请问大虾下面的代码为什么不能执行，是那个地方有问题啊。 ( 积分: 100 )

jinanifku · 2005-08-31

{ 制作：深圳方达软件 日期：2005-8-22 用途：勾子api，检测有新进程启动 } unit APIHookProc; interface uses  SysUtils,  Windows, WinSock, Dialogs, registry; type   SECURITY_ATTRIBUTES=^TSECURITY_ATTRIBUTES;   TSECURITY_ATTRIBUTES=record   nLength

WORD ;   lpSecurityDescriptor:string ;   bInheritHandle:BOOL   ; end; type    STARTUPINFO=^TSTARTUPINFO ;    TSTARTUPINFO=record    cb

WORD   ;    lpReserved:LPTSTR  ;    lpDesktop:LPTSTR;    lpTitle:LPTSTR;    dwX

WORD;    dwY

WORD;    dwXSize

WORD;    dwYSize

WORD;    dwXCountChars

WORD;    dwYCountChars

WORD;    dwFillAttribute

WORD ;    dwFlags:  DWORD;    wShowWindow:WORD;    cbReserved2:WORD;    lpReserved2

Word;    hStdInput:tHANDLE ;    hStdOutput:tHANDLE ;    hStdError:tHANDLE; end; type PROCESS_INFORMATION =^TPROCESS_INFORMATION ;    TPROCESS_INFORMATION=record     hProcess:tHANDLE;     hThread:tHANDLE;     dwProcessId

WORD;     dwThreadId

WORD; end; type  //要HOOK的API函数定义  //CreateProcessW  Tregproc=Function(lpApplicationName

AnsiChar;lpcommandLine

AnsiChar;lpProcessAttributes:SECURITY_ATTRIBUTES;lpThreadAttributes:SECURITY_ATTRIBUTES;bInheritHandles:bool;dwCreationFlags:dword;lpEnvironment

AnsiChar;lpCurrentDirectory

AnsiChar;lpStartupInfo:STARTUPINFO;lpProcessInformation

ROCESS_INFORMATION):longint;stdcall;  PJmpCode = ^TJmpCode;  TJmpCode = packed record    JmpCode: BYTE;    Address: Tregproc;    MovEAX: array[0..2] of BYTE;  end;  //--------------------函数声明--------------------------- procedure HookAPI; procedure UnHookAPI; var  Oldreg            : Tregproc;         //原来的API地址  JmpCode           : TJmpCode;  Oldproc           : array[0..1] of TJmpCode;  Addreg            : Pointer;          //API地址  TmpJmp            : TJmpCode;  ProcessHandle     : THandle; implementation procedure show_numberPassword(v:string); var  dc:thandle; begin  DC:=GetDC(0);  TextOut(DC,100,100,Pchar(V),Length(V));  ReleaseDC(0,DC); end; {---------------------------------------} {函数功能:CreateProcessW函数的HOOK {函数参数:同CreateProcessW {函数返回值:integer {---------------------------------------} function Myreg(lpApplicationName

AnsiChar;lpcommandLine

AnsiChar;lpProcessAttributes:SECURITY_ATTRIBUTES;lpThreadAttributes:SECURITY_ATTRIBUTES;bInheritHandles:bool;dwCreationFlags:dword;lpEnvironment

AnsiChar;lpCurrentDirectory

AnsiChar;lpStartupInfo:STARTUPINFO;lpProcessInformation

ROCESS_INFORMATION):longint;stdcall; var  dwSize            : cardinal; begin  //调用直正的CreateProcessW函数  result:=1;  WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);  //对操作进行处理  {  }  JmpCode.Address := @Myreg;  //定义hook的CreateProcessW函数  WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize);  result:=0; end; {------------------------------------} {过程功能:HookAPI {过程参数:无 {------------------------------------} procedure HookAPI; var  DLLModule         : THandle;  dwSize            : cardinal; begin try  ProcessHandle := GetCurrentProcess;  DLLModule := LoadLibrary('kernel32.dll');  Addreg := GetProcAddress(DLLModule, 'CreateProcessW');  JmpCode.JmpCode :=$B8; //$25FF  JmpCode.MovEAX[0] := $FF;  JmpCode.MovEAX[1] := $E0;  JmpCode.MovEAX[2] := 0;  ReadProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);//8  JmpCode.Address := @Myreg;  WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize);//8 //修改CreateProcessW入口  Oldreg := Addreg;  except        end; end; {------------------------------------} {过程功能:取消HOOKAPI {过程参数:无 {------------------------------------} procedure UnHookAPI; var  dwSize            : cardinal; begin  WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize); //8 end; end.

jinanifku · 2005-08-31

{ 制作：深圳方达软件 日期：2005-8-22 用途：勾子api，检测有新进程启动 } unit APIHookProc; interface uses  SysUtils,  Windows, WinSock, Dialogs, registry; type   SECURITY_ATTRIBUTES=^TSECURITY_ATTRIBUTES;   TSECURITY_ATTRIBUTES=record   nLength

WORD ;   lpSecurityDescriptor:string ;   bInheritHandle:BOOL   ; end; type    STARTUPINFO=^TSTARTUPINFO ;    TSTARTUPINFO=record    cb

WORD   ;    lpReserved:LPTSTR  ;    lpDesktop:LPTSTR;    lpTitle:LPTSTR;    dwX

WORD;    dwY

WORD;    dwXSize

WORD;    dwYSize

WORD;    dwXCountChars

WORD;    dwYCountChars

WORD;    dwFillAttribute

WORD ;    dwFlags:  DWORD;    wShowWindow:WORD;    cbReserved2:WORD;    lpReserved2

Word;    hStdInput:tHANDLE ;    hStdOutput:tHANDLE ;    hStdError:tHANDLE; end; type PROCESS_INFORMATION =^TPROCESS_INFORMATION ;    TPROCESS_INFORMATION=record     hProcess:tHANDLE;     hThread:tHANDLE;     dwProcessId

WORD;     dwThreadId

WORD; end; type  //要HOOK的API函数定义  //CreateProcessW  Tregproc=Function(lpApplicationName

AnsiChar;lpcommandLine

AnsiChar;lpProcessAttributes:SECURITY_ATTRIBUTES;lpThreadAttributes:SECURITY_ATTRIBUTES;bInheritHandles:bool;dwCreationFlags:dword;lpEnvironment

AnsiChar;lpCurrentDirectory

AnsiChar;lpStartupInfo:STARTUPINFO;lpProcessInformation

ROCESS_INFORMATION):longint;stdcall;  PJmpCode = ^TJmpCode;  TJmpCode = packed record    JmpCode: BYTE;    Address: Tregproc;    MovEAX: array[0..2] of BYTE;  end;  //--------------------函数声明--------------------------- procedure HookAPI; procedure UnHookAPI; var  Oldreg            : Tregproc;         //原来的API地址  JmpCode           : TJmpCode;  Oldproc           : array[0..1] of TJmpCode;  Addreg            : Pointer;          //API地址  TmpJmp            : TJmpCode;  ProcessHandle     : THandle; implementation procedure show_numberPassword(v:string); var  dc:thandle; begin  DC:=GetDC(0);  TextOut(DC,100,100,Pchar(V),Length(V));  ReleaseDC(0,DC); end; {---------------------------------------} {函数功能:CreateProcessW函数的HOOK {函数参数:同CreateProcessW {函数返回值:integer {---------------------------------------} function Myreg(lpApplicationName

AnsiChar;lpcommandLine

AnsiChar;lpProcessAttributes:SECURITY_ATTRIBUTES;lpThreadAttributes:SECURITY_ATTRIBUTES;bInheritHandles:bool;dwCreationFlags:dword;lpEnvironment

AnsiChar;lpCurrentDirectory

AnsiChar;lpStartupInfo:STARTUPINFO;lpProcessInformation

ROCESS_INFORMATION):longint;stdcall; var  dwSize            : cardinal; begin  //调用直正的CreateProcessW函数  result:=1;  WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);  //对操作进行处理  {  }  JmpCode.Address := @Myreg;  //定义hook的CreateProcessW函数  WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize);  result:=0; end; {------------------------------------} {过程功能:HookAPI {过程参数:无 {------------------------------------} procedure HookAPI; var  DLLModule         : THandle;  dwSize            : cardinal; begin try  ProcessHandle := GetCurrentProcess;  DLLModule := LoadLibrary('kernel32.dll');  Addreg := GetProcAddress(DLLModule, 'CreateProcessW');  JmpCode.JmpCode :=$B8; //$25FF  JmpCode.MovEAX[0] := $FF;  JmpCode.MovEAX[1] := $E0;  JmpCode.MovEAX[2] := 0;  ReadProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize);//8  JmpCode.Address := @Myreg;  WriteProcessMemory(ProcessHandle, Addreg, @JmpCode, 8, dwSize);//8 //修改CreateProcessW入口  Oldreg := Addreg;  except        end; end; {------------------------------------} {过程功能:取消HOOKAPI {过程参数:无 {------------------------------------} procedure UnHookAPI; var  dwSize            : cardinal; begin  WriteProcessMemory(ProcessHandle, Addreg, @Oldproc[0], 8, dwSize); //8 end; end.

请问大虾下面的代码为什么不能执行，是那个地方有问题啊。 ( 积分: 100 )

jinanifku

Unregistered / Unconfirmed

jinanifku

Unregistered / Unconfirmed

Similar threads