每次都会出现"Access violation at address 00000000.Read of address 000000000."我用OD跟,发现当执行完我的代码跳回原来程序后到ret时.ret=00000000.这是什么原因呢?用这个方法是否可以HOOK这个API,我HOOK其他API时候都成功的!搞了一个星期还是没成功!望大家帮忙看看!
uses
SysUtils,
Windows,
Classes,
tlhelp32,
unitmalke in 'unitmalke.pas';{$R *.res}const HOOK_MEM_FILENAME = 'tmp.hkt';
type
TShared = record
pid: DWORD;
hWnd: DWORD;
tsst:DWORD;
end; PShared = ^TShared;
var hhk: HHOOK;
Hook: array[0..3] of TNtHookClass;
//内存映射
MemFile: THandle;
startPid: PDWORD;
Shared: PShared;
//保存PID{--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--}
//拦截 Process32Next
function NewProcess32Next(hSnapshot:THANDLE;lppe:TProcessEntry32): BOOL; stdcall;
type
TNewProcess32Next=function(hSnapshot:tHANDLE;lppe:TProcessEntry32): BOOL; stdcall;
begin
Hook[3].UnHook;
Result:=Process32Next(hSnapshot,lppe);
Hook[3].Hook;
end;
{--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--}//安装API Hook
procedure InitHook;
begin
// Hook[0] := TNtHookClass.Create('user32.dll', 'MessageBoxA', @NewMessageBoxA);
// Hook[0] := TNtHookClass.Create('user32.dll', 'GetClassNameA', @NewGetClassNameA);
// Hook[1] := TNtHookClass.Create('user32.dll', 'MessageBeep', @NewMessageBeep);
// Hook[2] := TNtHookClass.Create('user32.dll', 'GetClassNameW', @NewGetClassNameW);
Hook[3] := TNtHookClass.Create('kernel32.dll', 'Process32Next', @NewProcess32Next);
end;//删除API Hook
procedure UninitHook;
var
I: Integer;
begin
for I := 0 to High(Hook) do
begin
FreeAndNil(Hook[3]);
end;
end;{--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--}//内存映射共想
procedure MemShared();
begin
MemFile:=OpenFileMapping(FILE_MAP_ALL_ACCESS,False, HOOK_MEM_FILENAME); //打开内存映射文件 SizeOf(TShared)
if MemFile = 0 then begin //打开失败则衉c2建内存映射文件
MemFile := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0,
SizeOf(TShared), HOOK_MEM_FILENAME);
end;
if MemFile <> 0 then
begin
//映射文件到变量
startPid := MapViewOfFile(MemFile,FILE_MAP_ALL_ACCESS,0,0,0);
Shared := MapViewOfFile(MemFile,File_MAP_WRITE,0,0,0);
end;
end;//传递消息
function HookProc(nCode, wParam, lParam : Integer): Integer; stdcall;
begin
Result := CallNextHookEx(hhk, nCode, wParam, lParam);
end;//开始HOOK
procedure StartHook2(pid: DWORD); stdcall;
begin;
startPid^ := pid;
hhk := SetWindowsHookEx(WH_CALLWNDPROC, HookProc, hInstance, 0);
end;
//结束HOOK
procedure EndHook2; stdcall;
begin
if hhk <> 0 then
UnhookWindowsHookEx(hhk);
end;//环境处理
procedure DllEntry(dwResaon: DWORD);
begin
case dwResaon of
DLL_PROCESS_ATTACH: InitHook; //DLL载入
DLL_PROCESS_DETACH: UninitHook; //DLL删除
end;
end;exports
StartHook2, EndHook2;begin
MemShared;
{ 分配DLL程序到 DllProc 变量 }
DllProc := @DllEntry;
{ 调用DLL加载处理 }
DllEntry(DLL_PROCESS_ATTACH);
end.
uses
SysUtils,
Windows,
Classes,
tlhelp32,
unitmalke in 'unitmalke.pas';{$R *.res}const HOOK_MEM_FILENAME = 'tmp.hkt';
type
TShared = record
pid: DWORD;
hWnd: DWORD;
tsst:DWORD;
end; PShared = ^TShared;
var hhk: HHOOK;
Hook: array[0..3] of TNtHookClass;
//内存映射
MemFile: THandle;
startPid: PDWORD;
Shared: PShared;
//保存PID{--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--}
//拦截 Process32Next
function NewProcess32Next(hSnapshot:THANDLE;lppe:TProcessEntry32): BOOL; stdcall;
type
TNewProcess32Next=function(hSnapshot:tHANDLE;lppe:TProcessEntry32): BOOL; stdcall;
begin
Hook[3].UnHook;
Result:=Process32Next(hSnapshot,lppe);
Hook[3].Hook;
end;
{--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--}//安装API Hook
procedure InitHook;
begin
// Hook[0] := TNtHookClass.Create('user32.dll', 'MessageBoxA', @NewMessageBoxA);
// Hook[0] := TNtHookClass.Create('user32.dll', 'GetClassNameA', @NewGetClassNameA);
// Hook[1] := TNtHookClass.Create('user32.dll', 'MessageBeep', @NewMessageBeep);
// Hook[2] := TNtHookClass.Create('user32.dll', 'GetClassNameW', @NewGetClassNameW);
Hook[3] := TNtHookClass.Create('kernel32.dll', 'Process32Next', @NewProcess32Next);
end;//删除API Hook
procedure UninitHook;
var
I: Integer;
begin
for I := 0 to High(Hook) do
begin
FreeAndNil(Hook[3]);
end;
end;{--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--}//内存映射共想
procedure MemShared();
begin
MemFile:=OpenFileMapping(FILE_MAP_ALL_ACCESS,False, HOOK_MEM_FILENAME); //打开内存映射文件 SizeOf(TShared)
if MemFile = 0 then begin //打开失败则衉c2建内存映射文件
MemFile := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0,
SizeOf(TShared), HOOK_MEM_FILENAME);
end;
if MemFile <> 0 then
begin
//映射文件到变量
startPid := MapViewOfFile(MemFile,FILE_MAP_ALL_ACCESS,0,0,0);
Shared := MapViewOfFile(MemFile,File_MAP_WRITE,0,0,0);
end;
end;//传递消息
function HookProc(nCode, wParam, lParam : Integer): Integer; stdcall;
begin
Result := CallNextHookEx(hhk, nCode, wParam, lParam);
end;//开始HOOK
procedure StartHook2(pid: DWORD); stdcall;
begin;
startPid^ := pid;
hhk := SetWindowsHookEx(WH_CALLWNDPROC, HookProc, hInstance, 0);
end;
//结束HOOK
procedure EndHook2; stdcall;
begin
if hhk <> 0 then
UnhookWindowsHookEx(hhk);
end;//环境处理
procedure DllEntry(dwResaon: DWORD);
begin
case dwResaon of
DLL_PROCESS_ATTACH: InitHook; //DLL载入
DLL_PROCESS_DETACH: UninitHook; //DLL删除
end;
end;exports
StartHook2, EndHook2;begin
MemShared;
{ 分配DLL程序到 DllProc 变量 }
DllProc := @DllEntry;
{ 调用DLL加载处理 }
DllEntry(DLL_PROCESS_ATTACH);
end.
begin
FreeAndNil(Hook[3]);
end; 那个3。。