBoxA,g_hinstDll,0);
if g_hHook=0 then
begin
MessageBoxA(NULL,'SET ERROR','ERROR',MB_OK);
result:=false;
exit;
end;
result:=true;
end;function UninstallHook():boolean;//输出御在钩子函数
begin
result:=UnhookWindowsHookEx(g_hHook);
end;//首先关闭拦截,然后才能调用被拦截的Api 函数
function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;
var
nReturn:integer;
begin
nReturn:=0;
HookOff();
nReturn:=MessageBoxA(hWnd,'Hook',lpCaption,uType);
HookOn();
result:=nReturn;
end;procedure HookOn();
var
hProc:THANDLE;
begin
dwIdOld:=dwIdNew;
hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);//得到所属进程的句柄
VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为可写
WriteProcessMemory(hProc,pfMessageBoxA,@NewMessageBoxACode, 5,0);//将所属进程中MessageBoxA的前5个字节改为JMP 到MyMessageBoxA
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为原来的属性
bHook:=true;
end;procedure HookOff();//将所属进程中JMP MyMessageBoxA的代码改为Jmp MessageBoxA
var
hProc:THANDLE;
begin
dwIdOld:=dwIdNew;
hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);
VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);
WriteProcessMemory(hProc,pfMessageBoxA,@OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);
bHook:=false;
end;function init():boolean;//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令
begin
hModule:=LoadLibrary('user32.dll');
pfMessageBoxA:=GetProcAddress(hModule,'MessageBoxA');
if pfMessageBoxA=nil then
begin
result:=false;
exit
end;
asm
lea edi,OldMessageBoxACode
mov esi,pfMessageBoxA
cld
movsd
movsb
end;
NewMessageBoxACode[0]:=0xe9;//jmp MyMessageBoxA的相对地址的指令
asm
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
end;
dwIdNew:=GetCurrentProcessId(); //得到所属进程的ID
dwIdOld:=dwIdNew;
HookOn();//开始拦截
result:=true;
end;function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;
beginend;end.
应当没问题吧。