#include <windows.h>HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;int WINAPI mysend(SOCKET s,const char FAR *str,int len,int flags);BYTE OldMessageBoxACode[8];BYTE NewMessageBoxACode[8];
HMODULE hModule ;
DWORD dwIdOld,dwIdNew;
BOOL bHook=false;
void HookOn();
void HookOff();
BOOL init();BOOL UninstallHook();
LRESULT WINAPI MousHook(int nCode,WPARAM wParam,LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if(!init())
{
MessageBoxA(NULL,"Init","ERROR",MB_OK);
return(false);
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if(bHook) UninstallHook();
break;
}
return TRUE;
}
LRESULT WINAPI Hook(int nCode,WPARAM wParam,LPARAM lParam)//空的钩子函数
{
return(CallNextHookEx(g_hHook,nCode,wParam,lParam));
}
BOOL InstallHook()//输出安装空的钩子函数
{
g_hinstDll=LoadLibrary("send.dll");
g_hHook=SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)Hook,g_hinstDll,0);
if (!g_hHook)
{
MessageBoxA(NULL,"SET ERROR","ERROR",MB_OK);
return(false);
}
return(true);
}
BOOL UninstallHook()//输出御在钩子函数
{
return(UnhookWindowsHookEx(g_hHook));
}
//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令BOOL init()
{
int (WINAPI * pmysend)(SOCKET s,const char FAR *str,int len,int flags); pmysend = mysend; hModule=LoadLibrary("ws2_32.dll");
pfMessageBoxA=GetProcAddress(hModule,"send");
if(pfMessageBoxA==NULL)
{
return false;
} NewMessageBoxACode[0] = 0xB8;
NewMessageBoxACode[1] = 0x00; NewMessageBoxACode[2] = 0x00; NewMessageBoxACode[3] = 0x40;
NewMessageBoxACode[4] = 0x00;
NewMessageBoxACode[5] = 0xFF; NewMessageBoxACode[6] = 0xE0; NewMessageBoxACode[7] = 0x00;
*(DWORD *)(NewMessageBoxACode+ 1) = (DWORD)pmysend; dwIdNew=GetCurrentProcessId(); //得到所属进程的ID
dwIdOld=dwIdNew;
HookOn();//开始拦截
return(true);
} //首先关闭拦截,然后才能调用被拦截的Api 函数
int WINAPI mysend(SOCKET s,const char FAR *str,int len,int flags)
{
HookOff(); ::MessageBox(NULL,str,str,0); //为什么一用send函数就出错 错误提示unresolved external symbol __imp__send@16
//send(s,str,len,flags);
HookOn();
return 1;
} void HookOn()
{
HANDLE hProc; dwIdOld=dwIdNew;
//得到所属进程的句柄
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
//修改所属进程中MessageBoxA的前8节的属性为可写
VirtualProtectEx(hProc,pfMessageBoxA,8,PAGE_READWRITE,&dwIdOld);
DWORD dwNumberOfBytesRead;
//先读出原函数8字节的内容
ReadProcessMemory(hProc,(LPCVOID)pfMessageBoxA,OldMessageBoxACode,8,&dwNumberOfBytesRead); //将所属进程中mysend的前8个字节改为JMP 到MyMessageBoxA
WriteProcessMemory(hProc,pfMessageBoxA,NewMessageBoxACode,8,0);
//修改所属进程中mysend的前8个字节的属性为原来的属性
VirtualProtectEx(hProc,pfMessageBoxA,8,dwIdOld,&dwIdOld);
bHook=true;
}
//将所属进程中JMP mysend的代码改为Jmp send
void HookOff()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld); VirtualProtectEx(hProc,pfMessageBoxA,8,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfMessageBoxA,OldMessageBoxACode,8,0);
VirtualProtectEx(hProc,pfMessageBoxA,8,dwIdOld,&dwIdOld);
bHook=false;
}
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;int WINAPI mysend(SOCKET s,const char FAR *str,int len,int flags);BYTE OldMessageBoxACode[8];BYTE NewMessageBoxACode[8];
HMODULE hModule ;
DWORD dwIdOld,dwIdNew;
BOOL bHook=false;
void HookOn();
void HookOff();
BOOL init();BOOL UninstallHook();
LRESULT WINAPI MousHook(int nCode,WPARAM wParam,LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if(!init())
{
MessageBoxA(NULL,"Init","ERROR",MB_OK);
return(false);
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if(bHook) UninstallHook();
break;
}
return TRUE;
}
LRESULT WINAPI Hook(int nCode,WPARAM wParam,LPARAM lParam)//空的钩子函数
{
return(CallNextHookEx(g_hHook,nCode,wParam,lParam));
}
BOOL InstallHook()//输出安装空的钩子函数
{
g_hinstDll=LoadLibrary("send.dll");
g_hHook=SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)Hook,g_hinstDll,0);
if (!g_hHook)
{
MessageBoxA(NULL,"SET ERROR","ERROR",MB_OK);
return(false);
}
return(true);
}
BOOL UninstallHook()//输出御在钩子函数
{
return(UnhookWindowsHookEx(g_hHook));
}
//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令BOOL init()
{
int (WINAPI * pmysend)(SOCKET s,const char FAR *str,int len,int flags); pmysend = mysend; hModule=LoadLibrary("ws2_32.dll");
pfMessageBoxA=GetProcAddress(hModule,"send");
if(pfMessageBoxA==NULL)
{
return false;
} NewMessageBoxACode[0] = 0xB8;
NewMessageBoxACode[1] = 0x00; NewMessageBoxACode[2] = 0x00; NewMessageBoxACode[3] = 0x40;
NewMessageBoxACode[4] = 0x00;
NewMessageBoxACode[5] = 0xFF; NewMessageBoxACode[6] = 0xE0; NewMessageBoxACode[7] = 0x00;
*(DWORD *)(NewMessageBoxACode+ 1) = (DWORD)pmysend; dwIdNew=GetCurrentProcessId(); //得到所属进程的ID
dwIdOld=dwIdNew;
HookOn();//开始拦截
return(true);
} //首先关闭拦截,然后才能调用被拦截的Api 函数
int WINAPI mysend(SOCKET s,const char FAR *str,int len,int flags)
{
HookOff(); ::MessageBox(NULL,str,str,0); //为什么一用send函数就出错 错误提示unresolved external symbol __imp__send@16
//send(s,str,len,flags);
HookOn();
return 1;
} void HookOn()
{
HANDLE hProc; dwIdOld=dwIdNew;
//得到所属进程的句柄
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
//修改所属进程中MessageBoxA的前8节的属性为可写
VirtualProtectEx(hProc,pfMessageBoxA,8,PAGE_READWRITE,&dwIdOld);
DWORD dwNumberOfBytesRead;
//先读出原函数8字节的内容
ReadProcessMemory(hProc,(LPCVOID)pfMessageBoxA,OldMessageBoxACode,8,&dwNumberOfBytesRead); //将所属进程中mysend的前8个字节改为JMP 到MyMessageBoxA
WriteProcessMemory(hProc,pfMessageBoxA,NewMessageBoxACode,8,0);
//修改所属进程中mysend的前8个字节的属性为原来的属性
VirtualProtectEx(hProc,pfMessageBoxA,8,dwIdOld,&dwIdOld);
bHook=true;
}
//将所属进程中JMP mysend的代码改为Jmp send
void HookOff()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld); VirtualProtectEx(hProc,pfMessageBoxA,8,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfMessageBoxA,OldMessageBoxACode,8,0);
VirtualProtectEx(hProc,pfMessageBoxA,8,dwIdOld,&dwIdOld);
bHook=false;
}
//首先关闭拦截,然后才能调用被拦截的Api 函数
int WINAPI mysend(SOCKET s,const char FAR *str,int len,int flags)
{
HookOff(); ::MessageBox(NULL,str,str,0); //为什么一用send函数就出错 错误提示unresolved external symbol __imp__send@16
//send(s,str,len,flags);
HookOn(); return 1;
}
2。导入类库: ws2_32.lib.
试试