IAT_Hook.rar_hook资源-CSDN文库

共8个文件

cpp：2个

plg：1个

opt：1个

版权申诉

hook

77 浏览量 2022-09-24 06:48:53 上传评论收藏 9KB RAR 举报

资源详情

资源评论

资源推荐

收起资源包目录

IAT_Hook.rar （8个子文件）

IAT勾子

stdafx.cpp 208B

a.dsw 527B

stdafx.h 1KB

a.plg 1018B

a.ncb 49KB

b.cpp 3KB

a.opt 49KB

a.dsp 4KB

// IATHook.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include <windows.h> #include <imagehlp.h> #pragma comment(lib, "imagehlp.lib") #ifdef _DEBUG #define new DEBUG_NEW #endif // The one and only application object CWinApp theApp; //using namespace std; ////////////////////////////////////////////////////////////////////////////////////// char * szModName = NULL ; char * szHacked = "不好意思hook到了!" ; DWORD dwHookFun ; DWORD dwHookApiAddr; ULONG uSize ; PIMAGE_IMPORT_DESCRIPTOR pImportDesc ; PIMAGE_THUNK_DATA32 pThunk; ////////////////////////////////////////////////////////////////////////////////////// void MYhook() { __asm { mov esp,ebp push szHacked pop DWORD PTR [ebp+12] pop ebp jmp dwHookApiAddr } } ////////////////////////////////////////////////////////////////////////////////////// int _tmain(int argc, TCHAR* argv[], TCHAR* envp[]) { int nRetCode = 0; // initialize MFC and print and error on failure if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0)) { // TODO: change error code to suit your needs _tprintf(_T("Fatal Error: MFC initialization failed\n")); nRetCode = 1; } else { // TODO: code your application's behavior here. } HMODULE hInstance = GetModuleHandle(NULL); dwHookFun = (DWORD)MYhook; // 获取需要替代函数的地址 dwHookApiAddr = (DWORD)GetProcAddress(LoadLibrary("USER32.dll"), "MessageBoxA") ; //通过函数)ImageDirectoryEntryToData获得IAT pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hInstance, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &uSize) ; //找到要HOOK的函数所在的模块 while (pImportDesc->Name) { szModName = (char *)((PBYTE)hInstance+pImportDesc->Name) ; if (strcmp(szModName, "USER32.dll")==0) break ; pImportDesc++ ; } //原始的THUNK信息指针 int i=0; pThunk= (PIMAGE_THUNK_DATA32)((PBYTE)hInstance + pImportDesc->FirstThunk) ; for (; pThunk->u1.Function; pThunk++,i++) { if (pThunk->u1.Function== dwHookApiAddr) { VirtualProtect(&pThunk->u1.Function, 4096, PAGE_READWRITE, 0); pThunk->u1.Function = (DWORD)dwHookFun; break ; } } printf("%d\n",i); //要hook下面这个API MessageBoxA(0, "这是正常的!", "xicao", 0); return nRetCode; }