一个有关截获win API的问题 ( 积分: 30 )

  • 主题发起人 主题发起人 bin2000
  • 开始时间 开始时间
B

bin2000

Unregistered / Unconfirmed
GUEST, unregistred user!
我编写了一个DLL,其中含有一个窗体,并且利用madCodeHook成功截获了windows API &quot;sendto&quot;函数<br>截获后我加入的代码如下:<br>function sendtoHookProc(s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;<br> &nbsp;tolen: Integer): Integer; stdcall;<br>var<br> &nbsp;fHwnd: THandle;<br>begin<br> &nbsp;<br> &nbsp;showmessage('获取成功!');<br>// &nbsp;TForm1.ListBox1.Items.Add('123');<br>//调用原API<br> &nbsp;result := sendtoNextHook(s, buf, len, flags, addrto, tolen);<br>end;<br>单单showmessage不会出错,但往窗体中的listbox中写入数据时就会报错。<br>这是什么原因,有办法解决吗?<br><br>窗体的原代码如下:<br>unit Unit1;<br><br>interface<br><br>uses<br> &nbsp;Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br> &nbsp;Dialogs, StdCtrls, madCodeHook, WinSock;<br><br><br><br>type<br> &nbsp;TSockaddr = packed record<br> &nbsp; sa_family: byte;<br> &nbsp; sa_data: array[0..13]of char;<br> &nbsp;end;<br><br> &nbsp;TForm1 = class(TForm)<br> &nbsp; &nbsp;Button1: TButton;<br> &nbsp; &nbsp;Button2: TButton;<br> &nbsp; &nbsp;ListBox1: TListBox;<br> &nbsp; &nbsp;procedure Button2Click(Sender: TObject);<br> &nbsp; &nbsp;procedure Button1Click(Sender: TObject);<br> &nbsp; &nbsp;procedure FormClose(Sender: TObject; var Action: TCloseAction);<br> &nbsp;private<br> &nbsp; &nbsp;{ Private declarations }<br> &nbsp;public<br> &nbsp; &nbsp;{ Public declarations }<br> &nbsp;end;<br><br>var<br> &nbsp;Form1: TForm1;<br> &nbsp;sendtoNextHook: function (s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;<br> &nbsp;tolen: Integer): Integer; stdcall;<br><br><br>implementation<br><br>{$R *.dfm}<br><br>function sendtoHookProc(s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;<br> &nbsp;tolen: Integer): Integer; stdcall;<br>var<br> &nbsp;fHwnd: THandle;<br>begin<br>// &nbsp;fHwnd := findwindow('Tfrm_main',nil);<br>// &nbsp;application.Handle := fHwnd;<br> &nbsp;showmessage('获取成功!'+format('%x',[application.handle]));<br>// &nbsp;ListBox1.Items.Add('123');<br> &nbsp;result := sendtoNextHook(s, buf, len, flags, addrto, tolen);<br>end;<br><br><br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br> &nbsp;Close;<br>end;<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>begin<br> &nbsp;HookAPI('ws2_32.dll', 'sendto', @sendtoHookProc, @sendtoNextHook);<br>end;<br><br>procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);<br>begin<br> &nbsp;UnhookAPI(@sendtoNextHook);<br>end;<br><br>end.
 
我编写了一个DLL,其中含有一个窗体,并且利用madCodeHook成功截获了windows API &quot;sendto&quot;函数<br>截获后我加入的代码如下:<br>function sendtoHookProc(s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;<br> &nbsp;tolen: Integer): Integer; stdcall;<br>var<br> &nbsp;fHwnd: THandle;<br>begin<br> &nbsp;<br> &nbsp;showmessage('获取成功!');<br>// &nbsp;TForm1.ListBox1.Items.Add('123');<br>//调用原API<br> &nbsp;result := sendtoNextHook(s, buf, len, flags, addrto, tolen);<br>end;<br>单单showmessage不会出错,但往窗体中的listbox中写入数据时就会报错。<br>这是什么原因,有办法解决吗?<br><br>窗体的原代码如下:<br>unit Unit1;<br><br>interface<br><br>uses<br> &nbsp;Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br> &nbsp;Dialogs, StdCtrls, madCodeHook, WinSock;<br><br><br><br>type<br> &nbsp;TSockaddr = packed record<br> &nbsp; sa_family: byte;<br> &nbsp; sa_data: array[0..13]of char;<br> &nbsp;end;<br><br> &nbsp;TForm1 = class(TForm)<br> &nbsp; &nbsp;Button1: TButton;<br> &nbsp; &nbsp;Button2: TButton;<br> &nbsp; &nbsp;ListBox1: TListBox;<br> &nbsp; &nbsp;procedure Button2Click(Sender: TObject);<br> &nbsp; &nbsp;procedure Button1Click(Sender: TObject);<br> &nbsp; &nbsp;procedure FormClose(Sender: TObject; var Action: TCloseAction);<br> &nbsp;private<br> &nbsp; &nbsp;{ Private declarations }<br> &nbsp;public<br> &nbsp; &nbsp;{ Public declarations }<br> &nbsp;end;<br><br>var<br> &nbsp;Form1: TForm1;<br> &nbsp;sendtoNextHook: function (s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;<br> &nbsp;tolen: Integer): Integer; stdcall;<br><br><br>implementation<br><br>{$R *.dfm}<br><br>function sendtoHookProc(s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;<br> &nbsp;tolen: Integer): Integer; stdcall;<br>var<br> &nbsp;fHwnd: THandle;<br>begin<br>// &nbsp;fHwnd := findwindow('Tfrm_main',nil);<br>// &nbsp;application.Handle := fHwnd;<br> &nbsp;showmessage('获取成功!'+format('%x',[application.handle]));<br>// &nbsp;ListBox1.Items.Add('123');<br> &nbsp;result := sendtoNextHook(s, buf, len, flags, addrto, tolen);<br>end;<br><br><br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br> &nbsp;Close;<br>end;<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>begin<br> &nbsp;HookAPI('ws2_32.dll', 'sendto', @sendtoHookProc, @sendtoNextHook);<br>end;<br><br>procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);<br>begin<br> &nbsp;UnhookAPI(@sendtoNextHook);<br>end;<br><br>end.
 
有人会吗?
 
用之前最好先看看MadCodeHook使用的限制条件<br>在api hook中使用窗体绝对是个坏习惯
 
你应该把apihook和窗体都放进全局dll里。
 
应该是字符串(string)管理的问题,你可以在DLL工程的引入单元中最前面(记住一定要在最前面)引入ShareMem单元,同时在你主工程(包含窗体的工程)的引入单元的最前面引入ShareMem单元。使得DLL和EXE使用同一个内存管理器,这样才不会出错,对于引用计数的内存管理类型都应该这样做!
 
估计又是一个想做外挂的.
 
您必须登录或注册才可回复。

Similar threads

I
API HOOK
回复
0
查看
780
import
I
I
截获滚动条消息
回复
0
查看
556
import
I
I
文件的合并和分解
回复
0
查看
697
import
I
I
获取当前视觉主题名称
回复
0
查看
888
import
I
I
获取Richedit当前光标处的词
回复
0
查看
841
import
I
后退
顶部