#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include "HookApi.h"
//API HOOK方式
#define APIHOOK16
//SOCKS代理配置文件
#define CONFIG_FILE "C:\\SocksCap.ini"
#define TEST_FILE "C:\\test.ini"
//SOCKET类型
#define SOCKET_TYPE_TCP 0
#define SOCKET_TYPE_UDP 1
#ifdef APIHOOK16
#include "apihook16.h"
#define CAPIHook CHOOKAPI
#else
#include "apihook32.h"
#define CAPIHook CHOOKAPI
#endif
#include "socks.h"
#pragma comment(lib, "ws2_32.lib")
//ws2_32.dll中的函数声明
SOCKET WINAPI __stdcall socket_ws2_32(int af, int type, int protocol);
int WINAPI __stdcall connect_ws2_32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall bind_ws2_32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall listen_ws2_32(SOCKET s, int backlog);
SOCKET WINAPI __stdcall accept_ws2_32(SOCKET s, struct sockaddr FAR* addr, int FAR* addrlen);
int WINAPI __stdcall closesocket_ws2_32(SOCKET s);
//wsock32.dll中的函数声明
SOCKET WINAPI __stdcall socket_wsock32(int af, int type, int protocol);
int WINAPI __stdcall connect_wsock32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall bind_wsock32(SOCKET s, const struct sockaddr FAR* name, int namelen);
int WINAPI __stdcall listen_wsock32(SOCKET s, int backlog);
SOCKET WINAPI __stdcall accept_wsock32(SOCKET s, struct sockaddr FAR* addr, int FAR* addrlen);
int WINAPI __stdcall closesocket_wsock32(SOCKET s);
//ws2_32.dll 钩住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_ws2_32;
CAPIHook g_hook_connect_ws2_32;
CAPIHook g_hook_bind_ws2_32;
CAPIHook g_hook_listen_ws2_32;
CAPIHook g_hook_accept_ws2_32;
CAPIHook g_hook_closesocket_ws2_32;
//wsock32.dll 勾住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_wsock32;
CAPIHook g_hook_connect_wsock32;
CAPIHook g_hook_bind_wsock32;
CAPIHook g_hook_listen_wsock32;
CAPIHook g_hook_accept_wsock32;
CAPIHook g_hook_closesocket_wsock32;
/*
//ws2_32.dll 钩住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_ws2_32("ws2_32.dll", "socket", (FARPROC)socket_ws2_32);
CAPIHook g_hook_connect_ws2_32("ws2_32.dll", "connect", (FARPROC)connect_ws2_32);
CAPIHook g_hook_bind_ws2_32("ws2_32.dll", "bind", (FARPROC)bind_ws2_32);
CAPIHook g_hook_listen_ws2_32("ws2_32.dll", "listen", (FARPROC)listen_ws2_32);
CAPIHook g_hook_accept_ws2_32("ws2_32.dll", "accept", (FARPROC)accept_ws2_32);
CAPIHook g_hook_closesocket_ws2_32("ws2_32.dll", "closesocket", (FARPROC)closesocket_ws2_32);
//wsock32.dll 勾住这些函数 / 类对象化 / 构造函数初始化
CAPIHook g_hook_socket_wsock32("wsock32.dll", "socket", (FARPROC)socket_wsock32);
CAPIHook g_hook_connect_wsock32("wsock32.dll", "connect", (FARPROC)connect_wsock32);
CAPIHook g_hook_bind_wsock32("wsock32.dll", "bind", (FARPROC)bind_wsock32);
CAPIHook g_hook_listen_wsock32("wsock32.dll", "listen", (FARPROC)listen_wsock32);
CAPIHook g_hook_accept_wsock32("wsock32.dll", "accept", (FARPROC)accept_wsock32);
CAPIHook g_hook_closesocket_wsock32("wsock32.dll", "closesocket", (FARPROC)closesocket_wsock32);
*/
// 定义API挂接项结构
typedef struct _HOOK_ITEM {
DWORD dwAddr ; // IAT项所在地址
DWORD dwOldValue ; // IAT项的原始函数地址
DWORD dwNewValue ; // IAT项的新函数地址
} HOOK_ITEM, *PHOOK_ITEM ;
HOOK_ITEM HookItem = {0} ; // 定义IAT项,用于保存MessageBoxA的IAT项信息
//重定向
BOOL WINAPI RedirectApi ( PCHAR pDllName, PCHAR pFunName, DWORD dwNewProc, PHOOK_ITEM pItem )
{
// 检查参数是否合法
if ( pDllName == NULL || pFunName == NULL || !dwNewProc || !pItem )
return FALSE ;
// 检测目标模块是否存在
char szTempDllName[256] = {0} ;
DWORD dwBaseImage = (DWORD)GetModuleHandle(NULL) ;
if ( dwBaseImage == 0 )
return FALSE ;
// 取得PE文件头信息指针
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)dwBaseImage ;
PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)(dwBaseImage + (pDosHeader->e_lfanew)) ;
PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = &(pNtHeader->OptionalHeader) ;
PIMAGE_SECTION_HEADER pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pNtHeader + 0x18 + pNtHeader->FileHeader.SizeOfOptionalHeader ) ;
// 遍历导入表
PIMAGE_THUNK_DATA pThunk, pIAT ;
PIMAGE_IMPORT_DESCRIPTOR pIID = (PIMAGE_IMPORT_DESCRIPTOR)(dwBaseImage+pOptionalHeader->DataDirectory[1].VirtualAddress ) ;
while ( pIID->FirstThunk )
{
// 检测是否目标模块
if ( strcmp ( (PCHAR)(dwBaseImage+pIID->Name), pDllName ) )
{
pIID++ ;
continue ;
}
pIAT = (PIMAGE_THUNK_DATA)( dwBaseImage + pIID->FirstThunk ) ;
if ( pIID->OriginalFirstThunk )
pThunk = (PIMAGE_THUNK_DATA)( dwBaseImage + pIID->OriginalFirstThunk ) ;
else
pThunk = pIAT ;
// 遍历IAT
DWORD dwThunkValue = 0 ;
while ( ( dwThunkValue = *((DWORD*)pThunk) ) != 0 )
{
if ( ( dwThunkValue & IMAGE_ORDINAL_FLAG32 ) == 0 )
{
// 检测是否目标函数
if ( strcmp ( (PCHAR)(dwBaseImage+dwThunkValue+2), pFunName ) == 0 )
{
// 填充函数重定向信息
pItem->dwAddr = (DWORD)pIAT ;
pItem->dwOldValue = *((DWORD*)pIAT) ;
pItem->dwNewValue = dwNewProc;
// 修改IAT项
DWORD dwOldProtect = 0 ;
VirtualProtect ( pIAT, 4, PAGE_READWRITE, &dwOldProtect ) ;
*((DWORD*)pIAT) = dwNewProc ;
VirtualProtect ( pIAT, 4, PAGE_READWRITE, &dwOldProtect ) ;
return TRUE ;
}
}
pThunk ++ ;
pIAT ++ ;
}
pIID ++ ;
}
return FALSE ;
}
//SOCKET信息结构
typedef struct _SOCKET_INFO {
int nProxySocket; //代理SOCKET
int nNomalSocket; //正常SOCKET
int nType; //SOCKET类型(TCP/UDP)
} SOCKET_INFO;
static SOCKET_INFO g_SocketList[1024] = {0}; //SOCKET信息列表
static int g_nIndex = 0; //SOCKET信息列表索引
//向列表中插入SOCKET信息
VOID ins_list(const SOCKET_INFO socket_info)
{
int i = 0;
if (g_nIndex >= 1024)
g_nIndex = 0;
for (i=0; i<g_nIndex; i++) {
if (memcmp(&socket_info, &g_SocketList[i], sizeof(SOCKET_INFO)) == 0)
return; //已经在list中了
}
memcpy(&g_SocketList[g_nIndex], &socket_info, sizeof(SOCKET_INFO));
g_nIndex++;
}
//从列表中删除SOCKET信息
VOID del_list(const int nSocket)
{
int i = 0;
SOCKET_INFO *socket_info = NULL;
for (i=0; i<g_nIndex; i++) {
socket_info = &g_SocketList[i];
if (socket_info->nProxySocket == nSocket) {
closesocket(socket_info->nProxySocket);
closesocket(socket_info->nNomalSocket);
g_nIndex--;
if (i < g_nIndex)
memcpy(socket_info, &g_SocketList[g_nIndex], sizeof(SOCKET_INFO));
memset(&g_SocketList[g_nIndex], 0, sizeof(SOCKET_INFO));
break;
}
}
}
//从列表中匹配SOCKET
SOCKET_INFO *find_list(const int nSocket)
{
int i = 0;
SOCKET_INFO *socket_info = NULL;
for (i=0; i<g_nIndex; i++) {
socket_info = &g_SocketList[i];
if (socket_info->nProxySocket == nSocket) {
return socket_info;
}
}
return socket_info;
}
//socket()
SOCKET WINAPI __stdcall socket_ws2_32(int af, int type, int protocol)
{
WritePrivateProfileString(
"TESTOUT", // section name
"str", // key name
"run in here 100", // string to add
TEST_FILE // initialization file
);
#ifdef APIHOOK16
g_hook_socket_ws2_32.UnHook();
g_hook_connect_ws2_32.UnHook();
#endif
char szSocksHost[MAX_PATH] = {0};
char szSocksPort[MAX_PATH] = {0};
char szUser[MAX_PATH] = {0};
char szPass[MAX_PATH] = {0};
SOCKET nSocket = INVALID_SOCKET;
//获取SOCKS代理配置 在SocksConfig.ini中
GetPrivateProfileString("SOCKS-SERVER", "ADDRESS", "\0", szSocksHost, sizeof(szSocksHost)-1, CONFIG_FILE);
GetPrivateProfileString("SOCKS-SERVER", "PORT", "1080", szSocksPort, sizeof(szSocksPort)-1, CONFIG_FILE);
APIHook例子 hook api
4星 · 超过85%的资源 需积分: 35 107 浏览量
2009-06-06
15:25:32
上传
评论
收藏 1.29MB RAR 举报 
ApiHook.rar (25个子文件) 
ApiHook 
Socks.cpp 8KB main.cpp 15KB RedirectApi.cpp 4KB HookApi.cpp 1KB HookApi.h 2KB ApiHook.plg 1KB Socks.h 353B ApiHook.dsw 537B ApiHook.ncb 65KB ApiHook16.h 1KB Debug vc60.pdb 84KB ApiHook.dll 236KB vc60.idb 161KB ApiHook.pch 3.49MB Socks.obj 21KB ApiHook.pdb 737KB ApiHook16.obj 14KB main.obj 57KB ApiHook32.obj 23KB ApiHook.ilk 339KB ApiHook.dsp 4KB ApiHook.opt 66KB ApiHook16.cpp 3KB ApiHook32.h 1KB ApiHook32.cpp 6KB
- 1
- 2
前往页