IATHook
阅读原文时间:2023年07月11日阅读:1

IATHookClass.h

#pragma once

#include

class IATHookClass
{
private:
DWORD oldAddr;
DWORD newAddr;

public:
BOOL Hook(char *apiName, DWORD callfunc);
BOOL UnHook(void);
};

IATHookClass.cpp

#include "IATHookClass.h"

BOOL IATHookClass::Hook(char *apiName, DWORD callfunc)
{
BOOL bOk = FALSE;
HMODULE hMod = GetModuleHandle(NULL);
IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + );
IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[].VirtualAddress);

 while (pImportDesc->FirstThunk)  
 {  
     char \*pszDllName = (char \*)((BYTE \*)hMod + pImportDesc->Name);  
     IMAGE\_THUNK\_DATA \*pThunk = (IMAGE\_THUNK\_DATA \*)((BYTE \*)hMod + pImportDesc->FirstThunk);  
     IMAGE\_THUNK\_DATA \*pThunkDesc = (IMAGE\_THUNK\_DATA \*)((BYTE \*)hMod + pImportDesc->OriginalFirstThunk);

     while (pThunkDesc->u1.Function)  
     {  
         if (!lstrcmpi(apiName, (char \*)((BYTE \*)hMod + (DWORD)pThunkDesc->u1.AddressOfData + )))  
         {  
             IATHookClass::oldAddr = pThunk->u1.Function;  
             IATHookClass::newAddr = (DWORD)callfunc;  
             DWORD dwOldProtect = ;

             VirtualProtect((LPVOID)&pThunk->u1.Function, , PAGE\_EXECUTE\_READWRITE, &dwOldProtect);  
             bOk = (pThunk->u1.Function = callfunc) ? TRUE : FALSE;  
             VirtualProtect((LPVOID)&pThunk->u1.Function, , dwOldProtect, &dwOldProtect);  
             CloseHandle(hMod);  
             return bOk;  
         }  
         pThunk++;  
         pThunkDesc++;  
     }  
     pImportDesc++;  
 }  
 CloseHandle(hMod);  
 return bOk;  

}

BOOL IATHookClass::UnHook(void)
{
BOOL bOk = FALSE;
HMODULE hMod = GetModuleHandle(NULL);
IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + );
IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[].VirtualAddress);

 while (pImportDesc->FirstThunk)  
 {  
     char \*pszDllName = (char \*)((BYTE \*)hMod + pImportDesc->Name);  
     IMAGE\_THUNK\_DATA \*pThunk = (IMAGE\_THUNK\_DATA \*)((BYTE \*)hMod + pImportDesc->FirstThunk);  
     while (pThunk->u1.Function)  
     {  
         if (IATHookClass::newAddr == pThunk->u1.Function)  
         {  
             DWORD dwOldProtect = ;  
             VirtualProtect((LPVOID)&pThunk->u1.Function, , PAGE\_EXECUTE\_READWRITE, &dwOldProtect);  
             bOk = (pThunk->u1.Function = IATHookClass::oldAddr) ? TRUE : FALSE;  
             VirtualProtect((LPVOID)&pThunk->u1.Function, , dwOldProtect, &dwOldProtect);  
             CloseHandle(hMod);  
             if (bOk)  
             {  
                 IATHookClass::newAddr = ;  
                 IATHookClass::oldAddr = ;  
             }  
             return bOk;  
         }  
     }  
 }  
 CloseHandle(hMod);  
 return bOk;  

}

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章