熟悉HOOKAPI的朋友请进 ( 积分: 50 )

library&nbsp;Hook;&nbsp;<br><br>uses<br>windows,<br>Messages,<br>APIHook&nbsp;in&nbsp;'APIHook.pas';<br><br>type<br>PData&nbsp;=&nbsp;^TData;<br>TData&nbsp;=&nbsp;record&nbsp;<br>Hook:&nbsp;THandle;&nbsp;<br>Hooked:&nbsp;Boolean;&nbsp;<br>end;&nbsp;<br><br>var&nbsp;<br>DLLData:&nbsp;PData;&nbsp;<br><br>{------------------------------------}&nbsp;<br>{过程名:HookProc&nbsp;<br>{过程功能:HOOK过程&nbsp;<br>{过程参数:nCode,&nbsp;wParam,&nbsp;lParam消息的相&nbsp;<br>{&nbsp;关参数&nbsp;<br>{------------------------------------}&nbsp;<br>procedure&nbsp;HookProc(nCode,&nbsp;wParam,&nbsp;lParam:&nbsp;LongWORD);stdcall;&nbsp;<br>begin&nbsp;<br>if&nbsp;not&nbsp;DLLData^.Hooked&nbsp;then&nbsp;<br>begin&nbsp;<br>HookAPI;&nbsp;<br>DLLData^.Hooked&nbsp;:=&nbsp;True;&nbsp;<br>end;&nbsp;<br>//调用下一个Hook&nbsp;<br>CallNextHookEx(DLLData^.Hook,&nbsp;nCode,&nbsp;wParam,&nbsp;lParam);<br>end;&nbsp;<br><br><br>{------------------------------------}&nbsp;<br>{函数名:InstallHook&nbsp;<br>{函数功能:在指定窗口上安装HOOK&nbsp;<br>{函数参数:sWindow:要安装HOOK的窗口&nbsp;<br>{返回值:成功返回TRUE,失败返回FALSE&nbsp;<br>{------------------------------------}&nbsp;<br>function&nbsp;InstallHook(SWindow:&nbsp;LongWORD):Boolean;stdcall;&nbsp;<br>var&nbsp;<br>ThreadID:&nbsp;LongWORD;&nbsp;<br>begin&nbsp;<br>Result&nbsp;:=&nbsp;False;&nbsp;<br>DLLData^.Hook&nbsp;:=&nbsp;0;&nbsp;<br>ThreadID&nbsp;:=&nbsp;GetWindowThreadProcessId(sWindow,&nbsp;nil);&nbsp;<br>//给指定窗口挂上钩子&nbsp;<br>DLLData^.Hook&nbsp;:=&nbsp;SetWindowsHookEx(WH_GETMESSAGE,&nbsp;@HookProc,&nbsp;Hinstance,&nbsp;ThreadID);&nbsp;<br>if&nbsp;DLLData^.Hook&nbsp;&gt;&nbsp;0&nbsp;then&nbsp;<br>Result&nbsp;:=&nbsp;True&nbsp;//是否成功HOOK&nbsp;<br>else&nbsp;<br>exit;&nbsp;<br>end;&nbsp;<br><br>{------------------------------------}&nbsp;<br>{过程名:UnHook&nbsp;<br>{过程功能:卸载HOOK<br>{过程参数:无&nbsp;<br>{------------------------------------}&nbsp;<br>procedure&nbsp;UnHook;stdcall;&nbsp;<br>begin&nbsp;<br>UnHookAPI;&nbsp;<br>//卸载Hook<br>UnhookWindowsHookEx(DLLData^.Hook);<br>end;<br><br>{------------------------------------}&nbsp;<br>{过程名LL入口函数&nbsp;<br>{过程功能:进行DLL初始化,释放等&nbsp;<br>{过程参数LL状态&nbsp;<br>{------------------------------------}&nbsp;<br>procedure&nbsp;MyDLLHandler(Reason:&nbsp;Integer);&nbsp;<br>var&nbsp;<br>FHandle:&nbsp;LongWORD;&nbsp;<br>begin&nbsp;<br>case&nbsp;Reason&nbsp;of&nbsp;<br>DLL_PROCESS_ATTACH:&nbsp;<br>begin&nbsp;//建立文件映射,以实现DLL中的全局变量&nbsp;<br>FHandle&nbsp;:=&nbsp;CreateFileMapping($FFFFFFFF,&nbsp;nil,&nbsp;PAGE_READWRITE,&nbsp;0,&nbsp;$ffff,&nbsp;'MYDLLDATA');<br>if&nbsp;FHandle&nbsp;=&nbsp;0&nbsp;then&nbsp;<br>if&nbsp;GetLastError&nbsp;=&nbsp;ERROR_ALREADY_EXISTS&nbsp;then&nbsp;<br>begin&nbsp;<br>FHandle&nbsp;:=&nbsp;OpenFileMapping(FILE_MAP_ALL_ACCESS,&nbsp;False,&nbsp;'MYDLLDATA');<br>if&nbsp;FHandle&nbsp;=&nbsp;0&nbsp;then&nbsp;Exit;&nbsp;<br>end&nbsp;else&nbsp;Exit;&nbsp;<br>DLLData&nbsp;:=&nbsp;MapViewOfFile(FHandle,&nbsp;FILE_MAP_ALL_ACCESS,&nbsp;0,&nbsp;0,&nbsp;0);&nbsp;<br>if&nbsp;DLLData&nbsp;=&nbsp;nil&nbsp;then&nbsp;<br>CloseHandle(FHandle);&nbsp;<br>end;&nbsp;<br>DLL_PROCESS_DETACH:&nbsp;<br>begin&nbsp;<br>if&nbsp;Assigned(DLLData)&nbsp;then&nbsp;<br>begin&nbsp;<br>UnmapViewOfFile(DLLData);&nbsp;<br>DLLData&nbsp;:=&nbsp;nil;&nbsp;<br>end;&nbsp;<br>end;&nbsp;<br>end;&nbsp;<br>end;&nbsp;<br><br>exports&nbsp;<br>InstallHook,&nbsp;UnHook,&nbsp;HookProc;&nbsp;<br><br>begin&nbsp;<br>DLLProc&nbsp;:=&nbsp;@MyDLLHandler;&nbsp;<br>MyDLLhandler(DLL_PROCESS_ATTACH);&nbsp;<br>DLLData^.Hooked&nbsp;:=&nbsp;False;&nbsp;<br>end.&nbsp;<br><br><br>unit&nbsp;APIHook;&nbsp;<br><br>interface&nbsp;<br><br>uses<br><br>Windows,&nbsp;WinSock;<br><br>type&nbsp;<br>//要HOOK的API函数定义&nbsp;<br>TSockProc&nbsp;=&nbsp;function&nbsp;(s:&nbsp;TSocket;&nbsp;var&nbsp;Buf;&nbsp;len,&nbsp;flags:&nbsp;Integer):&nbsp;Integer;&nbsp;stdcall;&nbsp;<br><br>PJmpCode&nbsp;=&nbsp;^TJmpCode;&nbsp;<br>TJmpCode&nbsp;=&nbsp;packed&nbsp;record&nbsp;<br>JmpCode:&nbsp;BYTE;&nbsp;<br>Address:&nbsp;TSockProc;&nbsp;<br>MovEAX:&nbsp;Array&nbsp;[0..2]&nbsp;of&nbsp;BYTE;&nbsp;<br>end;&nbsp;<br><br>//--------------------函数声明---------------------------&nbsp;<br>procedure&nbsp;HookAPI;&nbsp;<br>procedure&nbsp;UnHookAPI;&nbsp;<br><br>var&nbsp;<br>OldSend,&nbsp;OldRecv:&nbsp;TSockProc;&nbsp;//原来的API地址&nbsp;<br>JmpCode:&nbsp;TJmpCode;&nbsp;<br>OldProc:&nbsp;array&nbsp;[0..1]&nbsp;of&nbsp;TJmpCode;&nbsp;<br>AddSend,&nbsp;AddRecv:&nbsp;pointer;&nbsp;//API地址&nbsp;<br>TmpJmp:&nbsp;TJmpCode;&nbsp;<br>ProcessHandle:&nbsp;THandle;&nbsp;<br>implementation&nbsp;<br><br>{---------------------------------------}&nbsp;<br>{函数功能:Send函数的HOOK&nbsp;<br>{函数参数:同Send&nbsp;<br>{函数返回值:integer&nbsp;<br>{---------------------------------------}&nbsp;<br>function&nbsp;MySend(s:&nbsp;TSocket;&nbsp;var&nbsp;Buf;&nbsp;len,&nbsp;flags:&nbsp;Integer):&nbsp;Integer;&nbsp;stdcall;&nbsp;<br>var&nbsp;<br>dwSize:&nbsp;cardinal;&nbsp;<br>begin&nbsp;<br>//这儿进行发送的数据处理&nbsp;<br>MessageBeep(1000);&nbsp;//简单的响一声&nbsp;<br>//调用直正的Send函数&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddSend,&nbsp;@OldProc[0],&nbsp;8,&nbsp;dwSize);&nbsp;<br>Result&nbsp;:=&nbsp;OldSend(S,&nbsp;Buf,&nbsp;len,&nbsp;flags);&nbsp;<br>JmpCode.Address&nbsp;:=&nbsp;@MySend;&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddSend,&nbsp;@JmpCode,&nbsp;8,&nbsp;dwSize);&nbsp;<br>end;&nbsp;<br><br>{---------------------------------------}&nbsp;<br>{函数功能:Recv函数的HOOK&nbsp;<br>{函数参数:同Recv&nbsp;<br>{函数返回值:integer&nbsp;<br>{---------------------------------------}&nbsp;<br>function&nbsp;MyRecv(s:&nbsp;TSocket;&nbsp;var&nbsp;Buf;&nbsp;len,&nbsp;flags:&nbsp;Integer):&nbsp;Integer;&nbsp;stdcall;&nbsp;<br>var&nbsp;<br>dwSize:&nbsp;cardinal;&nbsp;<br>begin&nbsp;<br>//这儿进行接收的数据处理&nbsp;<br>MessageBeep(1000);&nbsp;//简单的响一声&nbsp;<br>//调用直正的Recv函数&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddRecv,&nbsp;@OldProc[1],&nbsp;8,&nbsp;dwSize);&nbsp;<br>Result&nbsp;:=&nbsp;OldRecv(S,&nbsp;Buf,&nbsp;len,&nbsp;flags);&nbsp;<br>JmpCode.Address&nbsp;:=&nbsp;@MyRecv;&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddRecv,&nbsp;@JmpCode,&nbsp;8,&nbsp;dwSize);&nbsp;<br>end;&nbsp;<br><br>{------------------------------------}&nbsp;<br>{过程功能:HookAPI&nbsp;<br>{过程参数:无&nbsp;<br>{------------------------------------}&nbsp;<br>procedure&nbsp;HookAPI;&nbsp;<br>var&nbsp;<br>DLLModule:&nbsp;THandle;&nbsp;<br>dwSize:&nbsp;cardinal;&nbsp;<br>begin&nbsp;<br>ProcessHandle&nbsp;:=&nbsp;GetCurrentProcess;&nbsp;<br>DLLModule&nbsp;:=&nbsp;LoadLibrary('ws2_32.dll');<br>AddSend&nbsp;:=&nbsp;GetProcAddress(DLLModule,&nbsp;'send');&nbsp;//取得API地址<br>AddRecv&nbsp;:=&nbsp;GetProcAddress(DLLModule,&nbsp;'recv');<br>JmpCode.JmpCode&nbsp;:=&nbsp;$B8;&nbsp;<br>JmpCode.MovEAX[0]&nbsp;:=&nbsp;$FF;&nbsp;<br>JmpCode.MovEAX[1]&nbsp;:=&nbsp;$E0;&nbsp;<br>JmpCode.MovEAX[2]&nbsp;:=&nbsp;0;&nbsp;<br>ReadProcessMemory(ProcessHandle,&nbsp;AddSend,&nbsp;@OldProc[0],&nbsp;8,&nbsp;dwSize);&nbsp;<br>JmpCode.Address&nbsp;:=&nbsp;@MySend;&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddSend,&nbsp;@JmpCode,&nbsp;8,&nbsp;dwSize);&nbsp;//修改Send入口&nbsp;<br>ReadProcessMemory(ProcessHandle,&nbsp;AddRecv,&nbsp;@OldProc[1],&nbsp;8,&nbsp;dwSize);&nbsp;<br>JmpCode.Address&nbsp;:=&nbsp;@MyRecv;&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddRecv,&nbsp;@JmpCode,&nbsp;8,&nbsp;dwSize);&nbsp;//修改Recv入口&nbsp;<br>OldSend&nbsp;:=&nbsp;AddSend;&nbsp;<br>OldRecv&nbsp;:=&nbsp;AddRecv;&nbsp;<br>end;&nbsp;<br><br>{------------------------------------}&nbsp;<br>{过程功能:取消HOOKAPI&nbsp;<br>{过程参数:无&nbsp;<br>{------------------------------------}&nbsp;<br>procedure&nbsp;UnHookAPI;&nbsp;<br>var&nbsp;<br>dwSize:&nbsp;Cardinal;&nbsp;<br>begin&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddSend,&nbsp;@OldProc[0],&nbsp;8,&nbsp;dwSize);&nbsp;<br>WriteProcessMemory(ProcessHandle,&nbsp;AddRecv,&nbsp;@OldProc[1],&nbsp;8,&nbsp;dwSize);&nbsp;<br>end;&nbsp;<br><br>end.&nbsp;<br><br><br><br><br><br><br>unit&nbsp;Unit1;<br><br>interface<br><br>uses<br>&nbsp;&nbsp;Windows,&nbsp;Messages,&nbsp;SysUtils,&nbsp;Variants,&nbsp;Classes,&nbsp;Graphics,&nbsp;Controls,&nbsp;Forms,<br>&nbsp;&nbsp;Dialogs,&nbsp;StdCtrls;<br><br>type<br>&nbsp;&nbsp;TForm1&nbsp;=&nbsp;class(TForm)<br>&nbsp;&nbsp;&nbsp;&nbsp;Button1:&nbsp;TButton;<br>&nbsp;&nbsp;&nbsp;&nbsp;Button2:&nbsp;TButton;<br>&nbsp;&nbsp;&nbsp;&nbsp;procedure&nbsp;Button1Click(Sender:&nbsp;TObject);<br>&nbsp;&nbsp;&nbsp;&nbsp;procedure&nbsp;Button2Click(Sender:&nbsp;TObject);<br>&nbsp;&nbsp;private<br>&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;Private&nbsp;declarations&nbsp;}<br>&nbsp;&nbsp;public<br>&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;Public&nbsp;declarations&nbsp;}<br>&nbsp;&nbsp;end;<br><br>var<br>&nbsp;&nbsp;Form1:&nbsp;TForm1;<br>&nbsp;&nbsp;InstallHook:&nbsp;function&nbsp;(SWindow:&nbsp;THandle):Boolean;stdcall;&nbsp;<br>&nbsp;&nbsp;UnHook:&nbsp;procedure;stdcall;<br><br><br>implementation<br><br>{$R&nbsp;*.dfm}<br><br>procedure&nbsp;TForm1.Button1Click(Sender:&nbsp;TObject);<br>var&nbsp;<br>ModuleHandle:&nbsp;THandle;&nbsp;<br>TmpWndHandle:&nbsp;THandle;<br>begin&nbsp;<br>TmpWndHandle&nbsp;:=&nbsp;0;<br>TmpWndHandle&nbsp;:=&nbsp;FindWindow(nil,&nbsp;'目标窗口的标题');<br>if&nbsp;not&nbsp;isWindow(TmpWndHandle)&nbsp;then<br>begin<br>MessageBox(self.Handle,&nbsp;'没有找到窗口',&nbsp;'!!!',&nbsp;MB_OK);<br>exit;<br>end;<br>ModuleHandle&nbsp;:=&nbsp;LoadLibrary('Hook.dll');<br>@InstallHook&nbsp;:=&nbsp;GetProcAddress(ModuleHandle,&nbsp;'InstallHook');<br>@UnHook&nbsp;:=&nbsp;GetProcAddress(ModuleHandle,&nbsp;'UnHook');<br>if&nbsp;InstallHook(FindWindow(nil,&nbsp;'Untitled'))&nbsp;then<br>ShowMessage('Hook&nbsp;OK');<br>end;<br><br><br><br>procedure&nbsp;TForm1.Button2Click(Sender:&nbsp;TObject);<br>begin<br>UnHook<br>end;<br><br>end.<br><br><br><br><br><br>这代码可否修改截取到的包并正常转发?&nbsp;&nbsp;如何实现?&nbsp;分不够可以加

123

cfgfdg

这么多数据肯定会出错

白兄怎么不来啊

如果真的要HOOK&nbsp;WinSock函数的话，你还是使用MS&nbsp;自己提供的SPI接口吧。只要将自己的DLL插入到指定的层（LSP），就可以截获你需要的这些函数调用。如果需要支持的话，可以给我邮件，我发一个DEMO给你（自己写的^_^）&nbsp;tufeiping#hotmail.com