就像MS的Denpendnece Walker的功能~
解决方案 »
- 高分请教
- 2000把当前程序注册为服务程序
- 如何使程序里的函数返回CStringArrary,但我的返回老是出现class 'CStringArray' : no copy constructor available
- Help
- 程序非法操作的状态检测
- 出错,出错
- ftp协议下的多线程传送文件是指:为每个被传送文件创建一个线程,同时传送多个文件?还是用多个线程传送同一个文件?它们是如何实现的?
- 这里有没有国际米兰的铁杆球迷阿,,
- 一个简单的问题--请指点
- 各路英雄,看过来,出手的时候到啦!请教QQ中转送文件功能,具体用到那些类或那些控件?
- c++中的complex能不能定义一个二维的复数型数组呢?
- 拆分窗体后,如何重新获得视图类的焦点?
或者运行 Visual stdio tool 中的 depends 工具也可以
http://cache.baidu.com/c?word=pe%2Cmsdn&url=http%3A//forum%2Eeviloctal%2Ecom/simple/index%2Ephp%3Ft5016%2Ehtml&p=8b2a954586cc45a81aac8727534b8c&user=baidu
#include <stdio.h>
#include <winuser.h>
#include "hookdll.h"
#pragma data_seg("MyVar")
HHOOK g_hook = NULL;
HINSTANCE g_hInstance = NULL;
#pragma data_seg()
#pragma comment(linker,"/SECTION:MyVar,RWS")
typedef struct _HOOK_API
{
LPCSTR funcName;
PROC pNewProc;
PROC pOldProc;
}HApi,*PHApi;
extern "C" LRESULT CALLBACK KeyProc(int code, WPARAM wParam, LPARAM lParam);
static int WINAPI MyMessageBoxA(HWND hwnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType);
static int WINAPI MyMessageBoxW(HWND hwnd,LPCWSTR lpText,LPCWSTR lpCaption,UINT uType);
MyEXPORT PIMAGE_IMPORT_DESCRIPTOR GetDes(HMODULE hmod,LPCSTR hmodeDll);
MyEXPORT HookAPIbyName(HMODULE hmod,LPCSTR hmodeDll,PHApi hookfunc);
BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
if(fdwReason == DLL_PROCESS_ATTACH)
{
g_hInstance = hinstDLL;
}
if(fdwReason = DLL_PROCESS_DETACH)
{
}
if(fdwReason = DLL_THREAD_ATTACH)
{
}
if(fdwReason = DLL_THREAD_DETACH)
{
}
return TRUE;
}
MyEXPORT SetHook(DWORD threadID)
{
if(g_hook == NULL)
g_hook = SetWindowsHookEx(WH_KEYBOARD,KeyProc,g_hInstance,NULL);
}
MyEXPORT StopHook()
{
if(g_hook)
{
UnhookWindowsHookEx(g_hook);
g_hook = NULL;
}
}
extern "C" LRESULT CALLBACK KeyProc(int code, WPARAM wParam, LPARAM lParam)
{
if(code >= 0)
{
if(wParam == VK_MULTIPLY)
{
//MessageBeep(MB_OK);
//HookAPIbyName(GetModuleHandle(NULL),"user32.dll",MessageBoxA);
HApi hk;
hk.funcName = "MessageBoxA";
hk.pOldProc = NULL;
hk.pNewProc = (PROC)MyMessageBoxA;
HookAPIbyName(GetModuleHandle(NULL),"User32.dll",&hk);
HApi hk2;
hk2.funcName = "MessageBoxW";
hk2.pOldProc = NULL;
hk2.pNewProc = (PROC)MyMessageBoxW;
HookAPIbyName(GetModuleHandle(NULL),"User32.dll",&hk2);
HApi hk3;
hk3.funcName = "recv";
hk3.pOldProc = NULL;
hk3.pNewProc = (PROC)Myrecv;
HookAPIbyName(GetModuleHandle(NULL),"WSOCK32.dll",&hk3);
HApi hk4;
hk4.funcName = "SetTimer";
hk4.pOldProc = NULL;
hk4.pNewProc = (PROC)MySetTimer;
HookAPIbyName(GetModuleHandle(NULL),"USER32.dll",&hk4);
}
}
return CallNextHookEx(g_hook,code, wParam, lParam);
}
//枚举目标应用程序的所有DLL,返回需所需HOOK的DLL的内存地址
//具体做法请参考PE格式。
MyEXPORT PIMAGE_IMPORT_DESCRIPTOR GetDes(HMODULE hmod,LPCSTR hmodeDll)
{
PIMAGE_IMPORT_DESCRIPTOR pImportDll = NULL;
PIMAGE_DOS_HEADER pdosH = (PIMAGE_DOS_HEADER)hmod;
if(pdosH->e_magic != IMAGE_DOS_SIGNATURE)
return NULL;
PIMAGE_NT_HEADERS pNTH = (PIMAGE_NT_HEADERS)
((DWORD)hmod +(DWORD)pdosH->e_lfanew);
if(pNTH->Signature != IMAGE_NT_SIGNATURE)
return NULL;
DWORD addr = pNTH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
if (addr == 0)
return NULL;
PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)hmod + addr);
//顺便列举出程序中用到的所有动态连接库,将结果记录在txx.txt中
FILE *fp = fopen("G:\\txx.txt","a");
while(pImport->Name)
{
PSTR pcurrMode = (PSTR)((DWORD)hmod + (DWORD)(pImport->Name));
if(fp != NULL)
{
fprintf(fp,"%s\n",pcurrMode);
}
//找到目标动态连接库
if(stricmp(pcurrMode,hmodeDll) == 0)
{
pImportDll = pImport;
}
pImport++;
}
fclose(fp);
if(pImport->Name == NULL)
return NULL;
return pImportDll ;
}
MyEXPORT HookAPIbyName(HMODULE hmod,LPCSTR hmodeDll,PHApi hookfunc)
{
PIMAGE_IMPORT_DESCRIPTOR pImport = GetDes(hmod,hmodeDll);
if(pImport == NULL)
return FALSE;
PIMAGE_THUNK_DATA pOrgThunk =
(PIMAGE_THUNK_DATA)((DWORD)hmod + (DWORD)pImport->OriginalFirstThunk);
PIMAGE_THUNK_DATA pRealThunk =
(PIMAGE_THUNK_DATA)((DWORD)hmod + (DWORD)pImport->FirstThunk);
//记录该动态连接库中所有的函数名
FILE *fp = fopen("G:\\txx.txt","a");
while(pOrgThunk->u1.Function)
{
if((pOrgThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG32) != IMAGE_ORDINAL_FLAG32)
{
PIMAGE_IMPORT_BY_NAME pbyname =
(PIMAGE_IMPORT_BY_NAME)((DWORD)hmod + (DWORD)pOrgThunk->u1.AddressOfData);
if(pbyname->Name[0] == '\0')
return FALSE;
if(fp != NULL)
fprintf(fp,"%s\n",pbyname->Name);
if(stricmp(hookfunc->funcName,(char*)pbyname->Name) == 0)
{
MEMORY_BASIC_INFORMATION memb;
VirtualQuery(pRealThunk,&memb,sizeof(memb));
VirtualProtect(memb.BaseAddress,memb.RegionSize,PAGE_READWRITE,
&memb.Protect);
if(hookfunc->pOldProc == NULL)
hookfunc->pOldProc = (PROC)pRealThunk->u1.Function;
pRealThunk->u1.Function = (PDWORD)hookfunc->pNewProc;
DWORD protect;
VirtualProtect(memb.BaseAddress,memb.RegionSize,memb.Protect,
&protect);
}
}
else
{
//fprintf(fp,"%ld\n",pOrgThunk->u1.Function & 0x0FFFFh);
}
pOrgThunk++;
pRealThunk++;
}
fclose(fp);
SetLastError(ERROR_SUCCESS);
return TRUE;
}
static int WINAPI MyMessageBoxA(HWND hwnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType)
{
return MessageBoxA(hwnd,"Yes,It from me","haha,hook you",MB_OK|MB_ICONINFORMATION);
}
static int WINAPI MyMessageBoxW(HWND hwnd,LPCWSTR lpText,LPCWSTR lpCaption,UINT uType)
{
return MessageBoxW(hwnd,L"Yes,It from me",L"haha,hook you",uType);
}
static int WINAPI Myrecv(SOCKET s,char *buf,int len,int flags)
{
FILE *fp = fopen("g:\\edata.txt","a");
if(fp != NULL)
fprintf(fp,"%s\n",buf);
fclose(fp);
return recv(s,buf,len,flags);
}