W
weserver
Unregistered / Unconfirmed
GUEST, unregistred user!
按照教程做的,但尝试用IE做实验,MySend可以截取成功,但 MyRecv却不行,已经三天的问题,大家帮帮忙啊<br>网络教程地址http://www.51ku.net/info/339.htm<br>附相关代码:<br><br>unit APIHook;<br><br>interface <br><br>uses <br>SysUtils,Dialogs,<br>Windows, WinSock,fmMain,Messages;<br><br>type <br>//要HOOK的API函数定义 <br>TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; <br><br>PJmpCode = ^TJmpCode; <br>TJmpCode = packed record <br>JmpCode: BYTE; <br>Address: TSockProc; <br>MovEAX: Array [0..2] of BYTE; <br>end; <br><br>//--------------------函数声明--------------------------- <br>procedure HookAPI; <br>procedure UnHookAPI; <br><br>var <br>OldSend, OldRecv: TSockProc; //原来的API地址 <br>JmpCode: TJmpCode; <br>OldProc: array [0..1] of TJmpCode; <br>AddSend, AddRecv: pointer; //API地址 <br>TmpJmp: TJmpCode; <br>ProcessHandle: THandle; <br>implementation <br><br>{---------------------------------------} <br>{函数功能:Send函数的HOOK <br>{函数参数:同Send <br>{函数返回值:integer <br>{---------------------------------------} <br>function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; <br>var <br>dwSize: cardinal;<br>tmp:string;<br>begin <br>//这儿进行发送的数据处理<br>setlength(tmp,len);<br>move(buf,tmp[1],len);<br>showmessage(tmp);<br>MessageBeep(1000); //简单的响一声 <br>//调用直正的Send函数 <br>WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize); <br>Result := OldSend(S, Buf, len, flags); <br>JmpCode.Address := @MySend; <br>WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); <br>end; <br><br>{---------------------------------------} <br>{函数功能:Recv函数的HOOK <br>{函数参数:同Recv <br>{函数返回值:integer <br>{---------------------------------------} <br>function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; <br>var <br>dwSize: cardinal;<br>tmp:string;<br>begin<br>//这儿进行接收的数据处理<br>setlength(tmp,len);<br>move(buf,tmp[1],len);<br>showmessage(tmp);<br>MessageBeep(1000); //简单的响一声 <br>//调用直正的Recv函数 <br>WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize); <br>Result := OldRecv(S, Buf, len, flags); <br>JmpCode.Address := @MyRecv; <br>WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); <br>end; <br><br>{------------------------------------} <br>{过程功能:HookAPI <br>{过程参数:无 <br>{------------------------------------} <br>procedure HookAPI; <br>var <br>DLLModule: THandle; <br>dwSize: cardinal; <br>begin<br>ProcessHandle := GetCurrentProcess; <br>DLLModule := LoadLibrary('ws2_32.dll');<br>AddSend := GetProcAddress(DLLModule, 'send'); //取得API地址<br>AddRecv := GetProcAddress(DLLModule, 'recv'); <br>JmpCode.JmpCode := $B8; <br>JmpCode.MovEAX[0] := $FF; <br>JmpCode.MovEAX[1] := $E0; <br>JmpCode.MovEAX[2] := 0; <br>ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize); <br>JmpCode.Address := @MySend; <br>WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口 <br>ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize); <br>JmpCode.Address := @MyRecv; <br>WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口 <br>OldSend := AddSend; <br>OldRecv := AddRecv; <br>end; <br><br>{------------------------------------} <br>{过程功能:取消HOOKAPI <br>{过程参数:无 <br>{------------------------------------} <br>procedure UnHookAPI; <br>var <br>dwSize: Cardinal; <br>begin <br>WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize); <br>WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize); <br>end; <br><br>end.<br><br><br><br><br><br><br>HOOK.DLL的代码: <br>library Hook; <br><br>uses <br>SysUtils, <br>windows, <br>Messages, <br>APIHook in ’APIHook.pas’; <br><br>type <br>PData = ^TData; <br>TData = record <br>Hook: THandle; <br>Hooked: Boolean; <br>end; <br><br>var <br>DLLData: PData; <br><br>{------------------------------------} <br>{过程名:HookProc <br>{过程功能:HOOK过程 <br>{过程参数:nCode, wParam, lParam消息的相 <br>{ 关参数 <br>{------------------------------------} <br>procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall; <br>begin <br>if not DLLData^.Hooked then <br>begin <br>HookAPI; <br>DLLData^.Hooked := True; <br>end; <br>//调用下一个Hook <br>CallNextHookEx(DLLData^.Hook, nCode, wParam, lParam); <br>end; <br><br><br><br><br><br><br>unit fmMain; <br><br>interface <br><br>uses <br>Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, <br>Dialogs, StdCtrls; <br><br>type <br>TForm1 = class(TForm) <br>Button1: TButton; <br>Button2: TButton; <br>Edit1: TEdit; <br>procedure Button1Click(Sender: TObject); <br>procedure Button2Click(Sender: TObject); <br>private <br>{ Private declarations } <br>public <br>{ Public declarations } <br>end; <br><br>var <br>Form1: TForm1; <br>InstallHook: function (SWindow: THandle):Boolean;stdcall; <br>UnHook: procedure;stdcall; <br>implementation <br><br>{$R *.dfm} <br><br>procedure TForm1.Button1Click(Sender: TObject); <br>var <br>ModuleHandle: THandle; <br>TmpWndHandle: THandle; <br>begin <br>TmpWndHandle := 0; <br>TmpWndHandle := FindWindow(nil, ’目标窗口的标题’); <br>if not isWindow(TmpWndHandle) then <br>begin <br>MessageBox(self.Handle, ’没有找到窗口’, ’!!!’, MB_OK); <br>exit; <br>end; <br>ModuleHandle := LoadLibrary(’Hook.dll’); <br>@InstallHook := GetProcAddress(ModuleHandle, ’InstallHook’); <br>@UnHook := GetProcAddress(ModuleHandle, ’UnHook’); <br>if InstallHook(FindWindow(nil, ’Untitled’)) then <br>ShowMessage(’Hook OK’); <br>end; <br><br>procedure TForm1.Button2Click(Sender: TObject); <br>begin <br>UnHook <br>end; <br><br>end.