64,642
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
Lactoferrin 2012-03-19
- 打赏
- 举报
[Quote=引用 7 楼 aaseh 的回复:]
哎,没一个会的。
[/Quote]
我给你现成的代码估计你也看不懂
要自己查资料
哎,没一个会的。
[/Quote]
我给你现成的代码估计你也看不懂
要自己查资料
lygf666 2012-03-19
- 打赏
- 举报
[Quote=引用 7 楼 aaseh 的回复:]
哎,没一个会的。
[/Quote]
我告诉你去到哪里查资料了,还这样说。你以为这种问题是1+1等于几,说个答案你就能懂的吗。别人书上几十页的资料讲这个,我们怎么用一点点文字跟你说清楚。
哎,没一个会的。
[/Quote]
我告诉你去到哪里查资料了,还这样说。你以为这种问题是1+1等于几,说个答案你就能懂的吗。别人书上几十页的资料讲这个,我们怎么用一点点文字跟你说清楚。
xiaohuh421 2012-03-16
- 打赏
- 举报
Hook API
lygf666 2012-03-16
- 打赏
- 举报
windows核心编程 第22章
赵4老师 2012-03-16
- 打赏
- 举报
用SoftSnoop软件
aaseh 2012-03-16
- 打赏
- 举报
哎,没一个会的。
Furney 2012-03-16
- 打赏
- 举报
去学习HOOK编程就了解啦。
aaseh 2012-03-16
- 打赏
- 举报
求高人讲解
1
1
lwanttowin 2012-03-16
- 打赏
- 举报
1.注入你自己的dll
LZ可用detour库的DetourCreateProcessWithDll来做这个事情
2.对api下钩子类似于这样
typedef HANDLE (WINAPI *CreateFileFuncType)(
LPCTSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
HANDLE hTemplateFile
);
CreateFileFuncType pCreateFile = NULL;
BOOL WINAPI HookCreateProcess(
__in_opt LPCSTR lpApplicationName,
__inout_opt LPSTR lpCommandLine,
__in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes,
__in BOOL bInheritHandles,
__in DWORD dwCreationFlags,
__in_opt LPVOID lpEnvironment,
__in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo,
__out LPPROCESS_INFORMATION lpProcessInformation
)
{
TRACE("HookCreateProcess %s", lpApplicationName);
BOOL ret = pCreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
AfxMessageBox(L"attach Create process");
DetourRemove((PBYTE)pCreateProcess, (PBYTE)HookCreateProcess);
return ret;
}
BOOL CTestApp::InitInstance()
{
HMODULE handle = LoadLibrary(TEXT("kernel32.dll"));
if (handle != NULL)
{
pCreateFile = (CreateFileFuncType)GetProcAddress(handle, "CreateFileW");
}
pCreateFile = (CreateFileFuncType)DetourFunction((PBYTE)pCreateFile, (PBYTE)HookCreateFile);
}
LZ可用detour库的DetourCreateProcessWithDll来做这个事情
2.对api下钩子类似于这样
typedef HANDLE (WINAPI *CreateFileFuncType)(
LPCTSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
HANDLE hTemplateFile
);
CreateFileFuncType pCreateFile = NULL;
BOOL WINAPI HookCreateProcess(
__in_opt LPCSTR lpApplicationName,
__inout_opt LPSTR lpCommandLine,
__in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes,
__in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes,
__in BOOL bInheritHandles,
__in DWORD dwCreationFlags,
__in_opt LPVOID lpEnvironment,
__in_opt LPCSTR lpCurrentDirectory,
__in LPSTARTUPINFOA lpStartupInfo,
__out LPPROCESS_INFORMATION lpProcessInformation
)
{
TRACE("HookCreateProcess %s", lpApplicationName);
BOOL ret = pCreateProcess(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes,
bInheritHandles, dwCreationFlags, lpEnvironment, lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
AfxMessageBox(L"attach Create process");
DetourRemove((PBYTE)pCreateProcess, (PBYTE)HookCreateProcess);
return ret;
}
BOOL CTestApp::InitInstance()
{
HMODULE handle = LoadLibrary(TEXT("kernel32.dll"));
if (handle != NULL)
{
pCreateFile = (CreateFileFuncType)GetProcAddress(handle, "CreateFileW");
}
pCreateFile = (CreateFileFuncType)DetourFunction((PBYTE)pCreateFile, (PBYTE)HookCreateFile);
}
