Z
zfine
Unregistered / Unconfirmed
GUEST, unregistred user!
这个例子可以编译通过,但只能拦截Send这个函数,Recv怎么都反映。代码如下:<br>(在此先谢谢了。找出问题200分送上)<br>OOK.DLL的代码:<br>library Hook;<br><br>uses<br> SysUtils,<br> windows,<br> Messages,<br> APIHook in 'APIHook.pas';<br><br>type<br> PData = ^TData;<br> TData = record<br> Hook: THandle;<br> Hooked: Boolean;<br> end;<br> <br>var<br> DLLData: PData;<br><br>{------------------------------------}<br>{过程名:HookProc<br>{过程功能:HOOK过程<br>{过程参数:nCode, wParam, lParam消息的相<br>{ 关参数<br>{------------------------------------}<br>procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall;<br>begin<br> if not DLLData^.Hooked then<br> begin<br> HookAPI;<br> DLLData^.Hooked := True;<br> end;<br> //调用下一个Hook<br> CallNextHookEx(DLLData^.Hook, nCode, wParam, lParam);<br>end;<br><br><br>{------------------------------------}<br>{函数名:InstallHook<br>{函数功能:在指定窗口上安装HOOK<br>{函数参数:sWindow:要安装HOOK的窗口<br>{返回值:成功返回TRUE,失败返回FALSE<br>{------------------------------------}<br>function InstallHook(SWindow: LongWORD):Boolean;stdcall;<br>var<br> ThreadID: LongWORD;<br>begin<br> Result := False;<br> DLLData^.Hook := 0;<br> if DLLData^.Hook > 0 then<br> Result := True //是否成功HOOK<br> else<br> exit;<br>end;<br><br>{------------------------------------}<br>{过程名:UnHook<br>{过程功能:卸载HOOK<br>{过程参数:无<br>{------------------------------------}<br>procedure UnHook;stdcall;<br>begin<br> UnHookAPI;<br> //卸载Hook<br> UnhookWindowsHookEx(DLLData^.Hook);<br>end;<br><br>{------------------------------------}<br>{过程名
LL入口函数<br>{过程功能:进行DLL初始化,释放等<br>{过程参数LL状态<br>{------------------------------------}<br>procedure MyDLLHandler(Reason: Integer);<br>var<br> FHandle: LongWORD;<br>begin<br> case Reason of<br> DLL_PROCESS_ATTACH:<br> begin //建立文件映射,以实现DLL中的全局变量if FHandle = 0 then<br> if GetLastError = ERROR_ALREADY_EXISTS then<br> begin<br> if FHandle = 0 then Exit;<br> end else Exit;<br> if DLLData = nil then<br> CloseHandle(FHandle);<br> end;<br> DLL_PROCESS_DETACH:<br> begin<br> if Assigned(DLLData) then<br> begin<br> UnmapViewOfFile(DLLData);<br> DLLData := nil;<br> end;<br> end;<br> end;<br>end;<br><br>{$R *.res}<br>exports<br> InstallHook, UnHook, HookProc;<br><br>begin<br> DLLProc := @MyDLLHandler;<br> MyDLLhandler(DLL_PROCESS_ATTACH);<br> DLLData^.Hooked := False;<br>end.<br><br>----------------------------------------------------------------------------------------<br>APIHook.Pas的代码:<br><br>unit APIHook;<br><br>interface<br><br>uses<br> SysUtils,<br> Windows, WinSock;<br><br>type<br> //要HOOK的API函数定义<br> TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;<br><br> PJmpCode = ^TJmpCode;<br> TJmpCode = packed record<br> JmpCode: BYTE;<br> Address: TSockProc;<br> MovEAX: Array [0..2] of BYTE;<br> end;<br><br> //--------------------函数声明---------------------------<br> procedure HookAPI;<br> procedure UnHookAPI;<br><br>var<br> OldSend, OldRecv: TSockProc; //原来的API地址<br> JmpCode: TJmpCode;<br> OldProc: array [0..1] of TJmpCode;<br> AddSend, AddRecv: pointer; //API地址<br> TmpJmp: TJmpCode;<br> ProcessHandle: THandle;<br>implementation<br><br>{---------------------------------------}<br>{函数功能:Send函数的HOOK<br>{函数参数:同Send<br>{函数返回值:integer<br>{---------------------------------------}<br>function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;<br>var<br> dwSize: cardinal;<br>begin<br> //这儿进行发送的数据处理<br> MessageBeep(1000); //简单的响一声<br> //调用直正的Send函数<br> WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);<br> Result := OldSend(S, Buf, len, flags);<br> JmpCode.Address := @MySend;<br> WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);<br>end;<br><br>{---------------------------------------}<br>{函数功能:Recv函数的HOOK<br>{函数参数:同Recv<br>{函数返回值:integer<br>{---------------------------------------}<br>function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;<br>var<br> dwSize: cardinal;<br>begin<br> //这儿进行接收的数据处理<br> MessageBeep(1000); //简单的响一声<br> //调用直正的Recv函数<br> WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);<br> Result := OldRecv(S, Buf, len, flags);<br> JmpCode.Address := @MyRecv;<br> WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);<br>end;<br><br>{------------------------------------}<br>{过程功能:HookAPI<br>{过程参数:无<br>{------------------------------------}<br>{------------------------------------}<br>procedure UnHookAPI;<br>var<br> dwSize: Cardinal;<br>begin<br> WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);<br> WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);<br>end;<br><br>end.<br><br>---------------------------------------------------------------------------------------------<br>编译这个DLL后,再新建一个程序调用这个DLL的InstallHook并传入目标进程的主窗口句柄就可:<br>unit fmMain;<br><br>interface<br><br>uses<br> Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br> Dialogs, StdCtrls;<br><br>type<br> TForm1 = class(TForm)<br> Button1: TButton;<br> Button2: TButton;<br> Edit1: TEdit;<br> procedure Button1Click(Sender: TObject);<br> procedure Button2Click(Sender: TObject);<br> private<br> { Private declarations }<br> public<br> { Public declarations }<br> end;<br> <br>var<br> Form1: TForm1;<br> InstallHook: function (SWindow: THandle):Boolean;stdcall;<br> UnHook: procedure;stdcall;<br>implementation<br><br>{$R *.dfm}<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var<br> ModuleHandle: THandle;<br> TmpWndHandle: THandle;<br>begin<br> TmpWndHandle := 0;<br> TmpWndHandle := FindWindow(nil, '目标窗口的标题');<br> if not isWindow(TmpWndHandle) then<br> begin<br> MessageBox(self.Handle, '没有找到窗口', '!!!', MB_OK);<br> exit;<br> end;<br> ModuleHandle := LoadLibrary('Hook.dll');<br> @InstallHook := GetProcAddress(ModuleHandle, 'InstallHook');<br> @UnHook := GetProcAddress(ModuleHandle, 'UnHook');<br> if InstallHook(FindWindow(nil, 'Untitled')) then<br> ShowMessage('Hook OK');<br>end;<br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br> UnHook<br>end;<br><br>end.
LL入口函数<br>{过程功能:进行DLL初始化,释放等<br>{过程参数LL状态<br>{------------------------------------}<br>procedure MyDLLHandler(Reason: Integer);<br>var<br> FHandle: LongWORD;<br>begin<br> case Reason of<br> DLL_PROCESS_ATTACH:<br> begin //建立文件映射,以实现DLL中的全局变量if FHandle = 0 then<br> if GetLastError = ERROR_ALREADY_EXISTS then<br> begin<br> if FHandle = 0 then Exit;<br> end else Exit;<br> if DLLData = nil then<br> CloseHandle(FHandle);<br> end;<br> DLL_PROCESS_DETACH:<br> begin<br> if Assigned(DLLData) then<br> begin<br> UnmapViewOfFile(DLLData);<br> DLLData := nil;<br> end;<br> end;<br> end;<br>end;<br><br>{$R *.res}<br>exports<br> InstallHook, UnHook, HookProc;<br><br>begin<br> DLLProc := @MyDLLHandler;<br> MyDLLhandler(DLL_PROCESS_ATTACH);<br> DLLData^.Hooked := False;<br>end.<br><br>----------------------------------------------------------------------------------------<br>APIHook.Pas的代码:<br><br>unit APIHook;<br><br>interface<br><br>uses<br> SysUtils,<br> Windows, WinSock;<br><br>type<br> //要HOOK的API函数定义<br> TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;<br><br> PJmpCode = ^TJmpCode;<br> TJmpCode = packed record<br> JmpCode: BYTE;<br> Address: TSockProc;<br> MovEAX: Array [0..2] of BYTE;<br> end;<br><br> //--------------------函数声明---------------------------<br> procedure HookAPI;<br> procedure UnHookAPI;<br><br>var<br> OldSend, OldRecv: TSockProc; //原来的API地址<br> JmpCode: TJmpCode;<br> OldProc: array [0..1] of TJmpCode;<br> AddSend, AddRecv: pointer; //API地址<br> TmpJmp: TJmpCode;<br> ProcessHandle: THandle;<br>implementation<br><br>{---------------------------------------}<br>{函数功能:Send函数的HOOK<br>{函数参数:同Send<br>{函数返回值:integer<br>{---------------------------------------}<br>function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;<br>var<br> dwSize: cardinal;<br>begin<br> //这儿进行发送的数据处理<br> MessageBeep(1000); //简单的响一声<br> //调用直正的Send函数<br> WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);<br> Result := OldSend(S, Buf, len, flags);<br> JmpCode.Address := @MySend;<br> WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize);<br>end;<br><br>{---------------------------------------}<br>{函数功能:Recv函数的HOOK<br>{函数参数:同Recv<br>{函数返回值:integer<br>{---------------------------------------}<br>function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall;<br>var<br> dwSize: cardinal;<br>begin<br> //这儿进行接收的数据处理<br> MessageBeep(1000); //简单的响一声<br> //调用直正的Recv函数<br> WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);<br> Result := OldRecv(S, Buf, len, flags);<br> JmpCode.Address := @MyRecv;<br> WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize);<br>end;<br><br>{------------------------------------}<br>{过程功能:HookAPI<br>{过程参数:无<br>{------------------------------------}<br>{------------------------------------}<br>procedure UnHookAPI;<br>var<br> dwSize: Cardinal;<br>begin<br> WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);<br> WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize);<br>end;<br><br>end.<br><br>---------------------------------------------------------------------------------------------<br>编译这个DLL后,再新建一个程序调用这个DLL的InstallHook并传入目标进程的主窗口句柄就可:<br>unit fmMain;<br><br>interface<br><br>uses<br> Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br> Dialogs, StdCtrls;<br><br>type<br> TForm1 = class(TForm)<br> Button1: TButton;<br> Button2: TButton;<br> Edit1: TEdit;<br> procedure Button1Click(Sender: TObject);<br> procedure Button2Click(Sender: TObject);<br> private<br> { Private declarations }<br> public<br> { Public declarations }<br> end;<br> <br>var<br> Form1: TForm1;<br> InstallHook: function (SWindow: THandle):Boolean;stdcall;<br> UnHook: procedure;stdcall;<br>implementation<br><br>{$R *.dfm}<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var<br> ModuleHandle: THandle;<br> TmpWndHandle: THandle;<br>begin<br> TmpWndHandle := 0;<br> TmpWndHandle := FindWindow(nil, '目标窗口的标题');<br> if not isWindow(TmpWndHandle) then<br> begin<br> MessageBox(self.Handle, '没有找到窗口', '!!!', MB_OK);<br> exit;<br> end;<br> ModuleHandle := LoadLibrary('Hook.dll');<br> @InstallHook := GetProcAddress(ModuleHandle, 'InstallHook');<br> @UnHook := GetProcAddress(ModuleHandle, 'UnHook');<br> if InstallHook(FindWindow(nil, 'Untitled')) then<br> ShowMessage('Hook OK');<br>end;<br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br> UnHook<br>end;<br><br>end.