您的位置:首页 > 职场人生

EAT Hook

2009-10-30 19:44 344 查看
EAT Hook

typedef int (__stdcall *pfnMessageBoxA)(HWND hWnd,
LPCSTR lpText,
LPCSTR lpCaption,
UINT uType
);
pfnMessageBoxA OldMessageBoxA = NULL;
LPVOID HookEAT(HMODULE hMod,char *szApiName,LPVOID lpHookRoutine);
int __stdcall HookMessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType);
int _tmain(int argc, _TCHAR* argv[])
{
HMODULE hUser32 = LoadLibraryA("user32.dll");
OldMessageBoxA = (pfnMessageBoxA)HookEAT(hUser32,"MessageBoxA",HookMessageBoxA);
if ( !OldMessageBoxA )
{
printf("Hook EAT failed.
");
goto __exit;
}
pfnMessageBoxA MsgBox = (pfnMessageBoxA)GetProcAddress(hUser32,"MessageBoxA");
if ( !MsgBox )
{
printf("Get MessageBoxA failed.
");
goto __exit;
}
MsgBox(0,"Hello","Hello",0);
__exit:
system("pause");
return 0;
}

LPVOID HookEAT(HMODULE hMod,char *szApiName,LPVOID lpHookRoutine)
{
LPVOID lpOldAddr = NULL;
PIMAGE_DOS_HEADER pDosHdr = (PIMAGE_DOS_HEADER)hMod;
PIMAGE_NT_HEADERS pNtHdr = (PIMAGE_NT_HEADERS)((DWORD)hMod + pDosHdr->e_lfanew);
PIMAGE_EXPORT_DIRECTORY pExpDir = (PIMAGE_EXPORT_DIRECTORY)
((DWORD)hMod + pNtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
WORD *pwOrds = (WORD*)((DWORD)hMod + pExpDir->AddressOfNameOrdinals);
DWORD *pdwRvas = (DWORD*)((DWORD)hMod + pExpDir->AddressOfFunctions);
DWORD *pdwNames = (DWORD*)((DWORD)hMod + pExpDir->AddressOfNames);
int i = 0 , j = 0;
char *pszApiName = NULL;
for (i=0;i<pExpDir->NumberOfFunctions;i++)
{
pszApiName = NULL;
if ( *pdwRvas )
{
for (j = 0;j<pExpDir->NumberOfNames;j++)
{
if ( i == pwOrds[j] )
{
pszApiName = (char *)((DWORD)hMod + pdwNames[j]);
break;
}
}
if ( _stricmp(szApiName,pszApiName) == 0 )
{
DWORD dwOldProtect;
lpOldAddr = (LPVOID)((DWORD)hMod + *pdwRvas);
printf("Hook EAT : %s.0x%08X.
",pszApiName,lpOldAddr);
DWORD dwDelta = (DWORD)HookMessageBoxA - (DWORD)hMod;
printf("Delta : 0x%08X.
",dwDelta);
VirtualProtectEx(
GetCurrentProcess(),pdwRvas,sizeof(DWORD),
PAGE_READWRITE,&dwOldProtect);
*pdwRvas = dwDelta;
break;
}
}
pdwRvas++;
}
return lpOldAddr;
}

int __stdcall HookMessageBoxA(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
{
return OldMessageBoxA(hWnd,lpText,"EAT Hook Demo",uType);
}


内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  职场 休闲 Hook
相关文章推荐
新的分享
章节导航