我这里有个钩子的测试,一个dll,一个exe,这个dll是注入拦截API的功能,但是怎么不能编译呢!总说:
expected '(' to follow 'HOOKAPI2_API' 似乎 这个 'HOOKAPI2_API' VC根本就不认识!
我的代码:
#include <windows.h>HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = FALSE;
void HookOn();
void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
HOOKAPI2_API BOOL UninstallHook();BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLLÈë¿Ú
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//³õʼ»¯
{
MessageBoxA( NULL , "Init" , "ERROR" , MB_OK );
return ( FALSE );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UninstallHook();//жÔع³×Ó
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam )
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( "ApiHook.dll" );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHook )
{
MessageBoxA( NULL , "SET ERROR" , "ERROR" , MB_OK );
return ( FALSE );
}
return ( TRUE );
}
HOOKAPI2_API BOOL UninstallHook()
{
return (UnhookWindowsHookEx(g_hHook));
}
BOOL init()
{
hModule = LoadLibrary ( "user32.dll" );
pfMessageBoxA = GetProcAddress( hModule , "MessageBoxA" );
if( pfMessageBoxA == NULL )
return FALSE;
_asm
{
lea edi,OldMessageBoxACode
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( TRUE );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, "Hook", lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = TRUE;
}
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam){
return NULL;}void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = FALSE;
} 哪里写的有问题啊?我想使用这个测试改出来一个功能,就是监控一个进程.dat或者.exe,把它从运行时候调用的API函数打印出来,就是时时跟踪打印,应该怎么改?分不够可以加!
expected '(' to follow 'HOOKAPI2_API' 似乎 这个 'HOOKAPI2_API' VC根本就不认识!
我的代码:
#include <windows.h>HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = FALSE;
void HookOn();
void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
HOOKAPI2_API BOOL UninstallHook();BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLLÈë¿Ú
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//³õʼ»¯
{
MessageBoxA( NULL , "Init" , "ERROR" , MB_OK );
return ( FALSE );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UninstallHook();//жÔع³×Ó
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam )
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( "ApiHook.dll" );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHook )
{
MessageBoxA( NULL , "SET ERROR" , "ERROR" , MB_OK );
return ( FALSE );
}
return ( TRUE );
}
HOOKAPI2_API BOOL UninstallHook()
{
return (UnhookWindowsHookEx(g_hHook));
}
BOOL init()
{
hModule = LoadLibrary ( "user32.dll" );
pfMessageBoxA = GetProcAddress( hModule , "MessageBoxA" );
if( pfMessageBoxA == NULL )
return FALSE;
_asm
{
lea edi,OldMessageBoxACode
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( TRUE );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, "Hook", lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = TRUE;
}
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam){
return NULL;}void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = FALSE;
} 哪里写的有问题啊?我想使用这个测试改出来一个功能,就是监控一个进程.dat或者.exe,把它从运行时候调用的API函数打印出来,就是时时跟踪打印,应该怎么改?分不够可以加!
HOOKAPI2_API是在哪里定义的?如果是在某个h文件中,就#include这个h文件。
类似 #define HOOKAPI2_API __declspec(dllexport)
外部调用的时候
#define HOOKAPI2_API __declspec(dllinport)MyMessageBoxA 里面 加一句 outputdebugstring 就可以了再 DebugView看到这个函数的调用了.
上面的例子就可以在MyMessageBoxA 里往一个文件里写一句话表示他被调用了,当然用outputdebugstring 也可以
{
g_hinstDll = LoadLibrary( "HookMSG.dll" );” 是不是写我要拦截的那个可以弹出 MessageBox提示框的程序? 就是说,如果我有一个程序(必须是dll的),他可以弹出提示框,我这个程序就可以写 “ g_hinstDll = LoadLibrary( "HookMSG.dll" );” 对他弹出MessageBox时候进行拦截呢? 但是如果对方程序是一个 exe或者.dat也可以吗?
你最好在网上搜索一下关键字“钩子”了解一下原理吧
关键是“g_hinstDll = LoadLibrary( "HookMSG.dll" );” ” 这里该写谁啊!