1.5w+
社区成员
dll建立hook问题?
dll建立hook问题?我把一个dll注入到了别的进程 我想在这个dll里 来设置一个全局hook或者hook一个目标进程 但是我在dll里写了hook 但是 没有反应啊 没有被hook住 但是我用一个exe调用这个dll 他就hook全局成功 难道dll里没办法 hook全局或者某个进程吗?是不是dll线程不是主线程的原因啊?
现在问 有什么方法可以 在被注入的dll里 申请个hook hook全局或者hook某个进程的 鼠标事件?
现在问 有什么方法可以 在被注入的dll里 申请个hook hook全局或者hook某个进程的 鼠标事件?
...全文
当前发帖距今超过3年,不再开放新的回复
发表回复
linuxpgy 2008-06-10
你要的功能据我所知很难实现。 我刚刚想了一下,你可以试试如下方法:
DLL里要建立Hook,那么那个Hook fucntion需要在DLL里,但是因为你的dll是注入的,所以这个hook function 的地址不是固定的,所以,你需要自己去计算这个hook function 在目标进程中的地址,将其传递给SetWindowsHookEx函数,也许可以成功。
我没有试过,呵呵,自己去试试吧~
DLL里要建立Hook,那么那个Hook fucntion需要在DLL里,但是因为你的dll是注入的,所以这个hook function 的地址不是固定的,所以,你需要自己去计算这个hook function 在目标进程中的地址,将其传递给SetWindowsHookEx函数,也许可以成功。
我没有试过,呵呵,自己去试试吧~
- 打赏
- 举报
cba5796 2008-06-10
郁闷 没一个答案沾上边的
- 打赏
- 举报
coolerhero 2008-05-30
你是想要远程注入你的DLL到别的进程里.
其实用SetWindowsHookEx安装鼠标钩子就行了
SetWindowsHookEx( WH_GETMESSAGE, (HOOKPROC)MessageHook ,g_hinstDll ,processId )
其实用SetWindowsHookEx安装鼠标钩子就行了
SetWindowsHookEx( WH_GETMESSAGE, (HOOKPROC)MessageHook ,g_hinstDll ,processId )
- 打赏
- 举报
goodwinds 2008-05-30
全局Hook 做一个DLL,在DLL中调用SetWindowsHookEx,安装好钩子。这个钩子就可以拦截到所有进程了。
- 打赏
- 举报
cba5796 2008-05-23
兄弟 和我遇到一样的问题啦
有什麽进展告诉我一声啊
有什麽进展告诉我一声啊
- 打赏
- 举报
knowledge_Is_Life 2008-05-01
好像没那么简单,呵呵.
- 打赏
- 举报
ethan119 2008-01-24
API HOOK 实现
源自:《Windows API 编程》 P182
实现目标:拦截API函数MessageBoxA();
DLL部分:
HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//初始化
{
MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UnintallHook();//卸载钩子
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( “ApiHook.dll” );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHOOK )
{
MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
return ( false );
}
return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
hModule = LoadLibrary ( “user32.dll” );
pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
if( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACOde
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = true;
}
void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
if( !InstallHook())
{
MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
return 1;
}
MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
if(!UninstallHook())
{
MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
return 1;
}
return 0;
}
源自:《Windows API 编程》 P182
实现目标:拦截API函数MessageBoxA();
DLL部分:
HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//初始化
{
MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UnintallHook();//卸载钩子
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( “ApiHook.dll” );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHOOK )
{
MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
return ( false );
}
return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
hModule = LoadLibrary ( “user32.dll” );
pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
if( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACOde
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = true;
}
void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
if( !InstallHook())
{
MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
return 1;
}
MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
if(!UninstallHook())
{
MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
return 1;
}
return 0;
}
- 打赏
- 举报
ethan119 2008-01-24
API HOOK 实现
源自:《Windows API 编程》 P182
实现目标:拦截API函数MessageBoxA();
DLL部分:
HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//初始化
{
MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UnintallHook();//卸载钩子
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( “ApiHook.dll” );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHOOK )
{
MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
return ( false );
}
return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
hModule = LoadLibrary ( “user32.dll” );
pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
if( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACOde
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = true;
}
void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
if( !InstallHook())
{
MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
return 1;
}
MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
if(!UninstallHook())
{
MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
return 1;
}
return 0;
}
源自:《Windows API 编程》 P182
实现目标:拦截API函数MessageBoxA();
DLL部分:
HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
Int WINAPI MyMessageBoxA( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType);
BYTE OldMessageBoxACode[5] , NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld , dwIdNew;
BOOL bHook = false;
Void HookOn();
Void HookOff();
BOOL init();
LRESULT WINAPI MessageHook( int nCode , WPARAM wParam , LPARAM lParam);
BOOL APIENTRY DllMain( HANDLE hModule , DWORD ul_reason_for_call , LPVOID lpReserved)//DLL入口
{
switch( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if( !init() )//初始化
{
MessageBoxA( NULL , ”Init” , ”ERROR” , MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if( bHook) UnintallHook();//卸载钩子
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode , WPARAM wParam , LPARAM lParam );
{
return ( CallNextHookEx( g_hHook , nCode , wParam , lParam));
}
HOOKAPI2_API BOOL InstallHook()
{
g_hinstDll = LoadLibrary( “ApiHook.dll” );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE , ( HOOKPROC ) MessageHook , g_hinstDll , 0 );
if ( !g_hHOOK )
{
MessageBoxA( NULL , “SET ERROR” , “ERROR” , MB_OK );
return ( false );
}
return ( ture );
}
HOOKAPI2_API BOOL UninstallHook()
{
return ( UnHookWindowsHookEx(g_hHook) );
}
BOOL init()
{
hModule = LoadLibrary ( “user32.dll” );
pfMessageBoxA = GetProcAddress( hModule , “MessageBoxA” );
if( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACOde
mov esi,pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode [0] = 0xe9;
_asm
{
lea eax,MyMessageBoxA
mov ebx,pfMessageBoxA
sub eax,ebx
sub eax,5
mov dword ptr [NewMessageBoxACode+1],eax
}
dwIdNew = GetCurrentProcessId();
dwIdOld = dwIdNew;
HookOn();
return ( true );
}
int WINAPI MyMessageBoxA ( HWND hWnd , LPCTSTR lpText , LPCTSTR lpCaption , UINT uType )
{
int nReturn=0;
HookOff();
nReturn = MessageBoxA ( hWnd, “Hook”, lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess ( PROCESS_ALL_ACCESS , 0 , dwIdOld );
VirtualProtectEx( hProc , pfMessageBoxA, 5, PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, 5, NewMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, &dwIdOld );
bHook = true;
}
void HookOff()
{
HANDLE hProc;
dwIdOld =dwIdNew;
hProc = OpenProcess (PROCESS_ALL_ACCESS, 0,dwIdOld );
VirtualProtectEx(hProc, pfMessageBoxA,5,PAGE_READWRITE, &dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode,5,0);
VirtualProtectEx(hProc,pfMessageBoxA,5,dwIdOld,&dwIdOld);
bHook = false;
}
测试EXE部分
int APIENTRY WinMain( HINSTANCE hInstance, HINSTANCE hPrevIndtance, LPDTR lpCmdLine, int nCmdShow )
{
if( !InstallHook())
{
MessageBoxA(NULL, “Hook Error!”, “Hook”,MB_OK);
return 1;
}
MessageBoxA(NULL, “TEST”, “TEST” ,MB_OK );
if(!UninstallHook())
{
MessageBoxA(NULL, “Uninstall Error!”, “Hook”, MB_OK);
return 1;
}
return 0;
}
- 打赏
- 举报
qq14923349 2008-01-22
hook用处?
- 打赏
- 举报
cnzdgs 2008-01-21
你想Hook全局还是单个进程?
Hook全局用不找注入线程。做一个DLL,在DLL中调用SetWindowsHookEx,dwThreadId参数给0就行。
Hook全局用不找注入线程。做一个DLL,在DLL中调用SetWindowsHookEx,dwThreadId参数给0就行。
- 打赏
- 举报