16,472
社区成员
发帖
与我相关
我的任务
分享Hook WriteProcessMemory
刚学习APIHOOK。下了一个示例,是HOOK MessageBox,Detour版本的。
它是直接修改参数的:
请问如果我要Hook WriteProcessMemory 得到它写入的地址跟内容 要怎么做呢?
例如要把HOOK到的地址跟内容保存到控件文本上要怎么做?
它是直接修改参数的:
int nResult=CopyMessageBoxA(hWnd,"Haha,Detours Hooked!",lpCaption,uType); //call origin function
请问如果我要Hook WriteProcessMemory 得到它写入的地址跟内容 要怎么做呢?
例如要把HOOK到的地址跟内容保存到控件文本上要怎么做?
...全文
请发表友善的回复…
发表回复
rockago 2010-05-29
- 打赏
- 举报
没人可以帮帮我么
rockago 2010-05-29
- 打赏
- 举报
[Quote=引用 4 楼 lisunlin0 的回复:]
你安装钩子了吗?
就大约是
ULONG init()
{
ULONG uRet = 0;
uRet |= DetourTransactionBegin();
uRet |= DetourUpdateThread(GetCurrentThread());
uRet |= DetourAttach(&(PVOID&) CopyWriteProcessMemory, M……
[/Quote]
是不是这样?
你安装钩子了吗?
就大约是
ULONG init()
{
ULONG uRet = 0;
uRet |= DetourTransactionBegin();
uRet |= DetourUpdateThread(GetCurrentThread());
uRet |= DetourAttach(&(PVOID&) CopyWriteProcessMemory, M……
[/Quote]
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
OutputDebugString("Detour dll Load!");
DetourFunctionWithTrampoline((PBYTE)CopyWriteProcessMemory, (PBYTE)MyWriteProcessMemory);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
OutputDebugString("Detour dll Exit!");
DetourRemove((PBYTE)CopyWriteProcessMemory, (PBYTE)MyWriteProcessMemory);
break;
}
return TRUE;
}
是不是这样?
sunlin7 2010-05-29
- 打赏
- 举报
你安装钩子了吗?
就大约是
ULONG init()
{
ULONG uRet = 0;
uRet |= DetourTransactionBegin();
uRet |= DetourUpdateThread(GetCurrentThread());
uRet |= DetourAttach(&(PVOID&) CopyWriteProcessMemory, MyWriteProcessMemory);
}
就大约是
ULONG init()
{
ULONG uRet = 0;
uRet |= DetourTransactionBegin();
uRet |= DetourUpdateThread(GetCurrentThread());
uRet |= DetourAttach(&(PVOID&) CopyWriteProcessMemory, MyWriteProcessMemory);
}
rockago 2010-05-29
- 打赏
- 举报
不过奇怪 我把那个例子改成FindWindowA却可以 好象Detour版本是1.5的。
rockago 2010-05-29
- 打赏
- 举报
[Quote=引用 2 楼 sanguomi 的回复:]
MessageBox 一般引入式钩子就行了,
WriteProcessMemory 引入式钩估计钩不到,得用陷阱式的
[/Quote]
请问能不能说说引入式跟陷阱式的区别?
MessageBox 一般引入式钩子就行了,
WriteProcessMemory 引入式钩估计钩不到,得用陷阱式的
[/Quote]
请问能不能说说引入式跟陷阱式的区别?
sanguomi 2010-05-29
- 打赏
- 举报
MessageBox 一般引入式钩子就行了,
WriteProcessMemory 引入式钩估计钩不到,得用陷阱式的
WriteProcessMemory 引入式钩估计钩不到,得用陷阱式的
rockago 2010-05-29
- 打赏
- 举报
弄了一晚上还没弄出来 而且为什么我HOOK他的第3个参数 让他无论修改什么内容都修改成我定义的 但是也没成功。
请问谁能帮帮我?帮我解决这两个疑惑
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // number of bytes written
);
DETOUR_TRAMPOLINE(BOOL WINAPI CopyWriteProcessMemory(HANDLE, LPVOID, LPVOID, DWORD, LPDWORD), WriteProcessMemory);
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten) // number of bytes written
{
int a=0;
BOOL nResult=WriteProcessMemory(hProcess,lpBaseAddress,&a,nSize,lpNumberOfBytesWritten); //call origin function
return nResult;
}
请问谁能帮帮我?帮我解决这两个疑惑
fishion 2010-05-29
- 打赏
- 举报
http://www.codeproject.com/KB/DLL/funapihook.aspx
看下这个吧
看下这个吧
rockago 2010-05-29
- 打赏
- 举报
[Quote=引用 1 楼 rockago 的回复:]
弄了一晚上还没弄出来 而且为什么我HOOK他的第3个参数 让他无论修改什么内容都修改成我定义的 但是也没成功。
C/C++ code
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // b……
[/Quote]
MyWriteProcessMemory写错了 应该是CopyWriteProcessMemory 但是我改了 还是不行
弄了一晚上还没弄出来 而且为什么我HOOK他的第3个参数 让他无论修改什么内容都修改成我定义的 但是也没成功。
C/C++ code
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // b……
[/Quote]
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // number of bytes written
);
DETOUR_TRAMPOLINE(BOOL WINAPI CopyWriteProcessMemory(HANDLE, LPVOID, LPVOID, DWORD, LPDWORD), WriteProcessMemory);
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten) // number of bytes written
{
int a=0;
BOOL nResult=CopyWriteProcessMemory(hProcess,lpBaseAddress,&a,nSize,lpNumberOfBytesWritten); //call origin function
return nResult;
}
MyWriteProcessMemory写错了 应该是CopyWriteProcessMemory 但是我改了 还是不行
rockago 2010-05-29
- 打赏
- 举报
谁能帮帮我
