W
wp231957
Unregistered / Unconfirmed
GUEST, unregistred user!
DLL正文
library hook;
uses
SysUtils,
windows,
Messages,
APIHook in 'APIHook.pas';
type
PData = ^TData;
TData = record
Hook: THandle;
Hooked: Boolean;
end;
var
DLLData: PData;
{------------------------------------}
procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall;
begin
if not DLLData^.Hooked then
begin
HookAPI;
DLLData^.Hooked := True;
end;
CallNextHookEx(DLLData^.Hook, nCode, wParam, lParam);
end;
function InstallHook(SWindow: LongWORD):Boolean;stdcall;
var
ThreadID: LongWORD;
begin
Result := False;
DLLData^.Hook := 0;
ThreadID := GetWindowThreadProcessId(sWindow, nil);
DLLData^.Hook := SetWindowsHookEx(WH_GETMESSAGE, @HookProc,Hinstance, ThreadID);
if DLLData^.Hook > 0 then
Result := True
else
exit;
end;
procedure UnHook;stdcall;
begin
UnHookAPI;
UnhookWindowsHookEx(DLLData^.Hook);
end;
procedure MyDLLHandler(Reason: Integer);
var
FHandle: LongWORD;
begin
case Reason of
DLL_PROCESS_ATTACH:
begin
FHandle := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0,$ffff, 'MYDLLDATA');
if FHandle = 0 then
if GetLastError = ERROR_ALREADY_EXISTS then
begin
FHandle := OpenFileMapping(FILE_MAP_ALL_ACCESS, False,'MYDLLDATA');
if FHandle = 0 then Exit;
end else Exit;
DLLData := MapViewOfFile(FHandle, FILE_MAP_ALL_ACCESS, 0, 0, 0);
if DLLData = nil then
CloseHandle(FHandle);
end;
DLL_PROCESS_DETACH:
begin
if Assigned(DLLData) then
begin
UnmapViewOfFile(DLLData);
DLLData := nil;
end;
end;
end;
end;
{$R *.res}
exports
InstallHook, UnHook, HookProc;
begin
DLLProc := @MyDLLHandler;
MyDLLhandler(DLL_PROCESS_ATTACH);
DLLData^.Hooked := False;
end.
用到相关PAS
unit APIHook;
interface
uses
SysUtils,
Windows, WinSock;
type tsockproc=procedure(code:integer);stdcall;
type
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;
//--------------------º¯ÊýÉùÃ÷---------------------------
procedure HookAPI;
procedure UnHookAPI;
var
OldSend, OldRecv: TSockProc; //Ô­À´µÄAPIµØÖ·
JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //APIµØÖ·
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation
////////////////////////////////////////////////////////////////////
procedure myexitprocess(code:integer);
begin
messagebox(0,'you know i','i am hook',mb_ok);
end;
{------------------------------------}
{¹ý³Ì¹¦ÄÜ:HookAPI
{¹ý³Ì²ÎÊý:ÎÞ
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('kernel32.dll');
AddSend := GetProcAddress(DLLModule, 'ExitProcess'); //È¡µÃAPIµØÖ·
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.Address := @myexitprocess;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //ÐÞ¸ÄSendÈë¿Ú
OldSend := AddSend;
end;
{------------------------------------}
{¹ý³Ì¹¦ÄÜ:È¡ÏûHOOKAPI
{¹ý³Ì²ÎÊý:ÎÞ
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
end;
end.
//主程序调用
function installhook(swindow:longint):boolean;stdcall;external 'hook.dll';
procedure TForm1.Button9Click(Sender: TObject);
begin
installhook(form1.Handle);
exitprocess(0);
end;
library hook;
uses
SysUtils,
windows,
Messages,
APIHook in 'APIHook.pas';
type
PData = ^TData;
TData = record
Hook: THandle;
Hooked: Boolean;
end;
var
DLLData: PData;
{------------------------------------}
procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall;
begin
if not DLLData^.Hooked then
begin
HookAPI;
DLLData^.Hooked := True;
end;
CallNextHookEx(DLLData^.Hook, nCode, wParam, lParam);
end;
function InstallHook(SWindow: LongWORD):Boolean;stdcall;
var
ThreadID: LongWORD;
begin
Result := False;
DLLData^.Hook := 0;
ThreadID := GetWindowThreadProcessId(sWindow, nil);
DLLData^.Hook := SetWindowsHookEx(WH_GETMESSAGE, @HookProc,Hinstance, ThreadID);
if DLLData^.Hook > 0 then
Result := True
else
exit;
end;
procedure UnHook;stdcall;
begin
UnHookAPI;
UnhookWindowsHookEx(DLLData^.Hook);
end;
procedure MyDLLHandler(Reason: Integer);
var
FHandle: LongWORD;
begin
case Reason of
DLL_PROCESS_ATTACH:
begin
FHandle := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0,$ffff, 'MYDLLDATA');
if FHandle = 0 then
if GetLastError = ERROR_ALREADY_EXISTS then
begin
FHandle := OpenFileMapping(FILE_MAP_ALL_ACCESS, False,'MYDLLDATA');
if FHandle = 0 then Exit;
end else Exit;
DLLData := MapViewOfFile(FHandle, FILE_MAP_ALL_ACCESS, 0, 0, 0);
if DLLData = nil then
CloseHandle(FHandle);
end;
DLL_PROCESS_DETACH:
begin
if Assigned(DLLData) then
begin
UnmapViewOfFile(DLLData);
DLLData := nil;
end;
end;
end;
end;
{$R *.res}
exports
InstallHook, UnHook, HookProc;
begin
DLLProc := @MyDLLHandler;
MyDLLhandler(DLL_PROCESS_ATTACH);
DLLData^.Hooked := False;
end.
用到相关PAS
unit APIHook;
interface
uses
SysUtils,
Windows, WinSock;
type tsockproc=procedure(code:integer);stdcall;
type
PJmpCode = ^TJmpCode;
TJmpCode = packed record
JmpCode: BYTE;
Address: TSockProc;
MovEAX: Array [0..2] of BYTE;
end;
//--------------------º¯ÊýÉùÃ÷---------------------------
procedure HookAPI;
procedure UnHookAPI;
var
OldSend, OldRecv: TSockProc; //Ô­À´µÄAPIµØÖ·
JmpCode: TJmpCode;
OldProc: array [0..1] of TJmpCode;
AddSend, AddRecv: pointer; //APIµØÖ·
TmpJmp: TJmpCode;
ProcessHandle: THandle;
implementation
////////////////////////////////////////////////////////////////////
procedure myexitprocess(code:integer);
begin
messagebox(0,'you know i','i am hook',mb_ok);
end;
{------------------------------------}
{¹ý³Ì¹¦ÄÜ:HookAPI
{¹ý³Ì²ÎÊý:ÎÞ
{------------------------------------}
procedure HookAPI;
var
DLLModule: THandle;
dwSize: cardinal;
begin
ProcessHandle := GetCurrentProcess;
DLLModule := LoadLibrary('kernel32.dll');
AddSend := GetProcAddress(DLLModule, 'ExitProcess'); //È¡µÃAPIµØÖ·
JmpCode.JmpCode := $B8;
JmpCode.MovEAX[0] := $FF;
JmpCode.MovEAX[1] := $E0;
JmpCode.MovEAX[2] := 0;
ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
JmpCode.Address := @myexitprocess;
WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //ÐÞ¸ÄSendÈë¿Ú
OldSend := AddSend;
end;
{------------------------------------}
{¹ý³Ì¹¦ÄÜ:È¡ÏûHOOKAPI
{¹ý³Ì²ÎÊý:ÎÞ
{------------------------------------}
procedure UnHookAPI;
var
dwSize: Cardinal;
begin
WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize);
end;
end.
//主程序调用
function installhook(swindow:longint):boolean;stdcall;external 'hook.dll';
procedure TForm1.Button9Click(Sender: TObject);
begin
installhook(form1.Handle);
exitprocess(0);
end;