C++ Api Hook 类
时间:2010-04-01 来源:HelloFHunter
// 头文件
// ApiHook.h: interface for the CApiHook class.
#ifndef API_HOOK_H
#define API_HOOK_H
class CApiHook
{
public :
HANDLE hProc ;
Unlock ();
Lock ();
BOOL Initialize ( LPCTSTR lpLibFileName , LPCTSTR lpProcName , FARPROC lpNewFunc );
void SetHookOn ( void );
void SetHookOff ( void );
CApiHook ();
virtual ~ CApiHook ();
protected :
BYTE m_OldFunc [ 8 ];
BYTE m_NewFunc [ 8 ];
FARPROC m_lpHookFunc ;
CRITICAL_SECTION m_cs ;
};
#endif
// 实现文件
// ApiHook.cpp: implementation of the CApiHook class.
#include "stdafx.h"
#include "ApiHook.h"
#include < stdio . h >
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
#define OPEN_FLAGS ( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE )
CApiHook :: CApiHook ()
{
InitializeCriticalSection (& m_cs );
}
CApiHook ::~ CApiHook ()
{
CloseHandle ( hProc );
DeleteCriticalSection (& m_cs );
}
void CApiHook :: SetHookOn ( void )
{
DWORD dwOldFlag ;
if ( WriteProcessMemory ( hProc , m_lpHookFunc , m_NewFunc , 5 , 0 ))
{
return ;
}
MessageBox ( NULL , "SetHookOn" , "fail" , MB_OK );
return ;
}
void CApiHook :: SetHookOff ( void )
{
DWORD dwOldFlag ;
if ( WriteProcessMemory ( hProc , m_lpHookFunc , m_OldFunc , 5 , 0 ))
{
return ;
}
MessageBox ( NULL , "SetHookOff" , "fail" , MB_OK );
return ;
}
BOOL CApiHook :: Initialize ( LPCTSTR lpLibFileName , LPCTSTR lpProcName , FARPROC lpNewFunc )
{
HMODULE hModule ;
hModule = LoadLibrary ( lpLibFileName );
if ( NULL == hModule )
return FALSE ;
m_lpHookFunc = GetProcAddress ( hModule , lpProcName );
if ( NULL == m_lpHookFunc )
return FALSE ;
DWORD dwProcessID = GetCurrentProcessId ();
DWORD dwOldFlag ;
hProc = GetCurrentProcess ( /*OPEN_FLAGS,0,dwProcessID*/ );
if ( hProc == NULL )
{
MessageBox ( NULL , "Initialize.OpenProcess" , "fail" , MB_OK );
return FALSE ;
}
if ( ReadProcessMemory ( hProc , m_lpHookFunc , m_OldFunc , 5 , 0 ))
{
m_NewFunc [ 0 ]= 0xe9 ;
DWORD * pNewFuncAddress ;
pNewFuncAddress =( DWORD *)& m_NewFunc [ 1 ];
* pNewFuncAddress =( DWORD ) lpNewFunc -( DWORD ) m_lpHookFunc - 5 ;
return TRUE ;
}
MessageBox ( NULL , "Initialize" , "fail" , MB_OK );
return FALSE ;
}
CApiHook :: Lock ()
{
EnterCriticalSection (& m_cs );
}
CApiHook :: Unlock ()
{
LeaveCriticalSection (& m_cs );
}
http://www.yulv.net/archives/65/
// ApiHook.h: interface for the CApiHook class.
#ifndef API_HOOK_H
#define API_HOOK_H
class CApiHook
{
public :
HANDLE hProc ;
Unlock ();
Lock ();
BOOL Initialize ( LPCTSTR lpLibFileName , LPCTSTR lpProcName , FARPROC lpNewFunc );
void SetHookOn ( void );
void SetHookOff ( void );
CApiHook ();
virtual ~ CApiHook ();
protected :
BYTE m_OldFunc [ 8 ];
BYTE m_NewFunc [ 8 ];
FARPROC m_lpHookFunc ;
CRITICAL_SECTION m_cs ;
};
#endif
// 实现文件
// ApiHook.cpp: implementation of the CApiHook class.
#include "stdafx.h"
#include "ApiHook.h"
#include < stdio . h >
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
#define OPEN_FLAGS ( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE )
CApiHook :: CApiHook ()
{
InitializeCriticalSection (& m_cs );
}
CApiHook ::~ CApiHook ()
{
CloseHandle ( hProc );
DeleteCriticalSection (& m_cs );
}
void CApiHook :: SetHookOn ( void )
{
DWORD dwOldFlag ;
if ( WriteProcessMemory ( hProc , m_lpHookFunc , m_NewFunc , 5 , 0 ))
{
return ;
}
MessageBox ( NULL , "SetHookOn" , "fail" , MB_OK );
return ;
}
void CApiHook :: SetHookOff ( void )
{
DWORD dwOldFlag ;
if ( WriteProcessMemory ( hProc , m_lpHookFunc , m_OldFunc , 5 , 0 ))
{
return ;
}
MessageBox ( NULL , "SetHookOff" , "fail" , MB_OK );
return ;
}
BOOL CApiHook :: Initialize ( LPCTSTR lpLibFileName , LPCTSTR lpProcName , FARPROC lpNewFunc )
{
HMODULE hModule ;
hModule = LoadLibrary ( lpLibFileName );
if ( NULL == hModule )
return FALSE ;
m_lpHookFunc = GetProcAddress ( hModule , lpProcName );
if ( NULL == m_lpHookFunc )
return FALSE ;
DWORD dwProcessID = GetCurrentProcessId ();
DWORD dwOldFlag ;
hProc = GetCurrentProcess ( /*OPEN_FLAGS,0,dwProcessID*/ );
if ( hProc == NULL )
{
MessageBox ( NULL , "Initialize.OpenProcess" , "fail" , MB_OK );
return FALSE ;
}
if ( ReadProcessMemory ( hProc , m_lpHookFunc , m_OldFunc , 5 , 0 ))
{
m_NewFunc [ 0 ]= 0xe9 ;
DWORD * pNewFuncAddress ;
pNewFuncAddress =( DWORD *)& m_NewFunc [ 1 ];
* pNewFuncAddress =( DWORD ) lpNewFunc -( DWORD ) m_lpHookFunc - 5 ;
return TRUE ;
}
MessageBox ( NULL , "Initialize" , "fail" , MB_OK );
return FALSE ;
}
CApiHook :: Lock ()
{
EnterCriticalSection (& m_cs );
}
CApiHook :: Unlock ()
{
LeaveCriticalSection (& m_cs );
}
http://www.yulv.net/archives/65/
相关阅读 更多 +
