用JMP方法拦截API函数在WIN98下面不能用吗?
//拦截方法没有用更改AIT, 而是用的JMP跳转, 在WIN2000/XP下面都能拦截. 就是在WIN98下面不能对指定的函数进行拦截, 不知道什么原因??
#include <windows>
#include <stdio.h>
typedef struct
{
FARPROC funcaddr;
BYTE olddata[5];
BYTE newdata[5];
}HOOKSTRUCT;
HOOKSTRUCT struct_DeleteFileA;
HOOKSTRUCT struct_DeleteFileW;
void HookOnOne(HOOKSTRUCT *hookfunc)
{
HANDLE hProc;
DWORD dwIdOld = GetCurrentProcessId();
hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, dwIdOld);
VirtualProtect(hookfunc->funcaddr, 5, PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc, hookfunc->funcaddr, hookfunc->newdata, 5, 0);
VirtualProtect(hookfunc->funcaddr, 5, dwIdOld, &dwIdOld);
}
void HookOffOne(HOOKSTRUCT *hookfunc)
{
HANDLE hProc;
DWORD dwIdOld = GetCurrentProcessId();
hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, dwIdOld);
VirtualProtect(hookfunc->funcaddr,5, PAGE_READWRITE, &dwIdOld);
WriteProcessMemory(hProc, hookfunc->funcaddr, hookfunc->olddata, 5, 0);
VirtualProtect(hookfunc->funcaddr, 5, dwIdOld, &dwIdOld);
}
//自定义的函数
BOOL WINAPI MyDeleteFileW(LPCTSTR lpFileName)
{
return TRUE;
}//自定义的函数
BOOL WINAPI MyDeleteFileA(LPCTSTR lpFileName)
{
return TRUE;
}
void MyFunc()
{
hookapi("kernel32.dll", "DeleteFileA", (DWORD)MyDeleteFileA, &struct_DeleteFileA);
hookapi("kernel32.dll", "DeleteFileW", (DWORD)MyDeleteFileW, &struct_DeleteFileW);
HookOnOne(&struct_DeleteFileA);
HookOnOne(&struct_DeleteFileW);
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved)
{
if(ul_reason_for_call == DLL_PROCESS_ATTACH)
MyFunc();
return TRUE;
}