VC++实现全局钩子勾住消息对话框-白红宇

VC++实现全局钩子勾住消息对话框

阅读量：5137 次

发布时间：2019-06-13

本文共 2768 字，大约阅读时间需要 9 分钟。

#ifndef _HOOKAPI_H #define _HOOKAPI_H   class CHOOKAPI { public: 	LPVOID	pOldFunEntry, pNewFunEntry ;	// 初始函数地址、HOOK后的函数地址 	BYTE	bOldByte[5], bNewByte[5] ;		// 原始字节、目标字节  public: 	CHOOKAPI () {} 	~CHOOKAPI() {} 	// 实现HOOK API 	void Hook ( PSTR szModuleName, PSTR szFunName, FARPROC pFun ) 	{	 		HMODULE	hMod = ::GetModuleHandleA ( szModuleName ) ; 		if ( hMod != NULL ) 		{ 			pNewFunEntry	= (LPVOID)pFun ; 			pOldFunEntry	= (LPVOID)GetProcAddress ( hMod, szFunName ) ; 			bNewByte[0]		= 0xE9 ; 			*((PDWORD)(&(bNewByte[1])))	= (DWORD)pNewFunEntry - (DWORD)pOldFunEntry - 5 ;   			DWORD   dwProtect, dwWriteByte, dwReadByte ;  			VirtualProtect ( (LPVOID)pOldFunEntry, 5, PAGE_READWRITE, &dwProtect ); 			ReadProcessMemory	( GetCurrentProcess(), (LPVOID)pOldFunEntry, bOldByte, 5, &dwReadByte ) ;		 			WriteProcessMemory	( GetCurrentProcess(), (LPVOID)pOldFunEntry, bNewByte, 5, &dwWriteByte ) ; 			VirtualProtect ( (LPVOID)pOldFunEntry, 5, dwProtect, NULL ) ; 		} 	} 	// 重新HOOK 	void ReHook () 	{ 		DWORD	dwProtect, dwWriteByte ; 		VirtualProtect ( pOldFunEntry, 5, PAGE_READWRITE, &dwProtect ); 		WriteProcessMemory ( GetCurrentProcess(), pOldFunEntry, bNewByte, 5, &dwWriteByte ) ; 		VirtualProtect ( pOldFunEntry, 5, dwProtect, NULL ) ; 	} 	// 撤消HOOK 	void UnHook () 	{ 		DWORD	dwProtect, dwWriteByte ; 		VirtualProtect ( pOldFunEntry, 5, PAGE_READWRITE, &dwProtect ); 		WriteProcessMemory ( GetCurrentProcess(), pOldFunEntry, bOldByte, 5, &dwWriteByte ) ; 		VirtualProtect ( pOldFunEntry, 5, dwProtect, NULL ) ; 	} } ;  #endif

#include 
    
        #include "HookApi.h"      CHOOKAPI    HookItem ;      // 定义MessageBoxA函数原型   typedef int (WINAPI* PFNMessageBoxA)( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType ) ;      // 自定义的MessageBoxA函数   // 实现对原始MessageBoxA的输入、输出参数的监控，甚至是取消调用   int WINAPI NEW_MessageBoxA( HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType )   {       // 撤消HOOK       HookItem.UnHook () ;          // 此处可以观察/修改调用参数，甚至可以取消调用直接返回。       // ……          // 取得原函数地址       PFNMessageBoxA pfnMessageBoxA = (PFNMessageBoxA)HookItem.pOldFunEntry ;          // 调用原函数，修改输入参数       int ret = pfnMessageBoxA ( hWnd, "这是HOOK函数过程的消息框", "[测试]", uType ) ;          // 此处可以查看/修改调用原函数的返回值       // ……          // 重新HOOK       HookItem.ReHook () ;          return ret ;   }      int WINAPI WinMain ( HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )   {       // 原始API       MessageBoxA ( 0, "正常消息框", "测试", 0 ) ;          // HOOK API       HookItem.Hook ( "USER32.dll", "MessageBoxA", (FARPROC)NEW_MessageBoxA ) ;              // 调用API，测试       MessageBoxA ( 0, "正常消息框", "测试", 0 ) ;          // 撤消HOOK       HookItem.UnHook () ;       return 0 ;   }

转载于:https://www.cnblogs.com/new0801/archive/2012/10/09/6177704.html

你可能感兴趣的文章

SQL更新某列包含XX的所有值

查看>>

网易味央第二座猪场落户江西面积超过3300亩