HOOK-IAT.rar_IAT_iathook_peiat_pe入口点hook

共10个文件

pdb：2个

dsw：1个

exe：1个

版权申诉

69 浏览量 2022-09-24 07:33:01 上传评论收藏 116KB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

HOOK-IAT.rar （10个子文件）

HOOK IAT

HOOK.dsw 533B

HOOK.dsp 4KB

HOOK.ncb 41KB

HOOK.plg 242B

main.cpp 3KB

HOOK.opt 53KB

Debug

HOOK.pdb 433KB

main.obj 16KB

HOOK.exe 168KB

vc60.pdb 76KB

#include <windows.h> #include <stdio.h> BOOL sethook(HMODULE hMod); BOOL unhook(HMODULE hMod); typedef int(WINAPI *PFNMESSAGEBOX)(HWND,LPCSTR,LPCSTR,UINT uType); PROC g_orgProc=(PROC)MessageBoxA; int WINAPI WinMain( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd ) { sethook(::GetModuleHandle(NULL)); ::MessageBoxA(NULL,"原函数","02",0); unhook(::GetModuleHandle(NULL)); ::MessageBoxA(NULL,"原函数","02",0); return TRUE; } int WINAPI MyMessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType) { //return((PFNMESSAGEBOX)g_orgProc)(hWnd,"新函数","02",uType); return Beep(500,500); } BOOL sethook(HMODULE hMod) { IMAGE_DOS_HEADER *pDosHeader=(IMAGE_DOS_HEADER*)hMod; IMAGE_OPTIONAL_HEADER *pOptHeader=(IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod+pDosHeader->e_lfanew+24); IMAGE_IMPORT_DESCRIPTOR *pImportDesc=(IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod+pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); while (pImportDesc->FirstThunk) { char * pszDllName =(char *)((BYTE *)hMod+pImportDesc->Name); if (lstrcmpiA(pszDllName,"user32.dll")==0) { break; } pImportDesc++; } if (pImportDesc->FirstThunk) { IMAGE_THUNK_DATA *pThunk=(IMAGE_THUNK_DATA *)((BYTE *)hMod+pImportDesc->FirstThunk); while(pThunk->u1.Function) { DWORD * lpAddr=(DWORD *)&(pThunk->u1.Function); if (*lpAddr==(DWORD)g_orgProc) { DWORD * lpNewProc=(DWORD *)MyMessageBoxA; ::WriteProcessMemory(GetCurrentProcess(),lpAddr,&lpNewProc,sizeof(DWORD),NULL); return TRUE; } pThunk++; } } return FALSE; } BOOL unhook(HMODULE hMod) { IMAGE_DOS_HEADER *pDosHeader=(IMAGE_DOS_HEADER*)hMod; IMAGE_OPTIONAL_HEADER *pOptHeader=(IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod+pDosHeader->e_lfanew+24); IMAGE_IMPORT_DESCRIPTOR *pImportDesc=(IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod+pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); while (pImportDesc->FirstThunk) { char * pszDllName =(char *)((BYTE *)hMod+pImportDesc->Name); if (lstrcmpiA(pszDllName,"user32.dll")==0) { break; } pImportDesc++; } if (pImportDesc->FirstThunk) { IMAGE_THUNK_DATA *pThunk=(IMAGE_THUNK_DATA *)((BYTE *)hMod+pImportDesc->FirstThunk); while(pThunk->u1.Function) { DWORD * lpAddr=(DWORD *)&(pThunk->u1.Function); if (*lpAddr!=(DWORD)g_orgProc) { ::WriteProcessMemory(GetCurrentProcess(),lpAddr,&g_orgProc,sizeof(DWORD),NULL); return TRUE; } pThunk++; } } return FALSE; }

评论收藏

内容反馈

版权申诉