dll建立hook问题? 你想Hook全局还是单个进程?Hook全局用不找注入线程。做一个DLL,在DLL中调用SetWindowsHookEx,dwThreadId参数给0就行。 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 API HOOK 实现源自:《Windows API 编程》 P182实现目标:拦截API函数MessageBoxA();DLL部分:HHOOK g_hHook; HINSTANCE g_hinstDll;FARPROC pfMessageBoxA;Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];HMODULE hModule;DWORD dwIdOld , dwIdNew;BOOL bHook = false;Void HookOn();Void HookOff();BOOL init();LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口{ switch( ul_reason_for_call ) { case DLL_PROCESS_ATTACH: if( !init() )//初始化 { MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK ); return ( false ); } case DLL_THREAD_ATTACH:case DLL_THREAD_DETACH:case DLL_PROCESS_DETACH: if( bHook) UnintallHook();//卸载钩子 break; } return TRUE;}LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );{ return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));}HOOKAPI2_API BOOL InstallHook(){ g_hinstDll = LoadLibrary( “ApiHook.dll” ); g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 ); if ( !g_hHOOK ) { MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK ); return ( false ); } return ( ture );}HOOKAPI2_API BOOL UninstallHook(){ return ( UnHookWindowsHookEx(g_hHook) );}BOOL init(){ hModule = LoadLibrary ( “user32.dll” ); pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” ); if( pfMessageBoxA == NULL ) return false; _asm { lea edi,OldMessageBoxACOde mov esi,pfMessageBoxA cld movsd movsb } NewMessageBoxACode [0] = 0xe9; _asm { lea eax,MyMessageBoxA mov ebx,pfMessageBoxA sub eax,ebx sub eax,5 mov dword ptr [NewMessageBoxACode+1],eax } dwIdNew = GetCurrentProcessId(); dwIdOld = dwIdNew; HookOn(); return ( true );}int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType ){ int nReturn=0; HookOff(); nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType ); HookOn(); return ( nReturn );}void HookOn(){ HANDLE hProc; dwIdOld = dwIdNew; hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld ); VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld ); WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 ); VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld ); bHook = true;}void HookOff(){ HANDLE hProc; dwIdOld =dwIdNew; hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld ); VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld ); WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0); VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld); bHook = false;}测试EXE部分int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow ){ if( !InstallHook()) { MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK); return 1; } MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK ); if(!UninstallHook()) { MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK); return 1; } return 0;} API HOOK 实现源自:《Windows API 编程》 P182实现目标:拦截API函数MessageBoxA();DLL部分:HHOOK g_hHook; HINSTANCE g_hinstDll;FARPROC pfMessageBoxA;Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];HMODULE hModule;DWORD dwIdOld , dwIdNew;BOOL bHook = false;Void HookOn();Void HookOff();BOOL init();LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口{ switch( ul_reason_for_call ) { case DLL_PROCESS_ATTACH: if( !init() )//初始化 { MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK ); return ( false ); } case DLL_THREAD_ATTACH:case DLL_THREAD_DETACH:case DLL_PROCESS_DETACH: if( bHook) UnintallHook();//卸载钩子 break; } return TRUE;}LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );{ return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));}HOOKAPI2_API BOOL InstallHook(){ g_hinstDll = LoadLibrary( “ApiHook.dll” ); g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 ); if ( !g_hHOOK ) { MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK ); return ( false ); } return ( ture );}HOOKAPI2_API BOOL UninstallHook(){ return ( UnHookWindowsHookEx(g_hHook) );}BOOL init(){ hModule = LoadLibrary ( “user32.dll” ); pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” ); if( pfMessageBoxA == NULL ) return false; _asm { lea edi,OldMessageBoxACOde mov esi,pfMessageBoxA cld movsd movsb } NewMessageBoxACode [0] = 0xe9; _asm { lea eax,MyMessageBoxA mov ebx,pfMessageBoxA sub eax,ebx sub eax,5 mov dword ptr [NewMessageBoxACode+1],eax } dwIdNew = GetCurrentProcessId(); dwIdOld = dwIdNew; HookOn(); return ( true );}int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType ){ int nReturn=0; HookOff(); nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType ); HookOn(); return ( nReturn );}void HookOn(){ HANDLE hProc; dwIdOld = dwIdNew; hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld ); VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld ); WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 ); VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld ); bHook = true;}void HookOff(){ HANDLE hProc; dwIdOld =dwIdNew; hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld ); VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld ); WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0); VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld); bHook = false;}测试EXE部分int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow ){ if( !InstallHook()) { MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK); return 1; } MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK ); if(!UninstallHook()) { MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK); return 1; } return 0;} 全局Hook 做一个DLL,在DLL中调用SetWindowsHookEx,安装好钩子。这个钩子就可以拦截到所有进程了。 你是想要远程注入你的DLL到别的进程里.其实用SetWindowsHookEx安装鼠标钩子就行了SetWindowsHookEx( WH_GETMESSAGE, (HOOKPROC)MessageHook ,g_hinstDll ,processId ) 你要的功能据我所知很难实现。 我刚刚想了一下,你可以试试如下方法:DLL里要建立Hook,那么那个Hook fucntion需要在DLL里,但是因为你的dll是注入的,所以这个hook function 的地址不是固定的,所以,你需要自己去计算这个hook function 在目标进程中的地址,将其传递给SetWindowsHookEx函数,也许可以成功。我没有试过,呵呵,自己去试试吧~ 抓包器关于现实抓包内容的源代码 中文显示问题 VS2008引入BCG作爲界面開發工具 大家繼續用嗎? 用ADO操作ACCESS数据库 关于GetMessage()的困惑 近期有多少朋友的回复被无缘无故的删除了,来报个到我查一下. 100分问题~~关于给菜单发送 click 消息 为什么用重载OnCtlColor的方法改变控件的方法对CButton没有效用呢? vc编译程序时,出现头文件中的很多语法错误,明明是厂商提供的,为什么会有这样的情况? 求助关于INI文件 大家帮我翻译下这段代码,谢谢拉!! MFC程序提示发送错误报告
DLL部分:HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//初始化
{
MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UnintallHook();//卸载钩子
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( “ApiHook.dll” );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHOOK )
{
MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
return ( false );
}
return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
hModule = LoadLibrary ( “user32.dll” );
pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
if( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACOde
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = true;
}
void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
if( !InstallHook())
{
MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
return 1;
}
MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
if(!UninstallHook())
{
MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
return 1;
}
return 0;
}
DLL部分:HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//初始化
{
MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UnintallHook();//卸载钩子
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( “ApiHook.dll” );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHOOK )
{
MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
return ( false );
}
return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
hModule = LoadLibrary ( “user32.dll” );
pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
if( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACOde
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = true;
}
void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
if( !InstallHook())
{
MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
return 1;
}
MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
if(!UninstallHook())
{
MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
return 1;
}
return 0;
}