15,467
社区成员
发帖
与我相关
我的任务
分享截获getprocaddress遇到的问题.
我用了hook import table 的方法来截获getprocaddress,可是运行其它程序就非法操作
typedef struct _APIHOOK32_ENTRY
{
LPCTSTR pszAPIName; //api 函数名
LPCTSTR pszCalleeModuleName; //api所在的dll文件名
PROC pfnOriginApiAddress; //原地址
PROC pfnDummyFuncAddress; //新地址
HMODULE hModCallerModule;
}APIHOOK32_ENTRY, *PAPIHOOK32_ENTRY;
//引用一位高手的代码 :)
BOOL C123App::InitInstance()
{
i=GetModuleHandle("kernel32.dll");
hkG.hModCallerModule = NULL;
hkG.pszAPIName = "GetProcAddress";
hkG.pszCalleeModuleName ="kernel32.dll";
hkG.pfnDummyFuncAddress = (PROC) & MyGet;
hkG.pfnOriginApiAddress = GetProcAddress(i,"GetProcAddress");//
get1=(FARPROC (__stdcall *)(HMODULE, LPCSTR ))(GetProcAddress(i,"GetProcAddress"));
SetWindowsAPIHook(&hkG);
}
int C123App::ExitInstance()
{
UnhookWindowsAPIHooks(hkG);
}
问题出在哪里呢?
typedef struct _APIHOOK32_ENTRY
{
LPCTSTR pszAPIName; //api 函数名
LPCTSTR pszCalleeModuleName; //api所在的dll文件名
PROC pfnOriginApiAddress; //原地址
PROC pfnDummyFuncAddress; //新地址
HMODULE hModCallerModule;
}APIHOOK32_ENTRY, *PAPIHOOK32_ENTRY;
//引用一位高手的代码 :)
BOOL C123App::InitInstance()
{
i=GetModuleHandle("kernel32.dll");
hkG.hModCallerModule = NULL;
hkG.pszAPIName = "GetProcAddress";
hkG.pszCalleeModuleName ="kernel32.dll";
hkG.pfnDummyFuncAddress = (PROC) & MyGet;
hkG.pfnOriginApiAddress = GetProcAddress(i,"GetProcAddress");//
get1=(FARPROC (__stdcall *)(HMODULE, LPCSTR ))(GetProcAddress(i,"GetProcAddress"));
SetWindowsAPIHook(&hkG);
}
int C123App::ExitInstance()
{
UnhookWindowsAPIHooks(hkG);
}
问题出在哪里呢?
...全文
请发表友善的回复…
发表回复
