?? mymuhook.cpp
字號:
// mymuhook.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include "mymuhook.h"
#include "stdio.h"
#include <Winsock2.h>
#pragma comment(lib, "ws2_32")
// This is an example of an exported variable
MYMUHOOK_API int nMymuhook=0;
// This is an example of an exported function.
MYMUHOOK_API int fnMymuhook(void)
{
return 42;
}
// This is the constructor of a class that has been exported.
// see mymuhook.h for the class definition
CMymuhook::CMymuhook()
{
return;
}
MYMUHOOK_API int StopHook()
{
return(UnhookWindowsHookEx((HHOOK)glhHook));
}
LRESULT WINAPI myHookProc(int nCode, WPARAM wParam, LPARAM lParam)
{
::MessageBox(0,"fjod","jfkd",MB_OK);
return CallNextHookEx((HHOOK)glhHook, nCode, wParam, lParam);
}
MYMUHOOK_API bool SetHook()
{
glhHook = (HHOOK)SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)myHookProc,myinstance, 0);
if(!glhHook)
return 0;
return 1;
}
typedef struct tagHOOKDATA
{
bool ishooked;//用來卸載時判斷是否已經被hook過
PROC pfnO;//原函數地址如(PROC)MessageBoxA
PROC pfn;//替換成的函數地址如(PROC)new_MessageBoxA
BYTE ins_jmp;//保存被jmp指令替換掉的那個字節
DWORD fn_addr;//保存被轉跳地址替換掉的4個字節
}HOOKDATA, *LPHOOKDATA;
HOOKDATA senddata;
HOOKDATA recvdata;
HOOKDATA keydata;
bool ok=false;//是否加血
HOOKDATA memdata;
BYTE x=0,y=0;
bool WINAPI HookOneApi(LPHOOKDATA codedata)//只需設置pfnO和pfn就可以了
{
DWORD oldAccess;//保存被替換的這5個字節的內存讀寫屬性
DWORD tmp;//臨時
unsigned char *p=(unsigned char *)codedata->pfnO;
if(false==VirtualProtect(p,5,PAGE_EXECUTE_READWRITE,&oldAccess ))//改變內存讀寫屬性
return false;
codedata->ins_jmp =*p;//保存第一個字節
*p=0xe9;//jmp == 0xe9
DWORD *pp=(DWORD *)(p+1);//轉成DWORD指針,一次性寫入DWORD地址
codedata->fn_addr =*pp;//保存
*pp=(DWORD)codedata->pfn-(DWORD)codedata->pfnO-5;//新函數在jmp指令里的地址
VirtualProtect(p,5,oldAccess,&tmp);//恢復內存讀寫屬性
codedata->ishooked =true;
return true;
}
bool WINAPI UnhookOneApi(LPHOOKDATA codedata)//保存著由HookOneApi得的數據
{
if(codedata->ishooked ==false)//如果這個函數沒被Hook過,直接返回
return true;
DWORD oldAccess;
DWORD tmp;
unsigned char *p=(unsigned char *)codedata->pfnO ;
if(false==VirtualProtect(p,5,PAGE_EXECUTE_READWRITE,&oldAccess ))
return false;
*p=codedata->ins_jmp ;
DWORD *pp=(DWORD *)(p+1);
*pp=codedata->fn_addr ;
VirtualProtect(p,5,oldAccess,&tmp);//恢復內存讀寫屬性
return true;
}
void jiami(unsigned char *buf)//加密
{
char *p={"\xe7\x6d\x3a\x89\xbc\xb2\x9f\x73\x23\xa8\xfe\xb6\x49\x5d\x39\x5d\x8a\xcb\x63\x8d\xea\x7d\x2b\x5f\xc3\xb1\xe9\x83\x29\x51\xe8\x56"};
for(int i=3;i<buf[1];i++)
{
unsigned char c=(unsigned char)p[i%32];
c^=buf[i-1];
buf[i]^=c;
}
}
void jiemi(unsigned char *buf)//解密
{
char *p={"\xe7\x6d\x3a\x89\xbc\xb2\x9f\x73\x23\xa8\xfe\xb6\x49\x5d\x39\x5d\x8a\xcb\x63\x8d\xea\x7d\x2b\x5f\xc3\xb1\xe9\x83\x29\x51\xe8\x56"};
int l=buf[1];//獲取包長度
for(int i =l-1;i>=3;i--)
{
unsigned char c=(unsigned char)p[i%32];
c^=buf[i-1];
buf[i]^=c;
}
}
int WINAPI Myrecv(SOCKET s,char*buf,int len,int flags)
{
UnhookOneApi(&recvdata);
unsigned char mbuf[1000];
int ret;
ret=recv(s,buf,len,flags);
unsigned char *pp=(unsigned char*)buf;
if(0xc1==pp[0] && 0xd7 ==pp[2] && 0x8==pp[1])
{
memset(mbuf,0,sizeof(mbuf));
memcpy(mbuf,pp,pp[1]);
jiemi(mbuf);
/*uf[5]=x;
mbuf[6]=y;
jiami(mbuf);
buf[5]=mbuf[5];
buf[6]=mbuf[6];
buf[7]=0;*/
FILE *fp;
fp=fopen("d:\\c1xxrecv.txt","a");
fprintf(fp,"recv: ");
for(int i =0;i<mbuf[1];i++)
{
fprintf(fp,"%3x ",(unsigned char)mbuf[i]);
if(3==i||4==i)
fprintf(fp,"(%3d) ",(unsigned char)mbuf[i]);
}
fprintf(fp,"\n");
fclose(fp);
}
HookOneApi(&recvdata);
return ret;
}
int WINAPI Mysend(SOCKET s,const char* buf,int len,int flags)
{
UnhookOneApi(&senddata);
unsigned char mbuf[1000];
int ret;
unsigned char *pp=(unsigned char *)buf;
if(0xc1==pp[0] && 0xd9==pp[2])//0xd7為走路包0xd9為左鍵打怪
{
memset(mbuf,0,sizeof(mbuf));
memcpy(mbuf,pp,pp[1]);
jiemi(mbuf);
/*x=mbuf[3];
y=mbuf[4];*/
FILE *fp;
fp=fopen("d:\\c1xxsend.txt","a");
fprintf(fp,"send: ");
for(int i =0;i<mbuf[1];i++)
fprintf(fp,"%3x ",(unsigned char)mbuf[i]);
fprintf(fp,"\n");
fclose(fp);
if(0==pp[2])//移動命令
{
FILE *fp;
fp=fopen("d:\\move.txt","a");
fwrite(mbuf,mbuf[1],1,fp);
fprintf(fp,"\n\n");
fclose(fp);
}
//jiami(mbuf);
}
ret =send(s,buf,len,flags);
HookOneApi(&senddata);
return ret;
}
void *mymemcpy( void *dest, const void *src, size_t count )
{
UnhookOneApi(&memdata);
FILE *fp;
fp=fopen("d:\\qqtest.txt","a");
fprintf(fp,"Msg:");
fwrite(src,count,1,fp);
fprintf(fp,"\n");
fclose(fp);
void *ret=memcpy(dest,src,count);
HookOneApi(&memdata);
return ret;
}
void thishook()
{
senddata.pfn=(PROC)Mysend;
senddata.pfnO=(PROC)send;
HookOneApi(&senddata);
recvdata.pfn=(PROC)Myrecv;
recvdata.pfnO=(PROC)recv;
HookOneApi(&recvdata);
/*keydata.pfn=(PROC)MyGetAsyncKeyState;
keydata.pfnO=(PROC)GetAsyncKeyState;
HookOneApi(&keydata);
memdata.pfn =(PROC)mymemcpy;
memdata.pfnO=(PROC)memcpy;
HookOneApi(&memdata);*/
}
void unthishook()
{
UnhookOneApi(&senddata);
UnhookOneApi(&recvdata);
//UnhookOneApi(&keydata);
//UnhookOneApi(&memdata);
}
VOID CALLBACK TimerProc( HWND hwnd, UINT uMsg,UINT_PTR idEvent, DWORD dwTime)
{
ok=true;
}
/*
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
//SetTimer(NULL,123,2000,(TIMERPROC)TimerProc);
thishook();
break;
case DLL_PROCESS_DETACH:
unthishook();
break;
}
return TRUE;
}
*/
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
thishook();
myinstance=(HINSTANCE)hModule;
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
unthishook();
break;
}
return TRUE;
}?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -