HOOK技术之InLineHOOK源代码

#include<Windows.h> #include<stdio.h> BYTE bSrcCode[9]; BOOL flag; DWORD dwRet; typedef struct { DWORD dwEax; DWORD dwEcx; DWORD dwEdx; DWORD dwEbx; DWORD dwEsi; DWORD dwEdi; DWORD dwEsp; DWORD dwEbp; }REG; REG reg; DWORD x; DWORD y; extern "C" VOID __declspec(naked) Hook() { __asm { pushad; pushfd; } __asm { mov reg.dwEax, eax; mov reg.dwEcx, ecx; mov reg.dwEdx, edx; mov reg.dwEbx, ebx; mov reg.dwEsi, esi; mov reg.dwEdi, edi; mov reg.dwEsp, esp; mov reg.dwEbp, ebp; mov eax, DWORD PTR SS : [esp + 0x28]; mov x, eax; mov eax, DWORD PTR SS : [esp + 0x2c]; mov y, eax; } MessageBoxA(0, 0, 0, 0); printf("x=%d\ny=%d\n", x, y); __asm { popfd; popad; } /*__asm { push ebp; mov ebp, esp; sub esp, 0xc0; }*/ __asm { jmp dwRet; } } int plus(int a, int b) { return a + b; } BOOL SetInlineHook(LPVOID dwAddress,LPVOID Hook,int size) { HANDLE hdProcess = GetCurrentProcess(); DWORD dwOldProtect; VirtualProtectEx(hdProcess, (LPVOID)dwAddress, 0X1000, PAGE_EXECUTE_READWRITE, &dwOldProtect); memcpy(bSrcCode, dwAddress, size); DWORD dwHook = (DWORD)Hook - ((DWORD)dwAddress + 5); memset(dwAddress, 0X90, size); memset(dwAddress, 0xe9, 1); memcpy(((BYTE*)dwAddress)+1, &dwHook, 4); DWORD temp; VirtualProtectEx(hdProcess, (LPVOID)dwAddress, 0X1000, dwOldProtect,&temp); flag = TRUE; return TRUE; } BOOL UnHook(LPVOID dwAddress) { if (flag) { DWORD dwOldProtect; VirtualProtectEx(GetCurrentProcess(), dwAddress, 0x1000, PAGE_EXECUTE_READWRITE, &dwOldProtect); memcpy(dwAddress, bSrcCode, 9); DWORD temp; VirtualProtectEx(GetCurrentProcess(), dwAddress, 0x1000, dwOldProtect,&temp); flag = FALSE; } return TRUE; } int main() { DWORD dwAddress = (DWORD)plus; dwRet = 0x411a80; SetInlineHook((LPVOID)dwAddress, Hook, 5); int sum=plus(1, 20); UnHook((LPVOID)dwAddress); int s = plus(10, 25); printf("%d", s); return 0; }