S.l.e!ep.￠%

//修改IAT實現本進程API HOOK
//coded by robinh00d*inh4ss*<p0prxx@gmail.com>
//QQ:530222815
//MSN:Robinh00d@263.net
// 參考了《Hooking Windows API》By Holy_Father From 29A#7
#include <stdio.h>
#include <windows.h>
#include <Dbghelp.h>

#pragma comment(lib,"Dbghelp.lib")

/************************************************************/
char *szHookModName = "USER32.dll" ;
char *szHookFunName?= "MessageBoxA" ;
char *szModName = NULL ;
char *szHacked = "MessageBoxA() has been hooked!" ;
DWORD dwHookFun ;
DWORD dwHookApiAddr ;
DWORD *dwCurAddr ;
DWORD dwOldProtect ;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc ;
PIMAGE_THUNK_DATA32?pImageThunkData ;
MEMORY_BASIC_INFORMATION mbi ;
ULONG uSize ;
/************************************************************/

void Hooked()
{
?__asm
?{
??mov? esp,ebp
??push szHacked
??pop? DWORD PTR [ebp+12]
??pop? ebp
??jmp dwHookApiAddr
?}
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
?HMODULE hUser32 = LoadLibrary(szHookModName) ;
?
?if (hUser32 == NULL)
?{
??printf("Load User32.dll failed!\n") ;
??return -1 ;
?}
?dwHookFun = (DWORD)Hooked ;

?dwHookApiAddr = (DWORD)GetProcAddress(hUser32,szHookFunName) ;

?pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hInstance,
?????????????????TRUE,
?????????????????IMAGE_DIRECTORY_ENTRY_IMPORT,
?????????????????&uSize) ;
?//找到要HOOK的函數所在的模塊
?while(pImportDesc->Name)
?{
??szModName = (char *)((PBYTE)hInstance+pImportDesc->Name) ;
??if (strcmp(szModName,szHookModName)==0)
??{
???break ;?
??}
??pImportDesc++ ;
?}
?pImageThunkData = (PIMAGE_THUNK_DATA32)((PBYTE)hInstance+pImportDesc->FirstThunk) ;
?
?while(pImageThunkData->u1.Function)
?{
??dwCurAddr = &pImageThunkData->u1.Function ;
??if (*dwCurAddr == dwHookApiAddr)
??{
???VirtualQuery(dwCurAddr,&mbi,sizeof(MEMORY_BASIC_INFORMATION)) ;
???VirtualProtect(mbi.BaseAddress,mbi.RegionSize,PAGE_READWRITE,&mbi.Protect) ;
???
???*dwCurAddr = dwHookFun ;
???VirtualProtect(mbi.BaseAddress,mbi.RegionSize,mbi.Protect,&dwOldProtect) ;
???break ;
??}
??pImageThunkData++ ;
?}
?//要hook這個API
?MessageBoxA(0,"NOT HOOKED!","robinh00d/[Inh4ss]",0) ;

?return 0 ;
}