Hook Socket API 的问题,兄弟们多帮忙!
现在有一个例子,HOOK的是GetTime函数,我添加了一个wsock32.dll的send函数,却不行,提示是在wsock32.dll中没有找到导出的send函数。查找过程如下:
// Save information about this hooked function
m_pszCalleeModName = pszCalleeModName;
m_pszFuncName = pszFuncName;
m_pfnHook = pfnHook;
m_fExcludeAPIHookMod = fExcludeAPIHookMod;
m_pfnOrig = GetProcAddressRaw(
GetModuleHandleA(pszCalleeModName), m_pszFuncName);
if (m_pfnOrig==NULL)
{
WriteLog((char *)m_pszCalleeModName);
WriteLog("------");
WriteLog((char *)m_pszFuncName);
}
chASSERT(m_pfnOrig != NULL); // Function doesn't exist
if (m_pfnOrig > sm_pvMaxAppAddr) {
// The address is in a shared DLL; the address needs fixing up
PBYTE pb = (PBYTE) m_pfnOrig;
if (pb[0] == cPushOpCode) {
// Skip over the PUSH op code and grab the real address
PVOID pv = * (PVOID*) &pb[1];
m_pfnOrig = (PROC) pv;
}
}
// Hook this function in all currently loaded modules
ReplaceIATEntryInAllMods(m_pszCalleeModName, m_pfnOrig, m_pfnHook,
m_fExcludeAPIHookMod);
chASSERT(m_pfnOrig != NULL); // Function doesn't exist
这句到了wsock32.dll,send,就过不去,实在搞不懂,wsock32.dll怎么会没有导出send函数呢?
请高手帮忙!先谢了!
用到的函数:
FARPROC CAPIHook::GetProcAddressRaw(HMODULE hmod, PCSTR pszProcName) {
return(::GetProcAddress(hmod, pszProcName));
}
FARPROC WINAPI CAPIHook::GetProcAddress(HMODULE hmod, PCSTR pszProcName) {
// Get the true address of the function
FARPROC pfn = GetProcAddressRaw(hmod, pszProcName);
// Is it one of the functions that we want hooked?
CAPIHook* p = sm_pHead;
for (; (pfn != NULL) && (p != NULL); p = p->m_pNext) {
if (pfn == p->m_pfnOrig) {
// The address to return matches an address we want to hook
// Return the hook function address instead
pfn = p->m_pfnHook;
break;
}
}
return(pfn);
}