| ²é¿´: 198 | »Ø¸´: 2 | |||
| µ±Ç°Ö÷ÌâÒѾ´æµµ¡£ | |||
zsgllyľ³æ (ÖøÃûдÊÖ)
|
[½»Á÷]
APIHOOKʵÀýÆÊÎö
|
||
|
APIHOOKʵÀýÆÊÎö ¹ØÓÚAPIHOOKµÄ»ù´¡ÖªÊ¶Óкܶ࣬ÈçdllµÄÏà¹Ø֪ʶ¡¢HookµÄÏà¹Ø֪ʶ¡¢ÏµÍ³½ø³ÌÓëÏß³ÌÖ®¼äµÄÁªÏµµÈ¡£¾ßÌå¿ÉÒÔ¿´ÎÒµÄÁíÁ½ÆªÎÄÕ£º"ÎÒµÄDll(¶¯Ì¬Á´½Ó¿â)ѧϰ±Ê¼Ç" ºÍ "ÎÒµÄHookѧϰ±Ê¼Ç"¡££º£©ÏÂÃæ½øÈëÕâƪÎÄÕµÄÖص㣬¸ù¾ÝAPIHookÔ´Âë½øÐÐAPIHookµÄÆÊÎö¡£ Ò»¡¢APIHOOKÖ®dll²¿·Ö //////////////////////////////// APIHook_Dll.cpp ///////////////////////////////////////////////////////////////////////////////////////// #include "stdafx.h" #include "APIHook_Dll.h" #include #include #pragma comment(lib,"ImageHlp"  //¶¨ÒåÈ«¾Ö¹²ÏíÊý¾Ý¶Î #pragma data_seg("Shared" HMODULE hmodDll=NULL; HHOOK hHook=NULL; #pragma data_seg() #pragma comment(linker,"/Section:Shared,rws" //ÉèÖÃÈ«¾Ö¹²ÏíÊý¾Ý¶ÎµÄÊôÐÔ ///////////////////////////////////// DllMain º¯Êý ///////////////////////////////////////// //dllµÄÈë¿Úµã BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch(ul_reason_for_call) { case DLL_PROCESS_ATTACH: //if(sHook) case DLL_PROCESS_DETACH: UnInstallHook(); break; } hmodDll=hModule; return TRUE; } ///////////////////////////////////// HookOneAPI º¯Êý ///////////////////////////////////////// //½øÐÐIATת»»µÄ¹Ø¼üº¯Êý£¬Æä²ÎÊýº¬Ò壺 //pszCalleeModuleName£ºÐèÒªhookµÄÄ£¿éÃû //pfnOriginApiAddress£ºÒªÌæ»»µÄ×Ô¼ºAPIº¯ÊýµÄµØÖ· //pfnDummyFuncAddress£ºÐèÒªhookµÄÄ£¿éÃûµÄµØÖ· //hModCallerModule£ºÎÒÃÇÒª²éÕÒµÄÄ£¿éÃû³Æ£¬Èç¹ûûÓб»¸³Öµ£¬ // ½«»á±»¸³ÖµÎªÃ¶¾ÙµÄ³ÌÐòËùÓе÷ÓõÄÄ£¿é void WINAPI HookOneAPI(LPCTSTR pszCalleeModuleName,PROC pfnOriginApiAddress, PROC pfnDummyFuncAddress,HMODULE hModCallerModule) { ULONG size; //»ñÈ¡Ö¸ÏòPEÎļþÖеÄImportÖÐIMAGE_DIRECTORY_DESCRIPTORÊý×éµÄÖ¸Õë PIMAGE_IMPORT_DESCRIPTOR pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR) ImageDirectoryEntryToData(hModCallerModule,TRUE,IMAGE_DIRECTORY_ENTRY_IMPORT,&size); if (pImportDesc == NULL) return; //²éÕҼǼ,¿´¿´ÓÐûÓÐÎÒÃÇÏëÒªµÄDLL for (;pImportDesc->Name;pImportDesc++) { LPSTR pszDllName = (LPSTR)((PBYTE)hModCallerModule+pImportDesc->Name); if (lstrcmpiA(pszDllName,pszCalleeModuleName) == 0) break; } if (pImportDesc->Name == NULL) { return; } //Ñ°ÕÒÎÒÃÇÏëÒªµÄº¯Êý PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)((PBYTE)hModCallerModule+pImportDesc->FirstThunk);//IAT for (;pThunk->u1.Function;pThunk++) { //ppfn¼Ç¼ÁËÓëIAT±íÏîÏàÓ¦µÄº¯ÊýµÄµØÖ· PROC * ppfn= (PROC *)&pThunk->u1.Function; if (*ppfn == pfnOriginApiAddress) { //Èç¹ûµØÖ·Ïàͬ£¬Ò²¾ÍÊÇÕÒµ½ÁËÎÒÃÇÏëÒªµÄº¯Êý£¬½øÐиÄд£¬½«ÆäÖ¸ÏòÎÒÃÇËù¶¨ÒåµÄº¯Êý WriteProcessMemory(GetCurrentProcess(),ppfn,&(pfnDummyFuncAddress), sizeof(pfnDummyFuncAddress),NULL); return; } } } //²éÕÒËù¹Ò¹³µÄ½ø³ÌËùÓ¦ÓõÄdllÄ£¿éµÄ BOOL WINAPI HookAllAPI(LPCTSTR pszCalleeModuleName,PROC pfnOriginApiAddress, PROC pfnDummyFuncAddress,HMODULE hModCallerModule) { if (pszCalleeModuleName == NULL) { return FALSE; } if (pfnOriginApiAddress == NULL) { return FALSE; } //Èç¹ûû´«½øÀ´Òª¹Ò¹³µÄÄ£¿éÃû³Æ£¬Ã¶¾Ù±»¹Ò¹³½ø³ÌµÄËùÓÐÒýÓõÄÄ£¿é£¬ //²¢¶ÔÕâЩģ¿é½øÐд«½øÀ´µÄÏàÓ¦º¯ÊýÃû³ÆµÄ²éÕÒ if (hModCallerModule == NULL) { MEMORY_BASIC_INFORMATION mInfo; HMODULE hModHookDLL; HANDLE hSnapshot; MODULEENTRY32 me = {sizeof(MODULEENTRY32)}; //MODULEENTRY32:ÃèÊöÁËÒ»¸ö±»Ö¸¶¨½ø³ÌËùÓ¦ÓõÄÄ£¿éµÄstruct VirtualQuery(HookOneAPI,&mInfo,sizeof(mInfo)); hModHookDLL=(HMODULE)mInfo.AllocationBase; hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); BOOL bOk = Module32First(hSnapshot,&me); while (bOk) { if (me.hModule != hModHookDLL) { hModCallerModule = me.hModule;//¸³Öµ //me.hModule:Ö¸Ïòµ±Ç°±»¹Ò¹³½ø³ÌµÄÿһ¸öÄ£¿é HookOneAPI(pszCalleeModuleName,pfnOriginApiAddress, pfnDummyFuncAddress,hModCallerModule); } bOk = Module32Next(hSnapshot,&me); } return TRUE; } //Èç¹û´«½øÀ´ÁË£¬½øÐвéÕÒ else { HookOneAPI(pszCalleeModuleName,pfnOriginApiAddress, pfnDummyFuncAddress,hModCallerModule); return TRUE; } return FALSE; } //////////////////////////////////// UnhookAllAPIHooks º¯Êý ///////////////////////////////////// //ͨ¹ýʹpfnDummyFuncAddressÓëpfnOriginApiAddressÏàµÈµÄ·½·¨£¬È¡Ïû¶ÔIATµÄÐÞ¸Ä BOOL WINAPI UnhookAllAPIHooks(LPCTSTR pszCalleeModuleName,PROC pfnOriginApiAddress, PROC pfnDummyFuncAddress,HMODULE hModCallerModule) { PROC temp; temp = pfnOriginApiAddress; pfnOriginApiAddress = pfnDummyFuncAddress; pfnDummyFuncAddress = temp; return HookAllAPI(pszCalleeModuleName,pfnOriginApiAddress, pfnDummyFuncAddress,hModCallerModule); } ////////////////////////////////// GetMsgProc º¯Êý //////////////////////////////////////// //¹³×Ó×ӳ̡£ÓëÆäËü¹³×Ó×ӳ̲»´óÏàͬ£¬Ã»×öʲôÓÐÒâÒåµÄÊÂÇ飬¼ÌÐøµ÷ÓÃÏÂÒ»¸ö¹³×Ó×ӳ̣¬ÐγÉÑ»· LRESULT CALLBACK GetMsgProc(int code,WPARAM wParam,LPARAM lParam) { return CallNextHookEx(hHook,code,wParam,lParam); } //////////////////////////////////// InstallHook º¯Êý ///////////////////////////////////// //°²×°»òжÔع³×Ó£¬BOOL IsHook²ÎÊýÊDZê־λ //¶ÔÒª¹³ÄĸöAPIº¯Êý½øÐгõʼ»¯ //ÎÒÃÇÕâÀï×°µÄ¹³×ÓÀàÐÍÊÇWH_GETMESSAGE void __declspec(dllexport) WINAPI InstallHook(BOOL IsHook,DWORD dwThreadId) { if(IsHook) { hHook=SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)GetMsgProc,hmodDll,dwThreadId); //GetProcAddress(GetModuleHandle("GDI32.dll" ,"ExtTextOutA"£ºÈ¡µÃÒª¹³µÄº¯ÊýÔÚËùÔÚdllÖеĵØÖ· HookAllAPI("GDI32.dll",GetProcAddress(GetModuleHandle("GDI32.dll" , "TextOutW" ,(PROC)&H_TextOutW,NULL); HookAllAPI("GDI32.dll",GetProcAddress(GetModuleHandle("GDI32.dll" , "TextOutA" ,(PROC)&H_TextOutA,NULL); } else { UnInstallHook(); UnhookAllAPIHooks("GDI32.dll",GetProcAddress(GetModuleHandle("GDI32.dll" , "TextOutW" ,(PROC)&H_TextOutW,NULL); UnhookAllAPIHooks("GDI32.dll",GetProcAddress(GetModuleHandle("GDI32.dll" , "TextOutA" ,(PROC)&H_TextOutA,NULL); } } [ Last edited by »ÃÓ°ÎÞºÛ on 2006-11-27 at 08:16 ] |
»Ø¸´´ËÂ¥» ²ÂÄãϲ»¶
295Çóµ÷¼Á¡£Ò»Ö¾Ô¸±¨¿¼Ö£ÖÝ´óѧ»¯Ñ§¹¤ÒÕѧ˶£¬×Ü·Ö295·Ö
ÒѾÓÐ4È˻ظ´
-
289Çóµ÷¼Á
ÒѾÓÐ4È˻ظ´
-
½ËÕÊ¡Å©¿ÆÔºÕе÷¼Á1Ãû
ÒѾÓÐ4È˻ظ´
-
290·Ö²ÄÁϹ¤³Ì085601Çóµ÷¼Á Êý¶þÓ¢Ò»
ÒѾÓÐ3È˻ظ´
-
0856µ÷¼Á
ÒѾÓÐ7È˻ظ´
-
»¯¹¤×¨Ë¶348£¬Ò»Ö¾Ô¸985Çóµ÷¼Á
ÒѾÓÐ9È˻ظ´
-
0856»¯¹¤×¨Ë¶Çóµ÷¼Á
ÒѾÓÐ14È˻ظ´
-
282Çóµ÷¼Á
ÒѾÓÐ5È˻ظ´
-
³ÏÕÐÅ©Òµ²©Ê¿
ÒѾÓÐ3È˻ظ´
-
²ÄÁÏѧ˶318Çóµ÷¼Á
ÒѾÓÐ9È˻ظ´
zsglly
ľ³æ (ÖøÃûдÊÖ)
- Ó¦Öú: 0 (Ó׶ùÔ°)
- ¹ó±ö: 0.15
- ½ð±Ò: 2268.7
- Ìû×Ó: 1035
- ÔÚÏß: 4.1Сʱ
- ³æºÅ: 83160
- ×¢²á: 2005-07-28
- ÐÔ±ð: GG
- רҵ: ´«ÈÈ´«ÖÊѧ
|
///////////////////////////////////// UnInstallHook º¯Êý //////////////////////////////////// //жÔع³×Ó BOOL WINAPI UnInstallHook() { UnhookWindowsHookEx(hHook); return TRUE; } ///////////////////////////////////// H_TextOutA º¯Êý ///////////////////////////////////////// //ÎÒÃǵÄÌæ»»º¯Êý£¬¿ÉÒÔÔÚÀïÃæʵÏÖÎÒÃÇËùÒª×öµÄ¹¦ÄÜ //ÕâÀïÎÒ×öµÄÊÇÏÔʾһ¸ö¶Ô»°¿ò£¬Ö¸Ã÷ÊÇÌæ»»ÁËÄĸöº¯Êý BOOL WINAPI H_TextOutA(HDC hdc,int nXStart,int nYStart,LPCSTR lpString,int cbString) { MessageBox(NULL,"TextOutA","APIHook_Dll ---rivershan",MB_OK); TextOutA(hdc,nXStart,nYStart,lpString,cbString);//·µ»ØÔÀ´µÄº¯Êý£¬ÒÔÏÔʾ×Ö·û return TRUE; } ///////////////////////////////////// H_TextOutW º¯Êý ///////////////////////////////////////// //ͬÉÏ BOOL WINAPI H_TextOutW(HDC hdc,int nXStart,int nYStart,LPCWSTR lpString,int cbString) { MessageBox(NULL,"TextOutW","APIHook_Dll ---rivershan",MB_OK); TextOutW(hdc,nXStart,nYStart,lpString,cbString);//·µ»ØÔÀ´µÄº¯Êý£¬ÒÔÏÔʾ×Ö·û return TRUE; } ********************************************************************************************** ********************************************************************************************** //////////////////////////////// APIHook_Dll.h //////////////////////////////////////// // rivershanдÓÚ2002.9.23 // ///////////////////////////////////////////////////////////////////////////////////////// //dllÍ·Îļþ£¬ÓÃÓÚÉùÃ÷º¯Êý void __declspec(dllexport) WINAPI InstallHook(BOOL,DWORD); BOOL WINAPI UnInstallHook(); LRESULT CALLBACK GetMsgProC(int code,WPARAM wParam,LPARAM lParam); void WINAPI HookOneAPI(LPCTSTR pszCalleeModuleName,PROC pfnOriginApiAddress, PROC pfnDummyFuncAddress,HMODULE hModCallerModule); BOOL WINAPI HookAllAPI(LPCTSTR pszCalleeModuleName,PROC pfnOriginApiAddress, PROC pfnDummyFuncAddress,HMODULE hModCallerModule); BOOL WINAPI UnhookAllAPIHooks(LPCTSTR pszCalleeModuleName,PROC pfnOriginApiAddress, PROC pfnDummyFuncAddress,HMODULE hModCallerModule); BOOL WINAPI H_TextOutA(HDC, int, int, LPCSTR, int); BOOL WINAPI H_TextOutW(HDC, int, int, LPCWSTR, int); BOOL WINAPI H_ExtTextOutA(HDC, int, int, UINT, CONST RECT *,LPCSTR, UINT, CONST INT *); BOOL WINAPI H_ExtTextOutW(HDC, int, int, UINT, CONST RECT *,LPCWSTR, UINT, CONST INT *); ********************************************************************************************** ********************************************************************************************** ;APIHook_DllÖ®defÎļþ LIBRARY APIHook_Dll.dll EXPORT InstallHook ¶þ¡¢APIHOOKÖ®exe²¿·Ö //////////////////////////// APIHook_EXEDlg.cpp ///////////////////////////////////////// // rivershanдÓÚ2002.9.23 // ///////////////////////////////////////////////////////////////////////////////////////// #include "stdafx.h" #include "APIHook_EXE.h" #include "APIHook_EXEDlg.h" #include "APIHook_Dll.h" #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif ///////////////////////////////////////////////////////////////////////////// // CAPIHook_EXEDlg dialog CAPIHook_EXEDlg::CAPIHook_EXEDlg(CWnd* pParent /*=NULL*/) : CDialog(CAPIHook_EXEDlg::IDD, pParent) { //{{AFX_DATA_INIT(CAPIHook_EXEDlg) // NOTE: the ClassWizard will add member initialization here //}}AFX_DATA_INIT // Note that LoadIcon does not require a subsequent DestroyIcon in Win32 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CAPIHook_EXEDlg:  oDataExchange(CDataExchange* pDX) { CDialog: oDataExchange(pDX); //{{AFX_DATA_MAP(CAPIHook_EXEDlg) // DDX_Control(pDX, IDC_EDIT1, m_Edit); //}}AFX_DATA_MAP } BEGIN_MESSAGE_MAP(CAPIHook_EXEDlg, CDialog) //{{AFX_MSG_MAP(CAPIHook_EXEDlg) ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BUTTON_OUT, OnButtonOut) ON_BN_CLICKED(IDC_BUTTON_BEGIN, OnButtonBegin) ON_BN_CLICKED(IDC_BUTTON_STOP, OnButtonStop) //}}AFX_MSG_MAP END_MESSAGE_MAP() ///////////////////////////////////////////////////////////////////////////// // CAPIHook_EXEDlg message handlers BOOL CAPIHook_EXEDlg::OnInitDialog() { CDialog::OnInitDialog(); // Set the icon for this dialog. The framework does this automatically // when the application's main window is not a dialog SetIcon(m_hIcon, TRUE); // Set big icon SetIcon(m_hIcon, FALSE); // Set small icon // TODO: Add extra initialization here return TRUE; // return TRUE unless you set the focus to a control } // If you add a minimize button to your dialog, you will need the code below // to draw the icon. For MFC applications using the document/view model, // this is automatically done for you by the framework. void CAPIHook_EXEDlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // device context for painting SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0); // Center icon in client rectangle int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // Draw the icon dc.DrawIcon(x, y, m_hIcon); } else { CDialog::OnPaint(); } } // The system calls this to obtain the cursor to display while the user drags // the minimized window. HCURSOR CAPIHook_EXEDlg::OnQueryDragIcon() { return (HCURSOR) m_hIcon; } ///////////////////////////////////// OnButtonOut º¯Êý ////////////////////////////////////// //ʹÓÃTextOutº¯Êý void CAPIHook_EXEDlg::OnButtonOut() { // TODO: Add your control notification handler code here HDC hdc = ::GetDC(GetSafeHwnd()); ::TextOutA(hdc,0,0,"APIHOOK_EXE ---rivershan",30); UpdateWindow(); } ///////////////////////////////////// OnButtonBegin º¯Êý //////////////////////////////////// //¿ªÊ¼¹Ò¹³£¬ÕâÀïÎÒÃǹҵÄÊÇ×ÔÉíÕâ¸öAPIHook_EXEÕâ¸ö³ÌÐò void CAPIHook_EXEDlg::OnButtonBegin() { DWORD dwThreadId = GetWindowThreadProcessId(m_hWnd,NULL);//»ñµÃ×ÔÉí½ø³ÌID InstallHook(TRUE,dwThreadId); } ///////////////////////////////////// OnButtonStop º¯Êý //////////////////////////////////// //È¡Ïû¹Ò¹³ void CAPIHook_EXEDlg::OnButtonStop() { InstallHook(FALSE,0); } Èý¡¢APIHOOKÖ®¼¯³É 1. Óà VC++н¨Ò»¸ö Win32 Dynamic-Link Library ³ÌÐò£¬ÃüÃûΪ APIHook_Dll¡£½ÓÏÂÀ´Ñ¡ÔñµÚ¶þÏî A Simple DLL Project£» 2. н¨Ò»Í·Îļþ£¬ÃüÃûΪ APIHook_Dll.h¡£É¾³ý¹¤³ÌÖÐ APIHook_Dll.cppÎļþÖÐÔÀ´µÄÄÚÈÝ£¬È»ºó°ÑÉÏÃæµÄ APIHook_Dll.cpp ºÍ APIHook_Dll.hÎļþµÄÄÚÈÝÈ«²¿¸´ÖƵ½Ð½¨µÄÕâ¸ö¹¤³ÌµÄ .cpp¼° .hÎļþÖÐÀ´£» 3. н¨Ò» TextÎļþ£¬ÃüÃûΪ APIHook_Dll.def¡£¸´ÖÆÉÏÃæµÄdefÎļþÄÚÈÝ¡£ 4. ±àÒ룻 5. н¨Ò» MFC APPWizard(exe)³ÌÐò£¬ÃüÃûΪ APIHook_EXE¡£½Ó×ÅÑ¡ÔñµÚÈýÏ»ùÓÚ¶Ô»°¿òµÄ³ÌÐò£¬ÆäËüĬÈÏ£» 6. ɾ³ýÔÀ´¶Ô»°¿òÉϵĿؼþ£¬È»ºóн¨Èý¸ö°´Å¥ID·Ö±ðΪ£ºIDC_BUTTON_BEGIN¡¢IDC_BUTTON_STOP¡¢IDC_BUTTON_OUT£¬Caption·Ö±ðΪ£ºBigin Hook¡¢Stop Hook¡¢Text Out¡£²»ÒªÈÃÕâÈý¸ö°´Å¥³öÓÚ¶Ô»°¿ò¿Í»§ÇøµÄ×îÉÏÃæ¾ÍÐУ» 7. ¿½±´ APIHook_Dll.hÎļþµ½ APIHook_EXE³ÌÐòĿ¼Ï£¬È»ºó¼Óµ½ APIHook_EXEµÄÍ·Îļþ¼ÐÖС£ 8. ɾ³ý¹¤³ÌÖÐ APIHook_EXEDlg.cppÎļþÖÐÔÀ´µÄÄÚÈÝ£¬È»ºó°ÑÉÏÃæµÄ APIHook_EXEDlg.cppÎļþµÄÄÚÈÝÈ«²¿¸´ÖƵ½Ð½¨µÄÕâ¸ö¹¤³ÌµÄ .cppÎļþÖÐÀ´£» 9. ´ò¿ª Project->Setting²Ëµ¥£¬Ñ¡ÔñµÚËÄÏîlink£¬ÔÚ Object/library modulsÀïÌí¼ÓÎÒÃǵÄdllµÄlibÎļþµÄ·¾¶£º..\APIHook_Dll\Debug\APIHook_Dll.lib£» 10. ±àÒ룻 11. °Ñ APIHook_Dll.dllÎļþ·ÅÔÚ APIHook_Dll.exe³ÌÐòµÄͬһ¸öÎļþ¼ÐÄÚ£» 12. ÔËÐгÌÐò£¬µã»÷ Bigin Hook°´Å¥£¬¿ªÊ¼¹Ò¹³¡£ÔÙµã»÷ Text Out°´Å¥»áÌø³ö¶Ô»°¿ò²¢ÇÒ»áÔÚ³ÌÐòÖÐÏÔʾËùÒªÏÔʾµÄ×Ö¡£µã»÷ Stop HookÈ»ºóÔÚµã»÷ Text Out°´Å¥¾ÍûÓжԻ°¿ò³öÏÖÁË¡£ ËÄ¡¢Ò»Ð©ËµÃ÷ 1¡¢ÎÒÕâ¸ö HookAPIÊÇʹÓÃÁË Jeffrey RichterµÄ¸Äд³ÌÐòµÄ IATÀ´ÊµÏֵģ¬Ò²¿ÉÒÔÓÃÌøתº¯ÊýÈë¿ÚµãµÄ·½·¨À´ÊµÏÖ£¬Õâ¸öÎÒû×öÑо¿¡££º£© 2¡¢ÎÒµÄһЩÐĵ㺠Ëùν HookAPI£¬¾ÍÊǸÄд³ÌÐòµÄ IAT£¬ÔÙµ÷ÓÃÎÒ×Ô¼ºÐ´µÄÓÃÓÚÌæ»»ÔAPIº¯ÊýµÄº¯Êý¡£ÔÚÎÒÃÇ×Ô¼ºÐ´µÄAPIº¯ÊýÖУ¬ÎÒÃÇ¿ÉÒÔ½øÐÐÎÒÃÇÏëÒªµÄ¹¤×÷¡£Ö®ºóÄØ£¬¿ÉÒÔ°ÑÔÀ´µÄº¯Êý´«»ØÈ¥£¬Ò²¿ÉÒÔ²»´«»ØÈ¥£¬Ö»ÒªÄãÉè¼ÆºÃÁ˾ÍÐС£ ¶øËùνµ÷ÓÃ×Ô¼ºµÄº¯Êý,¾ÍÊÇ°ÑÔº¯Êý²ÎÊý¶¼´«¸øÎÒµÄÌæ»»º¯Êý¡£ÎÒÃǾͿÉÒÔÀûÓÃÕâЩ²ÎÊýÈ¥¸ÉÎÒÃÇÏë×öµÄÊ¡£¶øϵͳÄØ£¬ÎÒÏëÓÉÓÚ΢ÈíÉèÖõÄÕâ¸ö¹³×ÓµÄÄ¿µÄ£¨ÎÒÕâôÈÏΪµÄ£©£¬ËùÒÔ²»»áÈ¥¼ì²éÌæ»»º¯ÊýÊÇ·ñ¾ÍÊÇÔº¯Êý£¬Ö»Òª²ÎÊý¡¢·µ»ØÖµ·ûºÏÌõ¼þ¾ÍÐУ¬Òª²»»á³ö´í¡£Ìæ»»º¯ÊýµÄ·µ»ØÖµ×îºÃÊÇÔº¯Êý£¬·ñÔòÓпÉÄÜ»á³ö´í HookAPIʱ£¬exe³ÌÐòÆðµ½µÄ×÷ÓþÍÊǽøÐÐHook£¬°Ñdll×¢Èëµ½ÒªHookµÄ³ÌÐò£¬²¢ÇÒ´«»ØÒª¹Ò½ÓµÄ½ø³ÌµÄID»òÕßÈ«¾Ö¹³×Ó£¬ÒÔ±ã²éѯËùÒª¹Ò½ÓµÄÄ£¿éµÄIAT¡£Èç¹û²»×¢Èë½øÈ¥£¬ÏµÍ³²»»áÈÃÄãÈ¥²éѯIATµÄ¡£DLL×öµÄÊÂÇéÊÇÈ·¶¨Òª¹Ò½ÓÄĸöº¯ÊýºÍÕâ¸öº¯ÊýÔÚÄĸöDLLÖеȡ£ |
2Â¥2005-12-31 17:13:32
houcy
гæ (³õÈëÎÄ̳)
- Ó¦Öú: 0 (Ó׶ùÔ°)
- ½ð±Ò: 1.9
- Ìû×Ó: 27
- ÔÚÏß: 47·ÖÖÓ
- ³æºÅ: 151466
- ×¢²á: 2005-12-30
- רҵ: ¼ÆËã»ú
3Â¥2005-12-31 18:46:19
10