?? hookapi_jmp.cpp
字號:
// HookApi_JMP.cpp.
#include "stdafx.h"
#include "HookApi_JMP.h"
// 直接跳轉.
//---------------------------------------------------------------------------
CHookApi_Jmp::CHookApi_Jmp(void)
{
}
//---------------------------------------------------------------------------
CHookApi_Jmp::~CHookApi_Jmp()
{
CloseHandle(m_hProc);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOn()
{
DWORD dwOldFlag;
WriteProcessMemory(m_hProc, (void *)m_lpHookFunc,
(void *)m_NewFunc, 5, &dwOldFlag);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOff()
{
DWORD dwOldFlag;
WriteProcessMemory(m_hProc, (void *)m_lpHookFunc,
(void *)m_OldFunc, 5, &dwOldFlag);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::HookOneAPI(LPCTSTR ModuleName,
LPCTSTR ApiName, FARPROC lpNewFunc)
{
m_lpHookFunc = GetProcAddress(GetModuleHandle(ModuleName),ApiName);
m_hProc = GetCurrentProcess();
m_NewFunc[0]=0xe9;
// 復制m_lpHookFunc前5個字節代碼到m_OldFunc.
memcpy(m_OldFunc,(char *)m_lpHookFunc,5);
DWORD*pNewFuncAddress;
pNewFuncAddress=(DWORD*)&m_NewFunc[1];
*pNewFuncAddress=(DWORD)lpNewFunc-(DWORD)m_lpHookFunc-5;
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// 間接跳轉.
CHookApi_Jmp2::CHookApi_Jmp2()
{
BYTE str[8] = { 0x0B8, 0x0, 0x0, 0x40, 0x0, 0x0FF, 0x0E0,0};
memcpy(m_NewFunc,str,8);
}
//---------------------------------------------------------------------------
CHookApi_Jmp2::~CHookApi_Jmp2()
{
CloseHandle(m_hProc);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp2::SetHookOn()
{
DWORD dwOldFlag;
WriteProcessMemory(m_hProc, (void *)m_lpHookFunc,
(void *)m_NewFunc, 8, &dwOldFlag);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp2::SetHookOff()
{
DWORD dwOldFlag;
WriteProcessMemory(m_hProc, (void *)m_lpHookFunc,
(void *)m_OldFunc, 8, &dwOldFlag);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp2::HookOneAPI
(LPCTSTR ModuleName, LPCTSTR ApiName, FARPROC lpNewFunc)
{
m_lpHookFunc = GetProcAddress(GetModuleHandle(ModuleName),ApiName);
m_hProc = GetCurrentProcess();
// 復制m_lpHookFunc前8個字節代碼到m_OldFunc.
memcpy(m_OldFunc,(char *)m_lpHookFunc,8);
*(DWORD *)( m_NewFunc + 1 ) = (DWORD)lpNewFunc;
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -