Matt Pietrek<>第十章研究的一点补充
自从在CSDN上写了一些自己对<<Windows 95 System Programming Secret>>第十章的研究肤浅只见后,(原文参见开发文档 http://www.csdn.net/develop/article/8638.shtm
“我对Windows API拦截技术经典之作Matt Pietrek的<<Windows 95 System Programming Secret>>第十章的研究”)陆续收到一些网友希望得到源码的MAIL,在此说明如下:
1)其实本人只修改了很少代码,原书及其配套源代码可在以下地址得到:
http://bigluo.tz163.net/
想要的快去,上面还有很多好东西,Matt Pietrek ,Charles Petzold ,Jeffrey Richter的e-book, source code …
2) 我对原书配套源代码的主要改动如下:
a)原Asmretrn.asm文件现该为C++文件
void AsmCommonReturnPoint(void);
_declspec(naked) void AsmCommonReturnPoint(void)
{
_asm SUB ESP,4 ; Make space for return address
_asm PUSHAD
_asm MOV EAX,ESP
_asm PUSH EAX
_asm CALL CCommonReturnPoint
_asm ADD ESP,4
_asm POPAD
_asm RET
}
b)
BOOL InterceptFunctionsInModule(PVOID baseAddress)
{
… …
// changed property of page contained IAT table to writeable
// for calling WriteProcessMemory()
bRtn = VirtualProtect(
&pThunk->u1.Function, // region of committed pages
sizeof(DWORD), // size of the region
PAGE_READWRITE, // desired access protection
&dwOldProtect // old protection
);
bRtn = WriteProcessMemory( GetCurrentProcess(),
&pThunk->u1.Function,
&src, sizeof(DWORD), &cBytesMoved );
// restored old property of page
bRtn = VirtualProtect(
&pThunk->u1.Function, // region of committed pages
sizeof(DWORD), // size of the region
dwOldProtect, // desired access protection
&dwOldProtect // old protection
);
… …
}
若想和本人探讨API HOOK问题,欢迎来MAIL。 hanjin@pecan.com.cn