这个这段代码什么地方有问题? (拦截API的)
目标进程执行这段代码后就会非法操作. 各位老大帮我看看什么地方出了问题:
#include <windows.h>
#include <stdio.h>
#include <stddef.h>
#include <WinInet.h>
#pragma comment(lib, "WinInet.lib")
#pragma comment(lib, "ImageHlp.lib")
typedef struct
{
FARPROC funcaddr;
BYTE olddata[5];
BYTE newdata[5];
}HOOKSTRUCT;
HMODULE hModule ;
HOOKSTRUCT InternetConnectA_API;
//拦截开关
void HookOnOff(HOOKSTRUCT *hookfunc, bool DOUNT)
{
HANDLE hProc;
DWORD dwIdOld = GetCurrentProcessId();
hProc = OpenProcess(PROCESS_ALL_ACCESS, 0, dwIdOld);
VirtualProtectEx(hProc, hookfunc->funcaddr, 5, PAGE_READWRITE, &dwIdOld);
if(DOUNT)
WriteProcessMemory(hProc, hookfunc->funcaddr, hookfunc->newdata, 5, 0)
else
WriteProcessMemory(hProc, hookfunc->funcaddr, hookfunc->olddata, 5, 0);
VirtualProtectEx(hProc, hookfunc->funcaddr, 5, dwIdOld, &dwIdOld);
}
//获取被拦截函数信息
BOOL hookapi(char *dllname, char *procname, DWORD myfuncaddr, HOOKSTRUCT *hookfunc)
{
hModule = LoadLibrary(dllname);
hookfunc->funcaddr = GetProcAddress(hModule, procname);
if(hookfunc->funcaddr == NULL)
return false;
memcpy(hookfunc->olddata, hookfunc->funcaddr, 6);
hookfunc->newdata[0] = 0xe9;
DWORD jmpaddr = myfuncaddr - (DWORD)hookfunc->funcaddr - 5;
memcpy(&hookfunc->newdata[1], &jmpaddr, 5);
return true;
}
//准备用于替换原始函数的函数
HINTERNET MyInternetConnectA(HINTERNET hInternet,
LPCSTR lpszServerName,
INTERNET_PORT nServerPort,
LPCSTR lpszUsername,
LPCSTR lpszPassword,
DWORD dwService,
DWORD dwFlags,
DWORD dwContext)
{
HINTERNET RetConn = NULL;
HookOnOff(&InternetConnectA_API, false);
char tmp[128];
sprintf(tmp, "%s:%d\r\n", lpszServerName, nServerPort);
LogFile(tmp, "InternteConnectA.txt");
RetConn = ::InternetConnectA(hInternet,
lpszServerName,
nServerPort,
lpszUsername,
lpszPassword,
dwService,
dwFlags,
dwContext);
HookOnOff(&InternetConnectA_API, true);
return(RetConn);
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if(hookapi("WININET.DLL",
"InternetConnectA",
(DWORDMyInternetConnectA,
&InternetConnectA_API))
{
HookOnOff(&InternetConnectA_API, true);
}
break;
}
}