library Hook;
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs,StrUtils,madcodehook,WinSock,
myDLl in 'myDLl.pas' {Form1};
var
hHk:HHOOK=0;
hThread:Cardinal;
hmod:Pointer;
//////////////////
sendNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
recvNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
acceptNextHook : function (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
t : textfile;
//////////////////
function mioAccept (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
begin
append (T);
writeln (T, 'accept');
closefile (T);
Result := acceptNextHook(s, addr, addrlen);
end;function mioSend (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
append (T);
writeln (T, 'Send');
closefile (T);
result:= SendNextHook (s, Buf, len, flags);
end;function mioRecv (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
{ append (T);
writeln (T, 'Recv');
closefile (T); }
ShowMessage('123321');
result:= RecvNextHook (s, Buf, len, flags);
end;
///////////////////////===========接收按键F12开呼出隐藏窗口==================
function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;
label
theExit;
begin
if nCode < 0 then
goto theExit;
if (nCode <> HC_ACTION) then
goto theExit;
if ((lParam and $80000000) = 0) { or (GetAsyncKeyState(VK_Control)=0) } then
goto theExit;
case wParam of VK_F12:
begin
//ShowMessage('11111222223');
AssignFile (T, 'log.txt');
rewrite (T);
closefile (t);
{acceptNextHook:= nil;
RecvNextHook:= nil;
SendNextHook:= nil; }
HookAPI ('ws2_32.dll', 'accept', @mioAccept, @acceptNextHook);
// if Assigned (acceptNextHook) then {writeln ('accept ok');}
// ShowMessage('accept ok');
if HookAPI ('ws2_32.dll', 'recv', @mioRecv, @recvNextHook) then
// if Assigned (RecvNextHook) then {writeln ('recv ok'); }
ShowMessage('recv ok');
if HookAPI ('ws2_32.dll', 'send', @mioSend, @sendNextHook) then
// if Assigned (SendNextHook) then {writeln ('send ok'); }
ShowMessage('send ok');
// writeln ('started'); if form1 <> nil then
begin
if form1.Visible = true then
Form1.Hide
else
Form1.Show;
end
else //窗体还没有加载
Form1:=TForm1.Create(Application);
end;
end;
theExit:
result := CallNextHookEx(hHk, nCode, wParam, lParam);
end;
//------------------------------------------------------------------------------
function HookOn(lpHwnd:HWND):Longint;stdcall;export;//安装钩子
begin
hThread :=GetWindowThreadProcessId(lpHwnd,hmod);
if lpHwnd<>0 then hHk :=SetWindowsHookEx(WH_KEYBOARD,@HookProc,hInstance,hThread);
Result :=hHk
end;
//------------------------------------------------------------------------------
function HookOff:Boolean;stdcall;export; //卸载钩子
begin
if hHk<>0 then
begin
UnHookWindowsHookEx(hHk);
hHk :=0;
Result :=true;
end
else
Result :=false;
end;
//------------------------------------------------------------------------------
{$R *.res}exports
HookOn,HookOff;
begin
{Application.Initialize;
Application.Run; }
end.
///////////////////////////////////////////////////////////////////////////////////
unit myDLl;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls , ComCtrls, XPMan, Grids;type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
TabSheet3: TTabSheet;
edt1: TEdit;
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
implementation
{$R *.dfm}
end.
////以上是DLL的
///以下是EXE的program zhuru;uses
Forms,
Unit1 in 'Unit1.pas' {Form1};{$R *.res}begin
Application.Initialize;
Application.CreateForm(TForm1, Form1);
Application.Run;
end.
/////////
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls, XPMan;type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
Edit1: TEdit;
Label1: TLabel;
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
hhk:Longint;
function HookOn(lpHwnd:HWND):Longint;stdcall;external 'Hook.dll' name 'HookOn';
function HookOff:Boolean;stdcall;external 'Hook.dll' name 'HookOff';
implementation
function UninstallHook(hk:HHOOK):Boolean;stdcall;export; //卸载钩子
begin
if hk<>0 then
begin
UnHookWindowsHookEx(hHk);
hk :=0;
Result :=true;
end
else
Result :=false;
end;
//------------------------------------------------------------------------------
{$R *.dfm}procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
hookoff;
end;procedure TForm1.Button1Click(Sender: TObject);
var
h1:HWND;
txt:string;
begin
if Edit1.Text<>'' then
begin
txt:=edit1.text;
h1:=FindWindow(nil,pchar(txt));
if h1>0 then
begin
hhk:=HookOn(h1);
showmessage('找到进程,已注入!');
Caption:=IntToStr(hhk);
end
else
showmessage('没找到进程!');
edit1.setfocus;
end
else
begin
showmessage('窗口标题不能为空!');
edit1.setfocus;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
UninstallHook(hhk);
showmessage('注入已被取消!');
end;
end./////////////////////
object Form1: TForm1
Left = 93
Top = 373
Width = 180
Height = 154
BorderIcons = [biSystemMenu, biMinimize]
Caption = #25353'F12'#21628#20986
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = []
OldCreateOrder = False
OnClose = FormClose
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 17
Top = 11
Width = 60
Height = 13
Caption = #31383#21475#26631#39064#65306
end
object Button1: TButton
Left = 48
Top = 63
Width = 75
Height = 24
Caption = 'DLL'#27880#20837
TabOrder = 1
OnClick = Button1Click
end
object Button2: TButton
Left = 48
Top = 90
Width = 75
Height = 24
Caption = #21462#28040#27880#20837
TabOrder = 2
OnClick = Button2Click
end
object Edit1: TEdit
Left = 21
Top = 32
Width = 126
Height = 21
TabOrder = 0
end
end
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs,StrUtils,madcodehook,WinSock,
myDLl in 'myDLl.pas' {Form1};
var
hHk:HHOOK=0;
hThread:Cardinal;
hmod:Pointer;
//////////////////
sendNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
recvNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
acceptNextHook : function (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
t : textfile;
//////////////////
function mioAccept (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
begin
append (T);
writeln (T, 'accept');
closefile (T);
Result := acceptNextHook(s, addr, addrlen);
end;function mioSend (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
append (T);
writeln (T, 'Send');
closefile (T);
result:= SendNextHook (s, Buf, len, flags);
end;function mioRecv (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
{ append (T);
writeln (T, 'Recv');
closefile (T); }
ShowMessage('123321');
result:= RecvNextHook (s, Buf, len, flags);
end;
///////////////////////===========接收按键F12开呼出隐藏窗口==================
function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;
label
theExit;
begin
if nCode < 0 then
goto theExit;
if (nCode <> HC_ACTION) then
goto theExit;
if ((lParam and $80000000) = 0) { or (GetAsyncKeyState(VK_Control)=0) } then
goto theExit;
case wParam of VK_F12:
begin
//ShowMessage('11111222223');
AssignFile (T, 'log.txt');
rewrite (T);
closefile (t);
{acceptNextHook:= nil;
RecvNextHook:= nil;
SendNextHook:= nil; }
HookAPI ('ws2_32.dll', 'accept', @mioAccept, @acceptNextHook);
// if Assigned (acceptNextHook) then {writeln ('accept ok');}
// ShowMessage('accept ok');
if HookAPI ('ws2_32.dll', 'recv', @mioRecv, @recvNextHook) then
// if Assigned (RecvNextHook) then {writeln ('recv ok'); }
ShowMessage('recv ok');
if HookAPI ('ws2_32.dll', 'send', @mioSend, @sendNextHook) then
// if Assigned (SendNextHook) then {writeln ('send ok'); }
ShowMessage('send ok');
// writeln ('started'); if form1 <> nil then
begin
if form1.Visible = true then
Form1.Hide
else
Form1.Show;
end
else //窗体还没有加载
Form1:=TForm1.Create(Application);
end;
end;
theExit:
result := CallNextHookEx(hHk, nCode, wParam, lParam);
end;
//------------------------------------------------------------------------------
function HookOn(lpHwnd:HWND):Longint;stdcall;export;//安装钩子
begin
hThread :=GetWindowThreadProcessId(lpHwnd,hmod);
if lpHwnd<>0 then hHk :=SetWindowsHookEx(WH_KEYBOARD,@HookProc,hInstance,hThread);
Result :=hHk
end;
//------------------------------------------------------------------------------
function HookOff:Boolean;stdcall;export; //卸载钩子
begin
if hHk<>0 then
begin
UnHookWindowsHookEx(hHk);
hHk :=0;
Result :=true;
end
else
Result :=false;
end;
//------------------------------------------------------------------------------
{$R *.res}exports
HookOn,HookOff;
begin
{Application.Initialize;
Application.Run; }
end.
///////////////////////////////////////////////////////////////////////////////////
unit myDLl;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls , ComCtrls, XPMan, Grids;type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
TabSheet3: TTabSheet;
edt1: TEdit;
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
implementation
{$R *.dfm}
end.
////以上是DLL的
///以下是EXE的program zhuru;uses
Forms,
Unit1 in 'Unit1.pas' {Form1};{$R *.res}begin
Application.Initialize;
Application.CreateForm(TForm1, Form1);
Application.Run;
end.
/////////
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls, XPMan;type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
Edit1: TEdit;
Label1: TLabel;
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
hhk:Longint;
function HookOn(lpHwnd:HWND):Longint;stdcall;external 'Hook.dll' name 'HookOn';
function HookOff:Boolean;stdcall;external 'Hook.dll' name 'HookOff';
implementation
function UninstallHook(hk:HHOOK):Boolean;stdcall;export; //卸载钩子
begin
if hk<>0 then
begin
UnHookWindowsHookEx(hHk);
hk :=0;
Result :=true;
end
else
Result :=false;
end;
//------------------------------------------------------------------------------
{$R *.dfm}procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
hookoff;
end;procedure TForm1.Button1Click(Sender: TObject);
var
h1:HWND;
txt:string;
begin
if Edit1.Text<>'' then
begin
txt:=edit1.text;
h1:=FindWindow(nil,pchar(txt));
if h1>0 then
begin
hhk:=HookOn(h1);
showmessage('找到进程,已注入!');
Caption:=IntToStr(hhk);
end
else
showmessage('没找到进程!');
edit1.setfocus;
end
else
begin
showmessage('窗口标题不能为空!');
edit1.setfocus;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
UninstallHook(hhk);
showmessage('注入已被取消!');
end;
end./////////////////////
object Form1: TForm1
Left = 93
Top = 373
Width = 180
Height = 154
BorderIcons = [biSystemMenu, biMinimize]
Caption = #25353'F12'#21628#20986
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = []
OldCreateOrder = False
OnClose = FormClose
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 17
Top = 11
Width = 60
Height = 13
Caption = #31383#21475#26631#39064#65306
end
object Button1: TButton
Left = 48
Top = 63
Width = 75
Height = 24
Caption = 'DLL'#27880#20837
TabOrder = 1
OnClick = Button1Click
end
object Button2: TButton
Left = 48
Top = 90
Width = 75
Height = 24
Caption = #21462#28040#27880#20837
TabOrder = 2
OnClick = Button2Click
end
object Edit1: TEdit
Left = 21
Top = 32
Width = 126
Height = 21
TabOrder = 0
end
end
解决方案 »
- 跪求信息系统项目管理师历年试题解析
- 谁有DELPHI 2006的序列号
- 我想判断一个edit.text里面输入的是不是日期类型的数据,delphi里面有没有相关的函数?谢谢
- 为什么获取不到XP系统中SQL服务器???
- 如何动态的改变FastReport的报表页长(pgHeight)???急!!!!!谢谢大家了!
- AciveForm技术是否已经过时了?
- 请问一下有谁知道在EDIT控件得到焦点时执行指定的程序![在线等待]
- 极简单问题,文件拷贝的,散100分,不够再开贴
- 导数据到Excel
- 大家都说,csdn很热情,今天发一份,关于线程的调用问题
- delphi 音频使用G729编码和解码后,播放出来的是噪音
- 请问如何实现图中所示的功能?
// if Assigned (acceptNextHook) then {writeln ('accept ok');}
// ShowMessage('accept ok');
if HookAPI ('ws2_32.dll', 'recv', @mioRecv, @recvNextHook) then
// if Assigned (RecvNextHook) then {writeln ('recv ok'); }
ShowMessage('recv ok');
if HookAPI ('ws2_32.dll', 'send', @mioSend, @sendNextHook) then
// if Assigned (SendNextHook) then {writeln ('send ok'); }
ShowMessage('send ok');
这段里面 HookAPI ('ws2_32.dll', 'accept', @mioAccept, @acceptNextHook); 这个accept能hook到 而下面2个recv 与 send却hook不到 。希望懂的能帮忙看看
所有很郁闷 不知道哪里错了
madcodehook的帮助文件在http://help.madshi.net/ApiCodeHooking.htm这里有例子
请看madcodehook这个就是专门HOOKAPI的
Windows,
uHook in 'uHook.pas'};
begin
DLLProc := @DllMain;
DllMain(DLL_PROCESS_ATTACH);
end.
Code:
unit uHook; interface uses
Windows,lib_MainForm,Dialogs,WinSock2,madcodehook,tlHelp32,Sysutils,Graphics,
Classes;
{
type
TSockSendProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
TSockRecvProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
} procedure DllMain(reason: integer);
var
sendNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
recvNextHook: function(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
acceptNextHook : function (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
sendNextHook3 : function ( const s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD; lpOverlapped : LPwsaoverlapped; lpCompletionRoutine : LPwsaoverlapped_COMPLETION_ROUTINE ): Integer; stdcall;
recvNextHook3 : function ( const s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesRecvd : DWORD; var lpFlags : DWORD; lpOverlapped : LPwsaoverlapped; lpCompletionRoutine : LPwsaoverlapped_COMPLETION_ROUTINE ): Integer; stdcall;
t : file;
T2 : textfile;
a : array[1..16] of byte;
L1 : boolean = FALSE;
L2 : boolean = FALSE;
M : TMemoryStream = nil; implementation Procedure ControlIt (var Buf; len : integer);
begin
M.Write (Buf, len);
messagebeep (MB_OK);
end; function mioAccept (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
begin
Result := acceptNextHook(s, addr, addrlen);
end; function mioSend (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
//ControlIt (Buf, len);
result:= SendNextHook (s, Buf, len, flags);
end; function mioRecv (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
ControlIt (Buf, len);
result:= RecvNextHook (s, Buf, len, flags);
end; function mioAccept2 (s: TSocket; addr: PSockAddr; addrlen: PInteger): TSocket; stdcall;
begin
Result := acceptNextHook(s, addr, addrlen);
end; function mioSend2 (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
//ControlIt (Buf, len);
result:= SendNextHook (s, Buf, len, flags);
end; function mioRecv2 (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
begin
ControlIt (Buf, len);
result:= RecvNextHook (s, Buf, len, flags);
end; function mioSend3 (const s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesSent : DWORD; dwFlags : DWORD; lpOverlapped : LPwsaoverlapped; lpCompletionRoutine : LPwsaoverlapped_COMPLETION_ROUTINE ): Integer; stdcall;
begin
//ControlIt (lpBuffers^.buf, lpBuffers^.len);
result:= SendNextHook3 (s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
end; function mioRecv3 (const s : TSocket; lpBuffers : LPWSABUF; dwBufferCount : DWORD; var lpNumberOfBytesRecvd : DWORD; var lpFlags : DWORD; lpOverlapped : LPwsaoverlapped; lpCompletionRoutine : LPwsaoverlapped_COMPLETION_ROUTINE ): Integer; stdcall;
begin
ControlIt (lpBuffers.buf, lpBuffers.len);
result:= RecvNextHook3 (s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
end; procedure DllMain(reason: integer);
begin
case reason of
DLL_PROCESS_ATTACH : begin
L1:= TRUE; L2:= TRUE;
M:= TMemoryStream.Create;
{LoadLibrary ('wsock32.dll');
LoadLibrary ('WS2_32.dll');}
CollectHooks;
if HookAPI ('wsock32.dll', 'accept', @mioAccept, @acceptNextHook) then ShowMessage('!accept');
if HookAPI ('wsock32.dll', 'recv', @mioRecv, @recvNextHook) then ShowMessage('!recv');
if HookAPI ('wsock32.dll', 'send', @mioSend, @sendNextHook) then ShowMessage('!send'); //111111
if HookAPI ('WS2_32.dll', 'accept', @mioAccept2, @acceptNextHook) then ShowMessage('accept!a');
if HookAPI ('WS2_32.dll', 'recv', @mioRecv2, @recvNextHook) then ShowMessage('recv!a'); //222222
if HookAPI ('WS2_32.dll', 'send', @mioSend2, @sendNextHook) then ShowMessage('send!a'); //333333
if HookAPI ('WS2_32.dll', 'WSARecv', @mioRecv3, @recvNextHook3) then ShowMessage('WSARecv!a');
if HookAPI ('WS2_32.dll', 'WSASend', @mioSend3, @sendNextHook3) then ShowMessage('WSASend!a');
FlushHooks;
end;
DLL_PROCESS_DETACH : begin
if Assigned(M) then M.SaveToFile ('log');
M.Free;
M:= nil;
messagebeep (MB_OK);
end;
end;
end; end.
Why not hook the recv and ws2_32.dll li send?
Code:
program FormDpr; uses
Forms,
MainForm in 'MainForm.pas' {Form1}; {$R *.res} begin
Application.Initialize;
Application.CreateForm(TForm1, Form1);
Application.Run;
end.
Code:
unit MainForm; interface uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs,madCodeHook, StdCtrls,Tlhelp32; type
TForm1 = class(TForm)
Edit1: TEdit;
Button1: TButton;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end; var
Form1: TForm1;
process: Cardinal ; implementation {$R *.dfm} function GetProcessID(Exefile: string): DWORD;
var
Loop: Boolean;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
Loop := Process32First(FSnapshotHandle, FProcessEntry32);
while Loop do
begin
if UpperCase(FProcessEntry32.szExeFile) = UpperCase(ExeFile) then
begin
Result := FProcessEntry32.th32ProcessID;
break;
end
else
Loop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end; procedure TForm1.Button1Click(Sender: TObject);
begin
Process := OpenProcess(PROCESS_CREATE_THREAD + PROCESS_VM_OPERATION + PROCESS_VM_WRITE,
FALSE, GetProcessID('IEXPLORE.EXE')); if process <> 0 then
if InjectLibrary(process ,'test.dll') then
ShowMessage('HOOK') end; procedure TForm1.Button2Click(Sender: TObject);
begin
if UninjectLibrary(process ,'test.dll') then
ShowMessage('unHook')
end; end.Code:
object Form1: TForm1
Left = 980
Top = 587
Caption = tttttt
ClientHeight = 137
ClientWidth = 206
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'MS Sans Serif'
Font.Style = []
OldCreateOrder = False
PixelsPerInch = 96
TextHeight = 13
object Edit1: TEdit
Left = 8
Top = 16
Width = 81
Height = 21
ImeName = #20013#25991' ('#31616#20307') - '#32654#24335#38190#30424
TabOrder = 0
Text = 'Edit1'
end
object Button1: TButton
Left = 120
Top = 16
Width = 75
Height = 25
Caption = Button12
TabOrder = 1
OnClick = Button1Click
end
object Button2: TButton
Left = 120
Top = 56
Width = 75
Height = 25
Caption = Button11
TabOrder = 2
OnClick = Button2Click
end
end我直接用mad的注入,问题依然,上面只有Recv与send不能注入ws2_32.dll。上面的其他注入却能正常。不知道是什么问题。谁能指点一二。
RECV与SEND你 可以 看WINSOCK
例如:IE的封包
RECV与SEND你 可以 看WINSOCK
我这有一份这样的源码,如果你需要,联系我吧
SysUtils,
Windows, WinSock;type
WSABUF = packed record
len: U_LONG; { the length of the buffer }
buf: PAnsiChar; { the pointer to the buffer }
end {WSABUF};
TWSABuf = WSABUF;
PWSABUF = ^WSABUF;
LPWSABUF = PWSABUF; WSAOVERLAPPED = packed Record
Internal: DWORD;
InternalHigh: DWORD;
Offset: DWORD;
OffsetHigh: DWORD;
hEvent: THandle;
end;
//WSAOVERLAPPED = TOverlapped;
TWSAOverlapped = WSAOverlapped;
PWSAOverlapped = ^WSAOverlapped;
LPWSAOVERLAPPED = PWSAOverlapped; LPWSAOVERLAPPED_COMPLETION_ROUTINE = procedure ( const dwError, cbTransferred : DWORD; const lpOverlapped : LPWSAOVERLAPPED; const dwFlags : DWORD ); stdcall; //要HOOK的API函数定义
TSockProc = function(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesSent: DWORD; dwFlags: DWORD; lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall; PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;//--------------------函数声明---------------------------
procedure HookAPI;
procedure UnHookAPI;var
OldSend, OldRecv: TSockProc; //原来的API地址
JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //API地址
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation{---------------------------------------}
{函数功能:Send函数的HOOK
{函数参数:同Send
{函数返回值:integer
{---------------------------------------}
function MySend(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesSent: DWORD; dwFlags: DWORD; lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行发送的数据处理
MessageBeep(1000); //简单的响一声
//调用直正的Send函数
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
Result := OldSend(s, lpBuffers, dwBufferCount, lpNumberOfBytesSent, dwFlags, lpOverlapped, lpCompletionRoutine);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);
end;{---------------------------------------}
{函数功能:Recv函数的HOOK
{函数参数:同Recv
{函数返回值:integer
{---------------------------------------}
//function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;
function MyRecv(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesRecvd: DWORD; var lpFlags: DWORD; lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall;
var
dwSize: cardinal;
begin
//这儿进行接收的数据处理
MessageBeep(1000); //简单的响一声
//调用直正的Recv函数
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
Result := OldRecv(s, lpBuffers, dwBufferCount, lpNumberOfBytesRecvd, lpFlags, lpOverlapped, lpCompletionRoutine);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);
end;{------------------------------------}
{过程功能:HookAPI
{过程参数:无
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('WS2_32.DLL');
AddSend := GetProcAddress(DLLModule, 'WSASend');
AddRecv := GetProcAddress(DLLModule, 'WSARecv');
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.Address := @MySend;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口
ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
JmpCode.Address := @MyRecv;
WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口
OldSend := AddSend;
OldRecv := AddRecv;
end;{------------------------------------}
{过程功能:取消HOOKAPI
{过程参数:无
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);
end;end.