关于HOOK API拦截不到想要拦截的函数问题
希望能够帮帮小弟
程序源代码:
void CTestAPIDlg::OnHook()
{
// TODO: Add your control notification handler code here
HMODULE m_hdl = GetModuleHandle(NULL);
HMODULE m_hdldll=LoadLibrary("User32.dll");
FARPROC m_ProAdd = GetProcAddress(m_hdldll,"MessageBoxA");
//pf*m_pf=MessageBoxQ;
//fp=MessageBox;
ReplaceIATEntryInOneMod("User32.dll" , m_ProAdd , (PROC)MessageBoxQ , m_hdl);
}
void CTestAPIDlg::ReplaceIATEntryInOneMod(PCSTR pszCalleeModName, PROC pfnCurrent, PROC pfnNew, HMODULE hmodCaller)
{
ULONG ulSize;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc = NULL;
__try {
pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR) ImageDirectoryEntryToData(
hmodCaller, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &ulSize);
}
__except (InvalidReadExceptionFilter(GetExceptionInformation())) {
}
if (pImportDesc == NULL)
return; // This module has no import section or is no longer loaded
for (; pImportDesc->Name; pImportDesc++)
{
PSTR pszModName = (PSTR) ((PBYTE) hmodCaller + pImportDesc->Name);
if (lstrcmpiA(pszModName, pszCalleeModName) == 0)
{
PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)
((PBYTE) hmodCaller + pImportDesc->FirstThunk);
// Replace current function address with new function address
for (; pThunk->u1.Function; pThunk++)
{
// Get the address of the function address
PROC* ppfn = (PROC*) &pThunk->u1.Function;
// Is this the function we're looking for?
BOOL bFound = (*ppfn == pfnCurrent);
if (bFound)
{
if (!WriteProcessMemory(GetCurrentProcess(), ppfn, &pfnNew, sizeof(pfnNew), NULL) && (ERROR_NOACCESS == GetLastError()))
{
DWORD dwOldProtect;
if (VirtualProtect(ppfn, sizeof(pfnNew), PAGE_WRITECOPY, &dwOldProtect))
{
WriteProcessMemory(GetCurrentProcess(), ppfn, &pfnNew, sizeof(pfnNew), NULL);
VirtualProtect(ppfn, sizeof(pfnNew), dwOldProtect, &dwOldProtect);
}
}
return; // We did it, get out
}
}
} // Each import section is parsed until the right entry is found and patched
}
}
void CTestAPIDlg::OnMsgbox()
{
// TODO: Add your control notification handler code here
MessageBoxA("没有被截取到!");
}