APIHOOK学习笔记(二)
HOOK MessageBoxA这个API笔记一:https://www.52hb.com/thread-20831-1-1.html
看代码
#include <iostream>
#include <windows.h>
using namespace std;
void MyApi(int Phwnd,LPCSTR lpText,LPCSTR lpCaption,int Style)
{
cout << "拦截到MessageBoxA函数调用" << endl;
cout << "窗口句柄:" << Phwnd << endl ;
cout << "窗口内容:" << lpText << endl ;
cout << "窗口标题:" << lpCaption << endl ;
cout << "窗口风格:" << Style << endl;
}
int main()
{
HMODULE h;
int pt;
h = LoadLibrary("user32.dll"); ///装载user32.dll
pt = int(GetProcAddress(h,"MessageBoxA")); ///得到MessageBoxA的地址
unsigned char code = {184,0,0,0,0,255,224}; ///mov eax,0000 jmp eax
unsigned char oldcode; ///保留原始代码,等下还原
int addr = int(&MyApi); ///取我们自己的子程序的地址
memcpy (&code,&addr,4); ///把我们mov eax,0000的0000换成我们自己的子程序地址
VirtualProtect (LPVOID(pt),7,PAGE_EXECUTE_READWRITE,0); ///修改虚拟保护,7个字节就够了
ReadProcessMemory (HANDLE(-1),LPVOID(pt),&oldcode,7,0); ///先保留原始代码,留着还原
WriteProcessMemory (HANDLE(-1),LPVOID(pt),&code,7,0); ///修改MessageBoxA的函数头部为 mov eax,我们的子程序 jmp eax
MessageBoxA(0,"Hello Wolrd","APIHOOK Is Very Good",0); ///调用MessageBoxA函数,OK HOOK成功
WriteProcessMemory (HANDLE(-1),LPVOID(pt),&oldcode,7,0); ///还原函数头部,等下你再写个MessageBoxA就可以正确调用了
return 0;
}
很详细的笔记,赞一个! 666,前排支持点赞! {:5_121:}虽然看补懂还是来顶顶 楼主最好写个文章用到实战上,比方说逆向某软件,如何写HOOK函数,如何注入,如何兼容。{:6_221:} 特别感谢您的分享!!! 支持一下,虽然菜鸟不会
页:
[1]