G
ghqisme
Unregistered / Unconfirmed
GUEST, unregistred user!
//程序如下,关键是如何改写为系统钩子钩住WH_GETMESSAGE;
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TlmportCode =packed record
Jumplnstruction: Word; //是$25FF,JUMP指令
AddressOfPointerToFunction: PPointer;//真正开始的地址
end;
PlmportCode = ^TlmportCode;
type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
Button3: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
type
TmessageA = function(hwn: hwnd; Iptext: pchar; Ipcapion
char; utype: cardinal): integer;stdcall;
var
Form1: TForm1;
OldMessageBoxA: TmessageA;
FuncMessageboxAlmportCode;
implementation
{$R *.dfm}
function TrueFunctionAddress(func: Pointer): Pointer;
var
Code: PlmportCode;
Begin
Result:= func;
if func = nil then exit;
try
Code := func;
if (Code.jumplnstruction = $25FF) then begin
Result := Code.AddressOfPointerToFunction^;
end;
except
Result :=nil;
end;
end;
Procedure PermuteFunction(OldFuncpointer; NewFuncpointer);
var
written: DWORD;
begin
WriteProcessMemory(GetCurrentProcess,OldFunc,@NewFunc,4,written);
end;
function MyBoxA(hwn: hwnd; Iptext: pchar; Ipcapionchar; utype: cardinal): integer;stdcall;
begin
result :=OldMessageBoxA(hwn,'Succes Hook A!', Ipcapion,utype);
end;
procedure API_Hookup;
begin
if @OldMessageBoxA = nil then
@OldMessageBoxA := TrueFunctionAddress(@messageboxA);
PermuteFunction(FuncMessageboxA^.AddressOfPointerToFunction,@MyBoxA);
end;
procedure Un_API_Hook;
begin
if @OldMessageBoxA <> nil then begin
PermuteFunction(FuncMessageboxA^.AddressOfPointerToFunction,@OldMessageboxA);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
api_hookup;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
un_api_hook;
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
MessageBoxA(Form1.Handle,'NO HOOK UP A','MessageBoxA',MB_OK);
end;
initialization
FuncMessageboxA := @MessageboxA;
end.
//望高手指点,如有关于DELPHI方面的系统钩子例程,钩住WH_GETMESSAGE的,请发一个给我,
定另外加分。
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TlmportCode =packed record
Jumplnstruction: Word; //是$25FF,JUMP指令
AddressOfPointerToFunction: PPointer;//真正开始的地址
end;
PlmportCode = ^TlmportCode;
type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
Button3: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
type
TmessageA = function(hwn: hwnd; Iptext: pchar; Ipcapion
char; utype: cardinal): integer;stdcall;var
Form1: TForm1;
OldMessageBoxA: TmessageA;
FuncMessageboxA
lmportCode;implementation
{$R *.dfm}
function TrueFunctionAddress(func: Pointer): Pointer;
var
Code: PlmportCode;
Begin
Result:= func;
if func = nil then exit;
try
Code := func;
if (Code.jumplnstruction = $25FF) then begin
Result := Code.AddressOfPointerToFunction^;
end;
except
Result :=nil;
end;
end;
Procedure PermuteFunction(OldFunc
pointer; NewFuncpointer);var
written: DWORD;
begin
WriteProcessMemory(GetCurrentProcess,OldFunc,@NewFunc,4,written);
end;
function MyBoxA(hwn: hwnd; Iptext: pchar; Ipcapion
char; utype: cardinal): integer;stdcall;begin
result :=OldMessageBoxA(hwn,'Succes Hook A!', Ipcapion,utype);
end;
procedure API_Hookup;
begin
if @OldMessageBoxA = nil then
@OldMessageBoxA := TrueFunctionAddress(@messageboxA);
PermuteFunction(FuncMessageboxA^.AddressOfPointerToFunction,@MyBoxA);
end;
procedure Un_API_Hook;
begin
if @OldMessageBoxA <> nil then begin
PermuteFunction(FuncMessageboxA^.AddressOfPointerToFunction,@OldMessageboxA);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
api_hookup;
end;
procedure TForm1.Button2Click(Sender: TObject);
begin
un_api_hook;
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
MessageBoxA(Form1.Handle,'NO HOOK UP A','MessageBoxA',MB_OK);
end;
initialization
FuncMessageboxA := @MessageboxA;
end.
//望高手指点,如有关于DELPHI方面的系统钩子例程,钩住WH_GETMESSAGE的,请发一个给我,
定另外加分。