Delphi 汇编 APIHook 模板可任意扩展,编译后7.5k
本帖最后由 lofullen 于 2018-8-28 14:45 编辑本代码仅供学习。
相关代码组件正在打包中,随后上传!
**** Hidden Message *****
**** Hidden Message *****
进程间内存共享
unit UIPCShared;
interface
uses
Windows;
const
IPC_SHARED_MMF = '{34F673E0-878F-11D5-B98A-00B0D07B8C7C}';
IPC_SHARED_MUTEX = '{34F673E1-878F-11D5-B98A-00B0D07B8C7C}';
function IsExistIPCMMF():BOOL;
function CreateIPCMMF():BOOL;
function OpenIPCMMF():BOOL;
function CloseIPCMMF():BOOL;
function ReadIPCMMF(lpBuffer: Pointer; var dwBufSize: ULONG):BOOL;
function WriteIPCMMF(const lpBuffer: Pointer; const dwBufSize: ULONG):BOOL;
function LockIPCMMF():BOOL;
function UnLockIPCMMF():BOOL;
implementation
var
m_hFileMap : Thandle = 0;
m_hMutex : Thandle = 0;
function IsExistIPCMMF():BOOL;
begin
Result:= (m_hFileMap > 0);
end;
function CreateIPCMMF():BOOL;
begin
if not IsExistIPCMMF then begin
m_hFileMap:= CreateFileMappingA(INVALID_HANDLE_VALUE,
nil,
PAGE_READWRITE,
0,
4096, // <- memory size 4mb
IPC_SHARED_MMF);
end;
Result:= IsExistIPCMMF;
end;
function OpenIPCMMF():BOOL;
begin
if not IsExistIPCMMF then begin
m_hFileMap:= OpenFileMappingA(FILE_MAP_READ or FILE_MAP_WRITE,
FALSE,
IPC_SHARED_MMF);
end;
Result:= IsExistIPCMMF;
end;
function CloseIPCMMF():BOOL;
begin
if IsExistIPCMMF then begin
CloseHandle(m_hFileMap); m_hFileMap:= 0;
end;
Result:= not IsExistIPCMMF;
end;
function ReadIPCMMF(lpBuffer: Pointer; var dwBufSize: ULONG):BOOL;
var
pMMFPtr: Pointer;
begin
Result:= FALSE;
if IsExistIPCMMF then begin
pMMFPtr:= MapViewOfFile(m_hFileMap,
FILE_MAP_READ or FILE_MAP_WRITE,
0, 0, 0);
if Assigned(pMMFPtr) then begin
Move (pMMFPtr^, dwBufSize, SizeOf(ULONG)); //todo: RtlMoveMemory(@dwBufSize, pMMFPtr, SizeOf(ULONG));
if dwBufSize > 0 then begin
Move (Pointer(ULONG(pMMFPtr) + SizeOf(ULONG))^, lpBuffer^, dwBufSize); //todo: RtlMoveMemory(lpBuffer, Pointer(ULONG(pMMFPtr) + SizeOf(ULONG)), dwBufSize);
Result:= TRUE;
end;
UnmapViewOfFile(pMMFPtr);
end;
end;
end;
function WriteIPCMMF(const lpBuffer: Pointer; const dwBufSize: ULONG):BOOL;
var
pMMFPtr: Pointer;
begin
Result:= FALSE;
if IsExistIPCMMF then begin
pMMFPtr:= MapViewOfFile(m_hFileMap,
FILE_MAP_READ or FILE_MAP_WRITE,
0, 0, 0);
if Assigned(pMMFPtr) then begin
Move (dwBufSize, pMMFPtr^, SizeOf(ULONG)); //todo: RtlMoveMemory(pMMFPtr, @dwBufSize, SizeOf(ULONG));
if dwBufSize > 0 then begin
Move (lpBuffer^, Pointer(ULONG(pMMFPtr) + SizeOf(ULONG))^, dwBufSize); //todo: RtlMoveMemory(Pointer(ULONG(pMMFPtr) + SizeOf(ULONG)), lpBuffer, dwBufSize);
Result:= TRUE;
end;
UnmapViewOfFile(pMMFPtr);
end;
end;
end;
function LockIPCMMF():BOOL;
begin
Result:= FALSE;
m_hMutex:= CreateMutexA(nil, 0, IPC_SHARED_MUTEX);
if m_hMutex > 0 then begin
if (WaitForSingleObject(m_hMutex, INFINITE) = WAIT_OBJECT_0) then
Result:= TRUE;
end;
end;
function UnLockIPCMMF():BOOL;
begin
Result:= FALSE;
If m_hMutex > 0 then begin
ReleaseMutex(m_hMutex); CloseHandle(m_hMutex);
m_hMutex:= 0; Result:= TRUE;
end;
end;
end.
LDE32 opcode 汇编指令检测
unit LDE32;
interface
uses
Windows;
const
C_ERROR = $FFFFFFFF;
C_OK = $00000000;
C_PREFIX = $00000001;
C_66 = $00000002;
C_67 = $00000004;
C_DATA66 = $00000008;
C_DATA1 = $00000010;
C_DATA2 = $00000020;
C_DATA4 = $00000040;
C_MEM67 = $00000080;
C_MEM1 = $00000100;
C_MEM2 = $00000200;
C_MEM4 = $00000400;
C_MODRM = $00000800;
C_DATAW0 = $00001000;
C_FUCKINGTEST = $00002000;
C_TABLE_0F = $00004000;
OpcodeFlags: Array [$00..$FF] of ULONG =
(
C_MODRM, //$00
C_MODRM, //$01
C_MODRM, //$02
C_MODRM, //$03
C_DATAW0, //$04
C_DATAW0, //$05
C_OK, //$06
C_OK, //$07
C_MODRM, //$08
C_MODRM, //$09
C_MODRM, //$0A
C_MODRM, //$0B
C_DATAW0, //$0C
C_DATAW0, //$0D
C_OK, //$0E
C_TABLE_0F, //$0F
C_MODRM, //$10
C_MODRM, //$11
C_MODRM, //$12
C_MODRM, //$13
C_DATAW0, //$14
C_DATAW0, //$15
C_OK, //$16
C_OK, //$17
C_MODRM, //$18
C_MODRM, //$19
C_MODRM, //$1A
C_MODRM, //$1B
C_DATAW0, //$1C
C_DATAW0, //$1D
C_OK, //$1E
C_OK, //$1F
C_MODRM, //$20
C_MODRM, //$21
C_MODRM, //$22
C_MODRM, //$23
C_DATAW0, //$24
C_DATAW0, //$25
C_PREFIX, //$26
C_OK, //$27
C_MODRM, //$28
C_MODRM, //$29
C_MODRM, //$2A
C_MODRM, //$2B
C_DATAW0, //$2C
C_DATAW0, //$2D
C_PREFIX, //$2E
C_OK, //$2F
C_MODRM, //$30
C_MODRM, //$31
C_MODRM, //$32
C_MODRM, //$33
C_DATAW0, //$34
C_DATAW0, //$35
C_PREFIX, //$36
C_OK, //$37
C_MODRM, //$38
C_MODRM, //$39
C_MODRM, //$3A
C_MODRM, //$3B
C_DATAW0, //$3C
C_DATAW0, //$3D
C_PREFIX, //$3E
C_OK, //$3F
C_OK, //$40
C_OK, //$41
C_OK, //$42
C_OK, //$43
C_OK, //$44
C_OK, //$45
C_OK, //$46
C_OK, //$47
C_OK, //$48
C_OK, //$49
C_OK, //$4A
C_OK, //$4B
C_OK, //$4C
C_OK, //$4D
C_OK, //$4E
C_OK, //$4F
C_OK, //$50
C_OK, //$51
C_OK, //$52
C_OK, //$53
C_OK, //$54
C_OK, //$55
C_OK, //$56
C_OK, //$57
C_OK, //$58
C_OK, //$59
C_OK, //$5A
C_OK, //$5B
C_OK, //$5C
C_OK, //$5D
C_OK, //$5E
C_OK, //$5F
C_OK, //$60
C_OK, //$61
C_MODRM, //$62
C_MODRM, //$63
C_PREFIX, //$64
C_PREFIX, //$65
C_PREFIX+C_66, //$66
C_PREFIX+C_67, //$67
C_DATA66, //$68
C_MODRM+C_DATA66, //$69
C_DATA1, //$6A
C_MODRM+C_DATA1,//$6B
C_OK, //$6C
C_OK, //$6D
C_OK, //$6E
C_OK, //$6F
C_DATA1, //$70
C_DATA1, //$71
C_DATA1, //$72
C_DATA1, //$73
C_DATA1, //$74
C_DATA1, //$75
C_DATA1, //$76
C_DATA1, //$77
C_DATA1, //$78
C_DATA1, //$79
C_DATA1, //$7A
C_DATA1, //$7B
C_DATA1, //$7C
C_DATA1, //$7D
C_DATA1, //$7E
C_DATA1, //$7F
C_MODRM+C_DATA1,//$80
C_MODRM+C_DATA66, //$81
C_MODRM+C_DATA1,//$82
C_MODRM+C_DATA1,//$83
C_MODRM, //$84
C_MODRM, //$85
C_MODRM, //$86
C_MODRM, //$87
C_MODRM, //$88
C_MODRM, //$89
C_MODRM, //$8A
C_MODRM, //$8B
C_MODRM, //$8C
C_MODRM, //$8D
C_MODRM, //$8E
C_MODRM, //$8F
C_OK, //$90
C_OK, //$91
C_OK, //$92
C_OK, //$93
C_OK, //$94
C_OK, //$95
C_OK, //$96
C_OK, //$97
C_OK, //$98
C_OK, //$99
C_DATA66+C_MEM2,//$9A
C_OK, //$9B
C_OK, //$9C
C_OK, //$9D
C_OK, //$9E
C_OK, //$9F
C_MEM67, //$A0
C_MEM67, //$A1
C_MEM67, //$A2
C_MEM67, //$A3
C_OK, //$A4
C_OK, //$A5
C_OK, //$A6
C_OK, //$A7
C_DATA1, //$A8
C_DATA66, //$A9
C_OK, //$AA
C_OK, //$AB
C_OK, //$AC
C_OK, //$AD
C_OK, //$AE
C_OK, //$AF
C_DATA1, //$B0
C_DATA1, //$B1
C_DATA1, //$B2
C_DATA1, //$B3
C_DATA1, //$B4
C_DATA1, //$B5
C_DATA1, //$B6
C_DATA1, //$B7
C_DATA66, //$B8
C_DATA66, //$B9
C_DATA66, //$BA
C_DATA66, //$BB
C_DATA66, //$BC
C_DATA66, //$BD
C_DATA66, //$BE
C_DATA66, //$BF
C_MODRM+C_DATA1,//$C0
C_MODRM+C_DATA1,//$C1
C_DATA2, //$C2
C_OK, //$C3
C_MODRM, //$C4
C_MODRM, //$C5
C_MODRM+C_DATA66, //$C6
C_MODRM+C_DATA66, //$C7
C_DATA2+C_DATA1,//$C8
C_OK, //$C9
C_DATA2, //$CA
C_OK, //$CB
C_OK, //$CC
C_DATA1+C_DATA4,//$CD
C_OK, //$CE
C_OK, //$CF
C_MODRM, //$D0
C_MODRM, //$D1
C_MODRM, //$D2
C_MODRM, //$D3
C_OK, //$D4
C_OK, //$D5
C_OK, //$D6
C_OK, //$D7
C_MODRM, //$D8
C_MODRM, //$D9
C_MODRM, //$DA
C_MODRM, //$DB
C_MODRM, //$DC
C_MODRM, //$DD
C_MODRM, //$DE
C_MODRM, //$DF
C_DATA1, //$E0
C_DATA1, //$E1
C_DATA1, //$E2
C_DATA1, //$E3
C_DATA1, //$E4
C_DATA1, //$E5
C_DATA1, //$E6
C_DATA1, //$E7
C_DATA66, //$E8
C_DATA66, //$E9
C_DATA66+C_MEM2,//$EA
C_DATA1, //$EB
C_OK, //$EC
C_OK, //$ED
C_OK, //$EE
C_OK, //$EF
C_PREFIX, //$F0
C_OK, //$F1
C_PREFIX, //$F2
C_PREFIX, //$F3
C_OK, //$F4
C_OK, //$F5
C_FUCKINGTEST, //$F6
C_FUCKINGTEST, //$F7
C_OK, //$F8
C_OK, //$F9
C_OK, //$FA
C_OK, //$FB
C_OK, //$FC
C_OK, //$FD
C_MODRM, //$FE
C_MODRM //$FF
);
OpcodeFlagsExt: Array [$00..$FF] of ULONG =
(
C_MODRM, //$00
C_MODRM, //$01
C_MODRM, //$02
C_MODRM, //$03
C_ERROR, //$04
C_ERROR, //$05
C_OK, //$06
C_ERROR, //$07
C_OK, //$08
C_OK, //$09
C_OK, //$0A
C_OK, //$0B
C_ERROR, //$0C
C_ERROR, //$0D
C_ERROR, //$0E
C_ERROR, //$0F
C_ERROR, //$10
C_ERROR, //$11
C_ERROR, //$12
C_ERROR, //$13
C_ERROR, //$14
C_ERROR, //$15
C_ERROR, //$16
C_ERROR, //$17
C_ERROR, //$18
C_ERROR, //$19
C_ERROR, //$1A
C_ERROR, //$1B
C_ERROR, //$1C
C_ERROR, //$1D
C_ERROR, //$1E
C_ERROR, //$1F
C_ERROR, //$20
C_ERROR, //$21
C_ERROR, //$22
C_ERROR, //$23
C_ERROR, //$24
C_ERROR, //$25
C_ERROR, //$26
C_ERROR, //$27
C_ERROR, //$28
C_ERROR, //$29
C_ERROR, //$2A
C_ERROR, //$2B
C_ERROR, //$2C
C_ERROR, //$2D
C_ERROR, //$2E
C_ERROR, //$2F
C_ERROR, //$30
C_ERROR, //$31
C_ERROR, //$32
C_ERROR, //$33
C_ERROR, //$34
C_ERROR, //$35
C_ERROR, //$36
C_ERROR, //$37
C_ERROR, //$38
C_ERROR, //$39
C_ERROR, //$3A
C_ERROR, //$3B
C_ERROR, //$3C
C_ERROR, //$3D
C_ERROR, //$3E
C_ERROR, //$3F
C_ERROR, //$40
C_ERROR, //$41
C_ERROR, //$42
C_ERROR, //$43
C_ERROR, //$44
C_ERROR, //$45
C_ERROR, //$46
C_ERROR, //$47
C_ERROR, //$48
C_ERROR, //$49
C_ERROR, //$4A
C_ERROR, //$4B
C_ERROR, //$4C
C_ERROR, //$4D
C_ERROR, //$4E
C_ERROR, //$4F
C_ERROR, //$50
C_ERROR, //$51
C_ERROR, //$52
C_ERROR, //$53
C_ERROR, //$54
C_ERROR, //$55
C_ERROR, //$56
C_ERROR, //$57
C_ERROR, //$58
C_ERROR, //$59
C_ERROR, //$5A
C_ERROR, //$5B
C_ERROR, //$5C
C_ERROR, //$5D
C_ERROR, //$5E
C_ERROR, //$5F
C_ERROR, //$60
C_ERROR, //$61
C_ERROR, //$62
C_ERROR, //$63
C_ERROR, //$64
C_ERROR, //$65
C_ERROR, //$66
C_ERROR, //$67
C_ERROR, //$68
C_ERROR, //$69
C_ERROR, //$6A
C_ERROR, //$6B
C_ERROR, //$6C
C_ERROR, //$6D
C_ERROR, //$6E
C_ERROR, //$6F
C_ERROR, //$70
C_ERROR, //$71
C_ERROR, //$72
C_ERROR, //$73
C_ERROR, //$74
C_ERROR, //$75
C_ERROR, //$76
C_ERROR, //$77
C_ERROR, //$78
C_ERROR, //$79
C_ERROR, //$7A
C_ERROR, //$7B
C_ERROR, //$7C
C_ERROR, //$7D
C_ERROR, //$7E
C_ERROR, //$7F
C_DATA66, //$80
C_DATA66, //$81
C_DATA66, //$82
C_DATA66, //$83
C_DATA66, //$84
C_DATA66, //$85
C_DATA66, //$86
C_DATA66, //$87
C_DATA66, //$88
C_DATA66, //$89
C_DATA66, //$8A
C_DATA66, //$8B
C_DATA66, //$8C
C_DATA66, //$8D
C_DATA66, //$8E
C_DATA66, //$8F
C_MODRM, //$90
C_MODRM, //$91
C_MODRM, //$92
C_MODRM, //$93
C_MODRM, //$94
C_MODRM, //$95
C_MODRM, //$96
C_MODRM, //$97
C_MODRM, //$98
C_MODRM, //$99
C_MODRM, //$9A
C_MODRM, //$9B
C_MODRM, //$9C
C_MODRM, //$9D
C_MODRM, //$9E
C_MODRM, //$9F
C_OK, //$A0
C_OK, //$A1
C_OK, //$A2
C_MODRM, //$A3
C_MODRM+C_DATA1,//$A4
C_MODRM, //$A5
C_ERROR, //$A6
C_ERROR, //$A7
C_OK, //$A8
C_OK, //$A9
C_OK, //$AA
C_MODRM, //$AB
C_MODRM+C_DATA1,//$AC
C_MODRM, //$AD
C_ERROR, //$AE
C_MODRM, //$AF
C_MODRM, //$B0
C_MODRM, //$B1
C_MODRM, //$B2
C_MODRM, //$B3
C_MODRM, //$B4
C_MODRM, //$B5
C_MODRM, //$B6
C_MODRM, //$B7
C_ERROR, //$B8
C_ERROR, //$B9
C_MODRM+C_DATA1,//$BA
C_MODRM, //$BB
C_MODRM, //$BC
C_MODRM, //$BD
C_MODRM, //$BE
C_MODRM, //$BF
C_MODRM, //$C0
C_MODRM, //$C1
C_ERROR, //$C2
C_ERROR, //$C3
C_ERROR, //$C4
C_ERROR, //$C5
C_ERROR, //$C6
C_ERROR, //$C7
C_OK, //$C8
C_OK, //$C9
C_OK, //$CA
C_OK, //$CB
C_OK, //$CC
C_OK, //$CD
C_OK, //$CE
C_OK, //$CF
C_ERROR, //$D0
C_ERROR, //$D1
C_ERROR, //$D2
C_ERROR, //$D3
C_ERROR, //$D4
C_ERROR, //$D5
C_ERROR, //$D6
C_ERROR, //$D7
C_ERROR, //$D8
C_ERROR, //$D9
C_ERROR, //$DA
C_ERROR, //$DB
C_ERROR, //$DC
C_ERROR, //$DD
C_ERROR, //$DE
C_ERROR, //$DF
C_ERROR, //$E0
C_ERROR, //$E1
C_ERROR, //$E2
C_ERROR, //$E3
C_ERROR, //$E4
C_ERROR, //$E5
C_ERROR, //$E6
C_ERROR, //$E7
C_ERROR, //$E8
C_ERROR, //$E9
C_ERROR, //$EA
C_ERROR, //$EB
C_ERROR, //$EC
C_ERROR, //$ED
C_ERROR, //$EE
C_ERROR, //$EF
C_ERROR, //$F0
C_ERROR, //$F1
C_ERROR, //$F2
C_ERROR, //$F3
C_ERROR, //$F4
C_ERROR, //$F5
C_ERROR, //$F6
C_ERROR, //$F7
C_ERROR, //$F8
C_ERROR, //$F9
C_ERROR, //$FA
C_ERROR, //$FB
C_ERROR, //$FC
C_ERROR, //$FD
C_ERROR, //$FE
C_ERROR //$FF
);
procedure GetOpCodeLength(OpCodePtr: Pointer; OpCodeLen: PULONG);
implementation
//判断指令长度
procedure GetOpCodeLength(OpCodePtr: Pointer; OpCodeLen: PULONG);
label
prefix;
var
iptr0, iptr: PBYTE;
b, bmod, rm: BYTE;
f: ULONG;
begin
iptr0 := PBYTE(OpCodePtr);
iptr := iptr0;
f := 0;
prefix:
b := iptr^;
Inc(iptr);
f := OpcodeFlags or f;
if ((f and C_FUCKINGTEST) > 0) then
begin
if ((iptr^ and $38) = 0) then
begin
f := C_MODRM + C_DATAW0; // TEST
end else
begin
f := C_MODRM; // NOT,NEG,MUL,IMUL,DIV,IDIV
end;
end;
if ((f and C_TABLE_0F) > 0) then
begin
b := iptr^;
Inc(iptr);
f := OpcodeFlags;
end;
if (f = C_ERROR) then
begin
OpCodeLen^ := C_ERROR;
Exit;
end;
if ((f and C_PREFIX) > 0) then
begin
f := not C_PREFIX and f;
goto prefix;
end;
if ((f and C_DATAW0) > 0) then
begin
if ((b and $01) > 0) then
begin
f := C_DATA66 or f;
end else
begin
f := C_DATA1 or f;
end;
end;
if ((f and C_MODRM) > 0) then
begin
b := iptr^;
Inc(iptr);
bmod := b and $C0;
rm := b and $07;
if (bmod <> $C0) then
begin
if ((f and C_67) > 0) then //modrm16
begin
if ((bmod = $00) and (rm = $06)) then f := C_MEM2 or f;
if (bmod = $40) then f := C_MEM1 or f;
if (bmod = $80) then f := C_MEM1 or f;
end else
begin
if (bmod = $40) then f := C_MEM1 or f;
if (bmod = $80) then f := C_MEM4 or f;
if (rm = $04) then
begin
rm := (iptr^) and $07;
Inc(iptr);
end;
if ((rm = $05) and (bmod = $00)) then f := C_MEM4 or f;
end;
end;
end;
if ((f and C_MEM67) > 0) then
begin
if ((f and C_67) > 0) then
begin
f := C_MEM2 or f;
end else
begin
f := C_MEM4 or f;
end;
end;
if ((f and C_DATA66) > 0) then
begin
if ((f and C_66) > 0) then
begin
f := C_DATA2 or f;
end else
begin
f := C_DATA4 or f;
end;
end;
if ((f and C_MEM1) > 0) then Inc(iptr);
if ((f and C_MEM2) > 0) then Inc(iptr, 2);
if ((f and C_MEM4) > 0) then Inc(iptr, 4);
if ((f and C_DATA1) > 0) then Inc(iptr);
if ((f and C_DATA2) > 0) then Inc(iptr, 2);
if ((f and C_DATA4) > 0) then Inc(iptr, 4);
OpCodeLen^ := ULONG(iptr) - ULONG(iptr0);
end;
end.
{:5_125:}{:5_121:}{:5_119:} 回复学习,感谢分享 学习学习。。。。。。。。 楼主好样的!!楼主好样的!!楼主好样的!!楼主好样的!!楼主好样的!! 学习学习。。。。。。。。 感谢 分享 ... 感谢楼主分享