开始HOOK了以后很多进程都出现了不能连接网络的现象求解......
#include "stdafx.h"
#include <windows.h>
#include <tchar.h> #pragma data_seg("Share")
HWND hK= NULL;
#pragma data_seg()
#pragma comment(linker,"/SECTION:Share,RWS")
HINSTANCE hInst=NULL;
HHOOK hhookk=NULL;
HANDLE hTh = NULL;DWORD WINAPI CFHOOK(LPVOID lpParameter);
LRESULT CALLBACK NULFUNC(int code,WPARAM wparam,LPARAM lparam);BYTE NewBytes[8] = {0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0};
BYTE OldBytes[8] = {0};
FARPROC CreateFile_Addr;
DWORD WINAPI HOOKCF(LPVOID lpParameter);
HANDLE WINAPI MyCreateFile(
LPCTSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
)
{
MessageBox(0,lpFileName,0,0);
WriteProcessMemory( INVALID_HANDLE_VALUE, (void*)CreateFile_Addr,
(void*)OldBytes, 8, NULL);
HANDLE hFile=CreateFileA(lpFileName,dwDesiredAccess,dwShareMode,
lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,hTemplateFile);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateFile_Addr,
(void*)NewBytes, 8, NULL);
return hFile;
} BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
hTh = CreateThread(NULL,0,CFHOOK,0,0,NULL);
hInst = (HINSTANCE)hModule;
} return TRUE;
}
extern "C" _declspec(dllexport) void SetHook()
{
hhookk = SetWindowsHookEx(WH_GETMESSAGE,NULFUNC,hInst,0);
}
extern "C" _declspec(dllexport) void StopHook()
{
UnhookWindowsHookEx(hhookk);
}LRESULT CALLBACK NULFUNC(int code,WPARAM wparam,LPARAM lparam)
{
return ::CallNextHookEx(hhookk,code,wparam,lparam);
}DWORD WINAPI CFHOOK(LPVOID lpParameter)
{
HMODULE hModule_Kernel32 = LoadLibrary("Kernel32.dll");
CreateFile_Addr = GetProcAddress(hModule_Kernel32, "CreateFileA");
if(ReadProcessMemory(INVALID_HANDLE_VALUE,CreateFile_Addr,OldBytes,8,NULL)==0)
{
MessageBox(0,"ReadProcessMemory error",0,0);
return 0;
}
*(DWORD*)(NewBytes + 1) = (DWORD)MyCreateFile;
WriteProcessMemory(INVALID_HANDLE_VALUE,CreateFile_Addr,NewBytes,8,NULL);
return 0;
}
#include "stdafx.h"
#include <windows.h>
#include <tchar.h> #pragma data_seg("Share")
HWND hK= NULL;
#pragma data_seg()
#pragma comment(linker,"/SECTION:Share,RWS")
HINSTANCE hInst=NULL;
HHOOK hhookk=NULL;
HANDLE hTh = NULL;DWORD WINAPI CFHOOK(LPVOID lpParameter);
LRESULT CALLBACK NULFUNC(int code,WPARAM wparam,LPARAM lparam);BYTE NewBytes[8] = {0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0};
BYTE OldBytes[8] = {0};
FARPROC CreateFile_Addr;
DWORD WINAPI HOOKCF(LPVOID lpParameter);
HANDLE WINAPI MyCreateFile(
LPCTSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
)
{
MessageBox(0,lpFileName,0,0);
WriteProcessMemory( INVALID_HANDLE_VALUE, (void*)CreateFile_Addr,
(void*)OldBytes, 8, NULL);
HANDLE hFile=CreateFileA(lpFileName,dwDesiredAccess,dwShareMode,
lpSecurityAttributes,dwCreationDisposition,dwFlagsAndAttributes,hTemplateFile);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateFile_Addr,
(void*)NewBytes, 8, NULL);
return hFile;
} BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
hTh = CreateThread(NULL,0,CFHOOK,0,0,NULL);
hInst = (HINSTANCE)hModule;
} return TRUE;
}
extern "C" _declspec(dllexport) void SetHook()
{
hhookk = SetWindowsHookEx(WH_GETMESSAGE,NULFUNC,hInst,0);
}
extern "C" _declspec(dllexport) void StopHook()
{
UnhookWindowsHookEx(hhookk);
}LRESULT CALLBACK NULFUNC(int code,WPARAM wparam,LPARAM lparam)
{
return ::CallNextHookEx(hhookk,code,wparam,lparam);
}DWORD WINAPI CFHOOK(LPVOID lpParameter)
{
HMODULE hModule_Kernel32 = LoadLibrary("Kernel32.dll");
CreateFile_Addr = GetProcAddress(hModule_Kernel32, "CreateFileA");
if(ReadProcessMemory(INVALID_HANDLE_VALUE,CreateFile_Addr,OldBytes,8,NULL)==0)
{
MessageBox(0,"ReadProcessMemory error",0,0);
return 0;
}
*(DWORD*)(NewBytes + 1) = (DWORD)MyCreateFile;
WriteProcessMemory(INVALID_HANDLE_VALUE,CreateFile_Addr,NewBytes,8,NULL);
return 0;
}
为什么不放到共享节里面?
你那个8个字节是完整的指令吗?