- 注册时间
- 2011-3-6
- 最后登录
- 1970-1-1
该用户从未签到
|
对外的接口:
1. 类初始化时对函数HOOK
2. //取消挂钩
void UnHook();
3. //重新挂钩
void ReHook();
在初始化时HOOK的代码:
*(DWORD*)(m_btNewBytes+1) = (DWORD)pfnHook;8个字节的代码地址0xB8, 0x00, 0x00,0x40,0x00,0xFF,0xE0,0x00 只要把第二位和第三位成的数据改成函数的地址,调用原先的函数时就会调到自定义的函数执行...
.h
#ifndef _ULHOOK_H__
#define _ULHOOK_H__
#include <Windows.h>
#pragma once
class CULHook
{
public:
CULHook(LPSTR lpszModName, LPSTR lpszFuncNme, PROC pfnHook);
~CULHook(void);
//取消挂钩
void UnHook();
//重新挂钩
void ReHook();
protected:
PROC m_pfnOrig;
BYTE m_btNewBytes[8];
BYTE m_btOldBytes[8];
HMODULE m_hModule;
};
#endif
.cpp
#include "ULHook.h"
CULHook::CULHook(LPSTR lpszModName, LPSTR lpszFuncNme, PROC pfnHook)
{
BYTE btNewBytes[] = {0xB8, 0x00, 0x00,0x40,0x00,0xFF,0xE0,0x00};
memcpy(m_btNewBytes, btNewBytes, 8);
*(DWORD*)(m_btNewBytes+1) = (DWORD)pfnHook;
m_hModule = :oadLibraryA(lpszModName);
if (NULL == m_hModule)
{
m_pfnOrig = NULL;
return;
}
m_pfnOrig = (PROC)::GetProcAddress(m_hModule, lpszFuncNme);
if (NULL != m_pfnOrig)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
memcpy(m_btOldBytes, m_pfnOrig, 8);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btNewBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
CULHook::~CULHook(void)
{
UnHook();
if (m_hModule!=NULL)
{
::FreeLibrary(m_hModule);
}
}
void CULHook::UnHook()
{
if (m_pfnOrig != NULL)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btOldBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
void CULHook::ReHook()
{
if (m_pfnOrig != NULL)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btNewBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
} |
|