国产精品高潮视频,亚洲免费伊人电影在线观看av,久久精品亚洲一区

修改IAT實(shí)現(xiàn)API HOOK

Posted on 2010-07-01 14:57 S.l.e!ep.￠% 閱讀(683) 評(píng)論(0) 編輯收藏引用所屬分類: RootKit

Robinh00d @ 2006-05-10 16:35

//修改IAT實(shí)現(xiàn)本進(jìn)程API HOOK
//coded by robinh00d*inh4ss*<p0prxx@gmail.com>
//QQ:530222815
//MSN:Robinh00d@263.net
// 參考了《Hooking Windows API》By Holy_Father From 29A#7
#include <stdio.h>
#include <windows.h>
#include <Dbghelp.h>

#pragma comment(lib,"Dbghelp.lib")

/************************************************************/
char *szHookModName = "USER32.dll" ;
char *szHookFunName?= "MessageBoxA" ;
char *szModName = NULL ;
char *szHacked = "MessageBoxA() has been hooked!" ;
DWORD dwHookFun ;
DWORD dwHookApiAddr ;
DWORD *dwCurAddr ;
DWORD dwOldProtect ;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc ;
PIMAGE_THUNK_DATA32?pImageThunkData ;
MEMORY_BASIC_INFORMATION mbi ;
ULONG uSize ;
/************************************************************/

void Hooked()
{
?__asm
?{
??mov? esp,ebp
??push szHacked
??pop? DWORD PTR [ebp+12]
??pop? ebp
??jmp dwHookApiAddr
?}
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
?HMODULE hUser32 = LoadLibrary(szHookModName) ;
?
?if (hUser32 == NULL)
?{
??printf("Load User32.dll failed!\n") ;
??return -1 ;
?}
?dwHookFun = (DWORD)Hooked ;

?dwHookApiAddr = (DWORD)GetProcAddress(hUser32,szHookFunName) ;

?pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hInstance,
?????????????????TRUE,
?????????????????IMAGE_DIRECTORY_ENTRY_IMPORT,
?????????????????&uSize) ;
?//找到要HOOK的函數(shù)所在的模塊
?while(pImportDesc->Name)
?{
??szModName = (char *)((PBYTE)hInstance+pImportDesc->Name) ;
??if (strcmp(szModName,szHookModName)==0)
??{
???break ;?
??}
??pImportDesc++ ;
?}
?pImageThunkData = (PIMAGE_THUNK_DATA32)((PBYTE)hInstance+pImportDesc->FirstThunk) ;
?
?while(pImageThunkData->u1.Function)
?{
??dwCurAddr = &pImageThunkData->u1.Function ;
??if (*dwCurAddr == dwHookApiAddr)
??{
???VirtualQuery(dwCurAddr,&mbi,sizeof(MEMORY_BASIC_INFORMATION)) ;
???VirtualProtect(mbi.BaseAddress,mbi.RegionSize,PAGE_READWRITE,&mbi.Protect) ;
???
???*dwCurAddr = dwHookFun ;
???VirtualProtect(mbi.BaseAddress,mbi.RegionSize,mbi.Protect,&dwOldProtect) ;
???break ;
??}
??pImageThunkData++ ;
?}
?//要hook這個(gè)API
?MessageBoxA(0,"NOT HOOKED!","robinh00d/[Inh4ss]",0) ;

?return 0 ;
}

只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。
【推薦】100%開源！大型工業(yè)跨平臺(tái)軟件C++源碼提供，建模，組態(tài)！

相關(guān)文章: Load Driver protect_pwd.txt Windows下Hook API技術(shù) inline hook 對(duì)付API-splicing的一種簡(jiǎn)單方法修改IAT實(shí)現(xiàn)API HOOK API-HOOK and ANTI-API-HOOK For Ring3 API Hook jmp 法 DirectX Input 鍵盤實(shí)現(xiàn) 收藏一個(gè)反鍵盤記錄工具的分析不用hook 實(shí)現(xiàn)掛機(jī)鎖

網(wǎng)站導(dǎo)航: 博客園 IT新聞 BlogJava 博問(wèn) Chat2DB 管理

S.l.e!ep.￠%

修改IAT實(shí)現(xiàn)API HOOK

日歷

公告

常用鏈接

留言簿(5)

隨筆分類(1107)

隨筆檔案(1098)

文章檔案(1)

相冊(cè)

收藏夾(3)

DataStruct

搜索

積分與排名

最新評(píng)論

閱讀排行榜

評(píng)論排行榜