HookLib with lable dynamic code generating
2006-05-18 17:45
176 查看
#include<windows.h>
#include<stdio.h>
#include<libdasm.h>
#pragma comment(lib, "libdasm.lib")
int inst_len = 0;
FARPROC hAPI=NULL;
char *szInstruction=NULL;
PDWORD pHookFuncAddr;
void MB(LPTSTR pszInfo)
{
MessageBox(NULL, pszInfo, TEXT("alert"), MB_OK);
}
BOOL fRet=FALSE;
DWORD temp;
void __declspec(naked) HookFunc()
{
__asm
{
pushad
pushfd
}
__asm
{
lea eax, APISub
mov temp, eax
}
OutputDebugString(TEXT("This call comes from hookfunc\n"));
fRet=WriteProcessMemory(GetCurrentProcess(), (PVOID)temp, szInstruction,
inst_len, NULL);
if(!fRet)
{
printf("WriteProcessMemory failed with error %d", GetLastError());
}
hAPI=(FARPROC)((DWORD)hAPI+inst_len);
__asm
{
popfd
popad
}
APISub:
__asm
{
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
jmp hAPI
}
}
BOOL StartHook()
{
INSTRUCTION inst;
BOOL fRet=FALSE, fOk=FALSE;
int len, lenlimit=6;
BYTE *buf=(BYTE *)hAPI;
char szError[100];
char *newcode=NULL;
__try
{
do {
len = get_instruction(&inst, buf+inst_len, MODE_32);
inst_len += len;
} while (inst_len < lenlimit);
newcode=new char[inst_len];
if(NULL==newcode)
{
sprintf(szError, "new newcode fails with %d",GetLastError());
MB(szError);
__leave;
}
memset(newcode,0x90, inst_len);
newcode[0]=0xff;
newcode[1]=0x25;
newcode[2]=0x11;
newcode[3]=0x22;
newcode[4]=0x33;
newcode[5]=0x44;
pHookFuncAddr=(PDWORD)HookFunc;
*(PDWORD)&newcode[2]=(DWORD)(&pHookFuncAddr);
szInstruction=new char[inst_len];
if(NULL==newcode)
{
sprintf(szError, "new szInstruction fails with %d",GetLastError());
MB(szError);
__leave;
}
fRet=ReadProcessMemory(GetCurrentProcess(), hAPI, szInstruction, inst_len, NULL);
if(!fRet)
{
sprintf(szError, "ReadProcessMemory fails with %d",GetLastError());
MB(szError);
__leave;
}
fRet=WriteProcessMemory(GetCurrentProcess(), hAPI, newcode,
inst_len, NULL);
if(!fRet)
{
sprintf(szError, "WriteProcessMemory fails with %d",GetLastError());
MB(szError);
__leave;
}
fOk=TRUE;
}
__finally
{
delete[] newcode;
}
return fOk;
}
BOOL WINAPI DllMain(
HINSTANCE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved
)
{
HANDLE hFileMapping=FALSE;
PVOID pView=NULL;
TCHAR szModule[50], szAPI[50];
HINSTANCE hModule=NULL;
char szError[100];
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
__try
{
hFileMapping=OpenFileMapping(FILE_MAP_READ|FILE_MAP_WRITE, FALSE, TEXT("APISPY1.0"));
if(NULL==hFileMapping)
{
sprintf(szError, "OpenFileMapping fails with %d",GetLastError());
MB(szError);
__leave;
}
pView=MapViewOfFile(hFileMapping, FILE_MAP_WRITE, 0, 0, 0);
if(NULL==pView)
{
sprintf(szError, "MapViewOfFile fails with %d",GetLastError());
MB(szError);
__leave;
}
CopyMemory(szModule, pView, sizeof(szModule));
CopyMemory(szAPI, (PBYTE)pView+sizeof(szModule), sizeof(szAPI));
hModule=GetModuleHandle(szModule);
if(NULL==hModule)
{
sprintf(szError, "GetModuleHandle fails with %d",GetLastError());
MB(szError);
__leave;
}
hAPI=GetProcAddress(hModule, szAPI);
if(NULL==hAPI)
{
sprintf(szError, "GetProcAddress fails with %d",GetLastError());
MB(szError);
__leave;
}
StartHook();
}
__finally
{
if(pView!=NULL)
{
UnmapViewOfFile(pView);
}
if(hFileMapping!=NULL)
{
CloseHandle(hFileMapping);
}
}
break;
case DLL_PROCESS_DETACH:
delete[] szInstruction;
break;
}
return TRUE;
}
#include<stdio.h>
#include<libdasm.h>
#pragma comment(lib, "libdasm.lib")
int inst_len = 0;
FARPROC hAPI=NULL;
char *szInstruction=NULL;
PDWORD pHookFuncAddr;
void MB(LPTSTR pszInfo)
{
MessageBox(NULL, pszInfo, TEXT("alert"), MB_OK);
}
BOOL fRet=FALSE;
DWORD temp;
void __declspec(naked) HookFunc()
{
__asm
{
pushad
pushfd
}
__asm
{
lea eax, APISub
mov temp, eax
}
OutputDebugString(TEXT("This call comes from hookfunc\n"));
fRet=WriteProcessMemory(GetCurrentProcess(), (PVOID)temp, szInstruction,
inst_len, NULL);
if(!fRet)
{
printf("WriteProcessMemory failed with error %d", GetLastError());
}
hAPI=(FARPROC)((DWORD)hAPI+inst_len);
__asm
{
popfd
popad
}
APISub:
__asm
{
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
__emit 0x90
jmp hAPI
}
}
BOOL StartHook()
{
INSTRUCTION inst;
BOOL fRet=FALSE, fOk=FALSE;
int len, lenlimit=6;
BYTE *buf=(BYTE *)hAPI;
char szError[100];
char *newcode=NULL;
__try
{
do {
len = get_instruction(&inst, buf+inst_len, MODE_32);
inst_len += len;
} while (inst_len < lenlimit);
newcode=new char[inst_len];
if(NULL==newcode)
{
sprintf(szError, "new newcode fails with %d",GetLastError());
MB(szError);
__leave;
}
memset(newcode,0x90, inst_len);
newcode[0]=0xff;
newcode[1]=0x25;
newcode[2]=0x11;
newcode[3]=0x22;
newcode[4]=0x33;
newcode[5]=0x44;
pHookFuncAddr=(PDWORD)HookFunc;
*(PDWORD)&newcode[2]=(DWORD)(&pHookFuncAddr);
szInstruction=new char[inst_len];
if(NULL==newcode)
{
sprintf(szError, "new szInstruction fails with %d",GetLastError());
MB(szError);
__leave;
}
fRet=ReadProcessMemory(GetCurrentProcess(), hAPI, szInstruction, inst_len, NULL);
if(!fRet)
{
sprintf(szError, "ReadProcessMemory fails with %d",GetLastError());
MB(szError);
__leave;
}
fRet=WriteProcessMemory(GetCurrentProcess(), hAPI, newcode,
inst_len, NULL);
if(!fRet)
{
sprintf(szError, "WriteProcessMemory fails with %d",GetLastError());
MB(szError);
__leave;
}
fOk=TRUE;
}
__finally
{
delete[] newcode;
}
return fOk;
}
BOOL WINAPI DllMain(
HINSTANCE hinstDLL,
DWORD fdwReason,
LPVOID lpvReserved
)
{
HANDLE hFileMapping=FALSE;
PVOID pView=NULL;
TCHAR szModule[50], szAPI[50];
HINSTANCE hModule=NULL;
char szError[100];
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
__try
{
hFileMapping=OpenFileMapping(FILE_MAP_READ|FILE_MAP_WRITE, FALSE, TEXT("APISPY1.0"));
if(NULL==hFileMapping)
{
sprintf(szError, "OpenFileMapping fails with %d",GetLastError());
MB(szError);
__leave;
}
pView=MapViewOfFile(hFileMapping, FILE_MAP_WRITE, 0, 0, 0);
if(NULL==pView)
{
sprintf(szError, "MapViewOfFile fails with %d",GetLastError());
MB(szError);
__leave;
}
CopyMemory(szModule, pView, sizeof(szModule));
CopyMemory(szAPI, (PBYTE)pView+sizeof(szModule), sizeof(szAPI));
hModule=GetModuleHandle(szModule);
if(NULL==hModule)
{
sprintf(szError, "GetModuleHandle fails with %d",GetLastError());
MB(szError);
__leave;
}
hAPI=GetProcAddress(hModule, szAPI);
if(NULL==hAPI)
{
sprintf(szError, "GetProcAddress fails with %d",GetLastError());
MB(szError);
__leave;
}
StartHook();
}
__finally
{
if(pView!=NULL)
{
UnmapViewOfFile(pView);
}
if(hFileMapping!=NULL)
{
CloseHandle(hFileMapping);
}
}
break;
case DLL_PROCESS_DETACH:
delete[] szInstruction;
break;
}
return TRUE;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- C# zip/unzip with ICSharpCode.SharpZipLib
- 解决svn错误:post-commit hook failed (exit code 1) with output.
- R code for generating standard normals using Metropolis sampler with uniform proposal distribution
- 解决svn错误:post-commit hook failed (exit code 1) with output.
- Warning: post-commit hook failed (exit code 255) with no output
- matplotlib InstallationError: Command python setup.py egg_info failed with error code 1
- Stevedore - (Dynamic Code Patterns: Extending Your Applications with Plugins)
- svn post-commit hook faild(exit code 1) with output /Username not found 错误
- libWeChatSDK.a 文件编译报错 linker command failed with exit code 1 (use -v to see invocation)
- linux系统post-commit hook failed (exit code 255) with no output的终极解决方案
- C# 利用ICSharpCode.SharpZipLib实现在线压缩和解压缩
- ASP.NET: Custom AutoCompleteTextBox WebControl [With Source Code]
- 应用程序出现挂死,.NET Runtime at IP 791F7E06 (79140000) with exit code 80131506.
- MS SQL错误:SQL Server failed with error code 0xc0000000 to spawn a thread to process a new login or connection. Check the SQL Server error log and the Windows event logs for information about possible related problems
- 解决error: linker command failed with exit code 1类似的错误
- using-ef-code-first-with-an-existing-database
- iOS copying failed with exit code 6
- Command /usr/bin/codesign failed with exit code 1
- error: linker command failed with exit code 1 (use -v to see invocation)
- OC笔记-学习self时候2个target然后修改名字出现linker command failed with exit code 1 (use -v to see invocation)