?? ghook_noclosedll.~dpr
字號:
library NoCloseDLL;
uses
GHook_API in 'GHook_API.pas',
Windows, SysUtils;
type
TOpenProcess = function (dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
var
APIOpenProcess: TOpenProcess;
iHook: HHook;
hMapObject: THandle;
fMapFile: Pointer;
procedure CreateMapFile;
begin
// create map file
if hMapObject=0 then
begin
hMapObject:=CreateFileMapping ($FFFFFFFF, nil, page_ReadWrite, 0, 18, 'ProtectProcess');
if hMapObject>0 then
begin
fMapFile:=MapViewOfFile (hMapObject, File_Map_All_Access, 0, 0, 0);
StrCopy(PChar(fMapFile), PChar(IntToStr(GetCurrentProcessID)));
end;
end;
end;
procedure FreeMapFile;
begin
if fMapFile<>nil then UnMapViewOfFile(fMapFile);
if hMapObject>0 then CloseHandle(hMapObject);
end;
// hook proc
function HookProc(nCode: Integer; WPARAM: wParam; LPARAM: lParam): LResult; stdcall;
begin
Result:=0;
// do onthing
if nCode<0 then Result := CallNextHookEx(iHook, nCode, wParam, lParam);
end;
// our EXE calls this method to setup the hook
procedure SetHook; stdcall;
begin
CreateMapFile;
iHook := SetWindowsHookEx(WH_DEBUG, @HookProc, hInstance, 0);
end;
// our EXE calls this method to unset the hook
procedure UnSetHook; stdcall;
begin
UnHookWindowsHookEx(iHook);
iHook:=0;
FreeMapFile;
end;
function MyOpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
begin
Result:=APIOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
if fMapFile<>nil then if PChar(fMapFile) = IntToStr(dwProcessId) then Result:=$FFFFFFFF; // 0
end;
procedure SetAPIHook; stdcall;
begin
if @APIOpenProcess = nil then
begin
@APIOpenProcess := LocateFunctionAddress(@OpenProcess);
RepointFunction(@APIOpenProcess, @MyOpenProcess);
end;
end;
procedure UnSetAPIHook; stdcall;
begin
if @APIOpenProcess <> nil then
begin
RepointFunction(@MyOpenProcess, @APIOpenProcess);
@APIOpenProcess:=nil;
end;
end;
function IsHooking: bool; stdcall;
begin
Result:=(@APIOpenProcess<>nil) and (iHook<>0);
end;
procedure EntryPointProc(Reason: Integer);
begin
case reason of
DLL_PROCESS_ATTACH:
begin
hMapObject := OpenFileMapping(File_Map_All_Access, true, 'ProtectProcess');
if hMapObject>0 then fMapFile := MapViewOfFile(hMapObject, File_Map_All_Access, 0, 0, 0);
SetAPIHook;
end;
DLL_PROCESS_DETACH:
begin
UnSetAPIHook;
FreeMapFile;
end;
end;
end;
exports
SetHook, UnSetHook, SetAPIHook, UnSetAPIHook, IsHooking;
begin
fMapFile:=nil; iHook:=0;
DllProc := @EntryPointProc;
EntryPointProc(DLL_PROCESS_ATTACH);
end.
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -