dll建立hook问题?

API HOOK 实现源自：《Windows API 编程》  P182实现目标：拦截API函数MessageBoxA();
DLL部分：HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
      switch( ul_reason_for_call )
      {
            case DLL_PROCESS_ATTACH:
                 if( !init() )//初始化
                 {
                       MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
                       return ( false );
                  }
             case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
                  if( bHook)    UnintallHook();//卸载钩子
                  break;
        }
        return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
      return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
      g_hinstDll = LoadLibrary( “ApiHook.dll” );
      g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
      if ( !g_hHOOK )
      {
            MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
            return ( false );
      }
      return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
      return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
      hModule = LoadLibrary ( “user32.dll” );
      pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
      if( pfMessageBoxA == NULL )
            return false;
      _asm
      {
            lea edi,OldMessageBoxACOde
            mov esi,pfMessageBoxA
            cld
            movsd
            movsb
      }
      NewMessageBoxACode [0] = 0xe9;
      _asm
      {
            lea eax,MyMessageBoxA
            mov ebx,pfMessageBoxA
            sub eax,ebx
            sub eax,5
            mov dword ptr  [NewMessageBoxACode+1],eax
      }
      dwIdNew = GetCurrentProcessId();
      dwIdOld = dwIdNew;
      HookOn();
      return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd  , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
      int nReturn=0;
      HookOff();
      nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
      HookOn();
      return ( nReturn );
}
void HookOn()
{
      HANDLE hProc;
      dwIdOld = dwIdNew;
      hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
      VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
      WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
      VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
      bHook = true;
}
void HookOff()
{
      HANDLE hProc;
      dwIdOld =dwIdNew;
      hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
      VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
      WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
      VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
      bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
      if( !InstallHook())
      {
            MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
            return 1;
      }
      MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
      if(!UninstallHook())
      {
            MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
            return 1;
      }
      return 0;
}

全局Hook 做一个DLL，在DLL中调用SetWindowsHookEx，安装好钩子。这个钩子就可以拦截到所有进程了。

你是想要远程注入你的DLL到别的进程里.其实用SetWindowsHookEx安装鼠标钩子就行了SetWindowsHookEx( WH_GETMESSAGE, (HOOKPROC)MessageHook ,g_hinstDll ,processId )

你要的功能据我所知很难实现。我刚刚想了一下，你可以试试如下方法：DLL里要建立Hook,那么那个Hook fucntion需要在DLL里，但是因为你的dll是注入的，所以这个hook function 的地址不是固定的，所以，你需要自己去计算这个hook function 在目标进程中的地址，将其传递给SetWindowsHookEx函数，也许可以成功。我没有试过，呵呵，自己去试试吧～

调试易

dll建立hook问题?

解决方案 »