IATHookClass.h
#pragma once
#include
class IATHookClass
{
private:
DWORD oldAddr;
DWORD newAddr;
public:
BOOL Hook(char *apiName, DWORD callfunc);
BOOL UnHook(void);
};
IATHookClass.cpp
#include "IATHookClass.h"
BOOL IATHookClass::Hook(char *apiName, DWORD callfunc)
{
BOOL bOk = FALSE;
HMODULE hMod = GetModuleHandle(NULL);
IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + );
IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[].VirtualAddress);
while (pImportDesc->FirstThunk)
{
char \*pszDllName = (char \*)((BYTE \*)hMod + pImportDesc->Name);
IMAGE\_THUNK\_DATA \*pThunk = (IMAGE\_THUNK\_DATA \*)((BYTE \*)hMod + pImportDesc->FirstThunk);
IMAGE\_THUNK\_DATA \*pThunkDesc = (IMAGE\_THUNK\_DATA \*)((BYTE \*)hMod + pImportDesc->OriginalFirstThunk);
while (pThunkDesc->u1.Function)
{
if (!lstrcmpi(apiName, (char \*)((BYTE \*)hMod + (DWORD)pThunkDesc->u1.AddressOfData + )))
{
IATHookClass::oldAddr = pThunk->u1.Function;
IATHookClass::newAddr = (DWORD)callfunc;
DWORD dwOldProtect = ;
VirtualProtect((LPVOID)&pThunk->u1.Function, , PAGE\_EXECUTE\_READWRITE, &dwOldProtect);
bOk = (pThunk->u1.Function = callfunc) ? TRUE : FALSE;
VirtualProtect((LPVOID)&pThunk->u1.Function, , dwOldProtect, &dwOldProtect);
CloseHandle(hMod);
return bOk;
}
pThunk++;
pThunkDesc++;
}
pImportDesc++;
}
CloseHandle(hMod);
return bOk;
}
BOOL IATHookClass::UnHook(void)
{
BOOL bOk = FALSE;
HMODULE hMod = GetModuleHandle(NULL);
IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + );
IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[].VirtualAddress);
while (pImportDesc->FirstThunk)
{
char \*pszDllName = (char \*)((BYTE \*)hMod + pImportDesc->Name);
IMAGE\_THUNK\_DATA \*pThunk = (IMAGE\_THUNK\_DATA \*)((BYTE \*)hMod + pImportDesc->FirstThunk);
while (pThunk->u1.Function)
{
if (IATHookClass::newAddr == pThunk->u1.Function)
{
DWORD dwOldProtect = ;
VirtualProtect((LPVOID)&pThunk->u1.Function, , PAGE\_EXECUTE\_READWRITE, &dwOldProtect);
bOk = (pThunk->u1.Function = IATHookClass::oldAddr) ? TRUE : FALSE;
VirtualProtect((LPVOID)&pThunk->u1.Function, , dwOldProtect, &dwOldProtect);
CloseHandle(hMod);
if (bOk)
{
IATHookClass::newAddr = ;
IATHookClass::oldAddr = ;
}
return bOk;
}
}
}
CloseHandle(hMod);
return bOk;
}
手机扫一扫
移动阅读更方便
你可能感兴趣的文章