M
m911
Unregistered / Unconfirmed
GUEST, unregistred user!
library Hook; <br><br>uses<br>windows,<br>Messages,<br>APIHook in 'APIHook.pas';<br><br>type<br>PData = ^TData;<br>TData = record <br>Hook: THandle; <br>Hooked: Boolean; <br>end; <br><br>var <br>DLLData: PData; <br><br>{------------------------------------} <br>{过程名:HookProc <br>{过程功能:HOOK过程 <br>{过程参数:nCode, wParam, lParam消息的相 <br>{ 关参数 <br>{------------------------------------} <br>procedure HookProc(nCode, wParam, lParam: LongWORD);stdcall; <br>begin <br>if not DLLData^.Hooked then <br>begin <br>HookAPI; <br>DLLData^.Hooked := True; <br>end; <br>//调用下一个Hook <br>CallNextHookEx(DLLData^.Hook, nCode, wParam, lParam);<br>end; <br><br><br>{------------------------------------} <br>{函数名:InstallHook <br>{函数功能:在指定窗口上安装HOOK <br>{函数参数:sWindow:要安装HOOK的窗口 <br>{返回值:成功返回TRUE,失败返回FALSE <br>{------------------------------------} <br>function InstallHook(SWindow: LongWORD):Boolean;stdcall; <br>var <br>ThreadID: LongWORD; <br>begin <br>Result := False; <br>DLLData^.Hook := 0; <br>ThreadID := GetWindowThreadProcessId(sWindow, nil); <br>//给指定窗口挂上钩子 <br>DLLData^.Hook := SetWindowsHookEx(WH_GETMESSAGE, @HookProc, Hinstance, ThreadID); <br>if DLLData^.Hook > 0 then <br>Result := True //是否成功HOOK <br>else <br>exit; <br>end; <br><br>{------------------------------------} <br>{过程名:UnHook <br>{过程功能:卸载HOOK<br>{过程参数:无 <br>{------------------------------------} <br>procedure UnHook;stdcall; <br>begin <br>UnHookAPI; <br>//卸载Hook<br>UnhookWindowsHookEx(DLLData^.Hook);<br>end;<br><br>{------------------------------------} <br>{过程名LL入口函数 <br>{过程功能:进行DLL初始化,释放等 <br>{过程参数LL状态 <br>{------------------------------------} <br>procedure MyDLLHandler(Reason: Integer); <br>var <br>FHandle: LongWORD; <br>begin <br>case Reason of <br>DLL_PROCESS_ATTACH: <br>begin //建立文件映射,以实现DLL中的全局变量 <br>FHandle := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0, $ffff, 'MYDLLDATA');<br>if FHandle = 0 then <br>if GetLastError = ERROR_ALREADY_EXISTS then <br>begin <br>FHandle := OpenFileMapping(FILE_MAP_ALL_ACCESS, False, 'MYDLLDATA');<br>if FHandle = 0 then Exit; <br>end else Exit; <br>DLLData := MapViewOfFile(FHandle, FILE_MAP_ALL_ACCESS, 0, 0, 0); <br>if DLLData = nil then <br>CloseHandle(FHandle); <br>end; <br>DLL_PROCESS_DETACH: <br>begin <br>if Assigned(DLLData) then <br>begin <br>UnmapViewOfFile(DLLData); <br>DLLData := nil; <br>end; <br>end; <br>end; <br>end; <br><br>exports <br>InstallHook, UnHook, HookProc; <br><br>begin <br>DLLProc := @MyDLLHandler; <br>MyDLLhandler(DLL_PROCESS_ATTACH); <br>DLLData^.Hooked := False; <br>end. <br><br><br>unit APIHook; <br><br>interface <br><br>uses<br><br>Windows, WinSock;<br><br>type <br>//要HOOK的API函数定义 <br>TSockProc = function (s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; <br><br>PJmpCode = ^TJmpCode; <br>TJmpCode = packed record <br>JmpCode: BYTE; <br>Address: TSockProc; <br>MovEAX: Array [0..2] of BYTE; <br>end; <br><br>//--------------------函数声明--------------------------- <br>procedure HookAPI; <br>procedure UnHookAPI; <br><br>var <br>OldSend, OldRecv: TSockProc; //原来的API地址 <br>JmpCode: TJmpCode; <br>OldProc: array [0..1] of TJmpCode; <br>AddSend, AddRecv: pointer; //API地址 <br>TmpJmp: TJmpCode; <br>ProcessHandle: THandle; <br>implementation <br><br>{---------------------------------------} <br>{函数功能:Send函数的HOOK <br>{函数参数:同Send <br>{函数返回值:integer <br>{---------------------------------------} <br>function MySend(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; <br>var <br>dwSize: cardinal; <br>begin <br>//这儿进行发送的数据处理 <br>MessageBeep(1000); //简单的响一声 <br>//调用直正的Send函数 <br>WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize); <br>Result := OldSend(S, Buf, len, flags); <br>JmpCode.Address := @MySend; <br>WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); <br>end; <br><br>{---------------------------------------} <br>{函数功能:Recv函数的HOOK <br>{函数参数:同Recv <br>{函数返回值:integer <br>{---------------------------------------} <br>function MyRecv(s: TSocket; var Buf; len, flags: Integer): Integer; stdcall; <br>var <br>dwSize: cardinal; <br>begin <br>//这儿进行接收的数据处理 <br>MessageBeep(1000); //简单的响一声 <br>//调用直正的Recv函数 <br>WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize); <br>Result := OldRecv(S, Buf, len, flags); <br>JmpCode.Address := @MyRecv; <br>WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); <br>end; <br><br>{------------------------------------} <br>{过程功能:HookAPI <br>{过程参数:无 <br>{------------------------------------} <br>procedure HookAPI; <br>var <br>DLLModule: THandle; <br>dwSize: cardinal; <br>begin <br>ProcessHandle := GetCurrentProcess; <br>DLLModule := LoadLibrary('ws2_32.dll');<br>AddSend := GetProcAddress(DLLModule, 'send'); //取得API地址<br>AddRecv := GetProcAddress(DLLModule, 'recv');<br>JmpCode.JmpCode := $B8; <br>JmpCode.MovEAX[0] := $FF; <br>JmpCode.MovEAX[1] := $E0; <br>JmpCode.MovEAX[2] := 0; <br>ReadProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize); <br>JmpCode.Address := @MySend; <br>WriteProcessMemory(ProcessHandle, AddSend, @JmpCode, 8, dwSize); //修改Send入口 <br>ReadProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize); <br>JmpCode.Address := @MyRecv; <br>WriteProcessMemory(ProcessHandle, AddRecv, @JmpCode, 8, dwSize); //修改Recv入口 <br>OldSend := AddSend; <br>OldRecv := AddRecv; <br>end; <br><br>{------------------------------------} <br>{过程功能:取消HOOKAPI <br>{过程参数:无 <br>{------------------------------------} <br>procedure UnHookAPI; <br>var <br>dwSize: Cardinal; <br>begin <br>WriteProcessMemory(ProcessHandle, AddSend, @OldProc[0], 8, dwSize); <br>WriteProcessMemory(ProcessHandle, AddRecv, @OldProc[1], 8, dwSize); <br>end; <br><br>end. <br><br><br><br><br><br><br>unit Unit1;<br><br>interface<br><br>uses<br> Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br> Dialogs, StdCtrls;<br><br>type<br> TForm1 = class(TForm)<br> Button1: TButton;<br> Button2: TButton;<br> procedure Button1Click(Sender: TObject);<br> procedure Button2Click(Sender: TObject);<br> private<br> { Private declarations }<br> public<br> { Public declarations }<br> end;<br><br>var<br> Form1: TForm1;<br> InstallHook: function (SWindow: THandle):Boolean;stdcall; <br> UnHook: procedure;stdcall;<br><br><br>implementation<br><br>{$R *.dfm}<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var <br>ModuleHandle: THandle; <br>TmpWndHandle: THandle;<br>begin <br>TmpWndHandle := 0;<br>TmpWndHandle := FindWindow(nil, '目标窗口的标题');<br>if not isWindow(TmpWndHandle) then<br>begin<br>MessageBox(self.Handle, '没有找到窗口', '!!!', MB_OK);<br>exit;<br>end;<br>ModuleHandle := LoadLibrary('Hook.dll');<br>@InstallHook := GetProcAddress(ModuleHandle, 'InstallHook');<br>@UnHook := GetProcAddress(ModuleHandle, 'UnHook');<br>if InstallHook(FindWindow(nil, 'Untitled')) then<br>ShowMessage('Hook OK');<br>end;<br><br><br><br>procedure TForm1.Button2Click(Sender: TObject);<br>begin<br>UnHook<br>end;<br><br>end.<br><br><br><br><br><br>这代码可否修改截取到的包并正常转发? 如何实现? 分不够可以加