Z
zbird
Unregistered / Unconfirmed
GUEST, unregistred user!
我想将一个C写的API HOOK改为DELPHI的,<br>可是我改了半天还是有问题。<br>大家谁帮我看看,还要怎么改啊?<br>谢谢<br>原C程序地址<br>http://www.xfocus.net/article_view.php?id=266<br>下面是我改的<br>unit M_Unit;<br><br>interface<br><br>uses<br> Variants, SysUtils, Classes, windows, messages;<br><br>var<br> g_hHook:hhook;<br> g_hinstDll:THandle;<br> pfMessageBoxA:FARPROC;<br><br> OldMessageBoxACode,NewMessageBoxACode:array [0..4] of byte;<br> hModule:THandle;<br> dwIdOld,dwIdNew:Thandle;<br> bHook:boolean;<br><br>function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;<br>procedure HookOn();<br>procedure HookOff();<br>function init():boolean;<br>function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;<br>function UninstallHook():boolean;<br><br>implementation<br><br><br>function DllMain( hModule:THANDLE;<br> ul_reason_for_call
WORD;<br> lpReserved:Tpoint<br>  
:boolean;<br>begin<br> case ul_reason_for_call of<br> DLL_PROCESS_ATTACH:<br> if not init() then<br> begin<br> MessageBoxA(null,'Init','ERROR',MB_OK);<br> result:=false;<br> exit;<br> end;<br> DLL_THREAD_ATTACH:;<br> DLL_THREAD_DETACH:;<br> DLL_PROCESS_DETACH:;<br> end;<br> if bHook then<br> UninstallHook();<br> result:=TRUE;<br>end;<br><br>function InstallHook():boolean;//输出安装空的钩子函数<br>begin<br> g_hinstDll:=LoadLibrary('HookApi2.dll');<br> g_hHook:=SetWindowsHookEx(WH_GETMESSAGE,@MyMessageBoxA,g_hinstDll,0);<br> if g_hHook=0 then<br> begin<br> MessageBoxA(NULL,'SET ERROR','ERROR',MB_OK);<br> result:=false;<br> exit;<br> end;<br> result:=true;<br>end;<br><br>function UninstallHook():boolean;//输出御在钩子函数<br>begin<br> result:=UnhookWindowsHookEx(g_hHook);<br>end;<br><br>//首先关闭拦截,然后才能调用被拦截的Api 函数<br>function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;<br>var<br> nReturn:integer;<br>begin<br> nReturn:=0;<br> HookOff();<br> nReturn:=MessageBoxA(hWnd,'Hook',lpCaption,uType);<br> HookOn();<br> result:=nReturn;<br>end;<br><br>procedure HookOn();<br>var<br> hProc:THANDLE;<br>begin<br> dwIdOld:=dwIdNew;<br> hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);//得到所属进程的句柄<br> VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为可写<br> WriteProcessMemory(hProc,pfMessageBoxA,@NewMessageBoxACode, 5,0);//将所属进程中MessageBoxA的前5个字节改为JMP 到MyMessageBoxA<br> VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为原来的属性<br> bHook:=true;<br>end;<br><br>procedure HookOff();//将所属进程中JMP MyMessageBoxA的代码改为Jmp MessageBoxA<br>var<br> hProc:THANDLE;<br>begin<br> dwIdOld:=dwIdNew;<br> hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);<br> VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);<br> WriteProcessMemory(hProc,pfMessageBoxA,@OldMessageBoxACode,5,0);<br> VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);<br> bHook:=false;<br>end;<br><br>function init():boolean;//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令<br>begin<br> hModule:=LoadLibrary('user32.dll');<br> pfMessageBoxA:=GetProcAddress(hModule,'MessageBoxA');<br> if pfMessageBoxA=nil then<br> begin<br> result:=false;<br> exit<br> end;<br> asm<br> lea edi,OldMessageBoxACode<br> mov esi,pfMessageBoxA<br> cld<br> movsd<br> movsb<br> end;<br> NewMessageBoxACode[0]:=0xe9;//jmp MyMessageBoxA的相对地址的指令<br> asm<br> lea eax,MyMessageBoxA<br> mov ebx,pfMessageBoxA<br> sub eax,ebx<br> sub eax,5<br> mov dword ptr [NewMessageBoxACode+1],eax<br> end;<br> dwIdNew:=GetCurrentProcessId(); //得到所属进程的ID<br> dwIdOld:=dwIdNew;<br> HookOn();//开始拦截<br> result:=true;<br>end;<br><br>function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;<br>begin<br><br>end;<br><br>end.
WORD;<br> lpReserved:Tpoint<br>  :boolean;<br>begin<br> case ul_reason_for_call of<br> DLL_PROCESS_ATTACH:<br> if not init() then<br> begin<br> MessageBoxA(null,'Init','ERROR',MB_OK);<br> result:=false;<br> exit;<br> end;<br> DLL_THREAD_ATTACH:;<br> DLL_THREAD_DETACH:;<br> DLL_PROCESS_DETACH:;<br> end;<br> if bHook then<br> UninstallHook();<br> result:=TRUE;<br>end;<br><br>function InstallHook():boolean;//输出安装空的钩子函数<br>begin<br> g_hinstDll:=LoadLibrary('HookApi2.dll');<br> g_hHook:=SetWindowsHookEx(WH_GETMESSAGE,@MyMessageBoxA,g_hinstDll,0);<br> if g_hHook=0 then<br> begin<br> MessageBoxA(NULL,'SET ERROR','ERROR',MB_OK);<br> result:=false;<br> exit;<br> end;<br> result:=true;<br>end;<br><br>function UninstallHook():boolean;//输出御在钩子函数<br>begin<br> result:=UnhookWindowsHookEx(g_hHook);<br>end;<br><br>//首先关闭拦截,然后才能调用被拦截的Api 函数<br>function MyMessageBoxA(hWnd:HWND; lpText:LPCTSTR; lpCaption:LPCTSTR; uType:UINT):integer;<br>var<br> nReturn:integer;<br>begin<br> nReturn:=0;<br> HookOff();<br> nReturn:=MessageBoxA(hWnd,'Hook',lpCaption,uType);<br> HookOn();<br> result:=nReturn;<br>end;<br><br>procedure HookOn();<br>var<br> hProc:THANDLE;<br>begin<br> dwIdOld:=dwIdNew;<br> hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);//得到所属进程的句柄<br> VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为可写<br> WriteProcessMemory(hProc,pfMessageBoxA,@NewMessageBoxACode, 5,0);//将所属进程中MessageBoxA的前5个字节改为JMP 到MyMessageBoxA<br> VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);//修改所属进程中MessageBoxA的前5个字节的属性为原来的属性<br> bHook:=true;<br>end;<br><br>procedure HookOff();//将所属进程中JMP MyMessageBoxA的代码改为Jmp MessageBoxA<br>var<br> hProc:THANDLE;<br>begin<br> dwIdOld:=dwIdNew;<br> hProc:=OpenProcess(PROCESS_ALL_ACCESS,false,dwIdOld);<br> VirtualProtectEx(hProc,pfMessageBoxA,5,PAGE_READWRITE,@dwIdOld);<br> WriteProcessMemory(hProc,pfMessageBoxA,@OldMessageBoxACode,5,0);<br> VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,@dwIdOld);<br> bHook:=false;<br>end;<br><br>function init():boolean;//初始化得到MessageBoxA的地址,并生成Jmp XXX(MyMessageBoxA)的跳转指令<br>begin<br> hModule:=LoadLibrary('user32.dll');<br> pfMessageBoxA:=GetProcAddress(hModule,'MessageBoxA');<br> if pfMessageBoxA=nil then<br> begin<br> result:=false;<br> exit<br> end;<br> asm<br> lea edi,OldMessageBoxACode<br> mov esi,pfMessageBoxA<br> cld<br> movsd<br> movsb<br> end;<br> NewMessageBoxACode[0]:=0xe9;//jmp MyMessageBoxA的相对地址的指令<br> asm<br> lea eax,MyMessageBoxA<br> mov ebx,pfMessageBoxA<br> sub eax,ebx<br> sub eax,5<br> mov dword ptr [NewMessageBoxACode+1],eax<br> end;<br> dwIdNew:=GetCurrentProcessId(); //得到所属进程的ID<br> dwIdOld:=dwIdNew;<br> HookOn();//开始拦截<br> result:=true;<br>end;<br><br>function MousHook(nCode:integer; wParam:WPARAM; lParam:LPARAM):LRESULT;<br>begin<br><br>end;<br><br>end.