HOOK API（JMP法）

 

#include <windows.h>

#ifndef _HOOK_API_JMP_
#define _HOOK_API_JMP_
class CHookApi_Jmp  
{
public: 
    HANDLE hProc; 
    void Unlock(void);
    void Lock(void); 
    BOOL Initialize(LPCTSTR ModuleName, LPCSTR ApiName, FARPROC lpNewFunc);
    void SetHookOn(void); 
    void SetHookOff(void); 
    CHookApi_Jmp(void); 
    virtual ~CHookApi_Jmp();

protected: 
    BYTE m_OldFunc[8]; 
    BYTE m_NewFunc[8]; 
    FARPROC m_lpHookFunc; 
    CRITICAL_SECTION m_cs;
};
#endif

//---------------------------------------------------------------------------
#include "stdafx.h"
#include "ApiHookLib.h"

#pragma warning(disable: 4311)
//---------------------------------------------------------------------------
CHookApi_Jmp::CHookApi_Jmp(void)
{ 
    InitializeCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
CHookApi_Jmp::~CHookApi_Jmp()
{ 
    CloseHandle(hProc); 
    DeleteCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOn(void)
{ 
    DWORD dwOldFlag;
    if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag))
    {  
        if(WriteProcessMemory(hProc,m_lpHookFunc,m_NewFunc,5,0))  
        {   
            if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))    
                return;  
        } 
    }  
    return;
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::SetHookOff(void)
{ 
    DWORD dwOldFlag; 
    if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag)) 
    {  
        if(WriteProcessMemory(hProc,m_lpHookFunc,m_OldFunc,5,0))  
        {   
            if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))    
                return;  
        }
    }
    return;
}
//---------------------------------------------------------------------------
BOOL CHookApi_Jmp::Initialize(LPCTSTR ModuleName, LPCSTR ApiName, FARPROC lpNewFunc)
{
    m_lpHookFunc = GetProcAddress(GetModuleHandle(ModuleName),ApiName);
    hProc = GetCurrentProcess();
    DWORD dwOldFlag;
    if(VirtualProtect(m_lpHookFunc,5,PAGE_READWRITE,&dwOldFlag)) 
    {  
        if(ReadProcessMemory(hProc,m_lpHookFunc,m_OldFunc,5,0))  
        {   
            if(VirtualProtect(m_lpHookFunc,5,dwOldFlag,&dwOldFlag))   
            {    
                m_NewFunc[0]=0xe9;    
                DWORD*pNewFuncAddress;    
                pNewFuncAddress=(DWORD*)&m_NewFunc[1];    
                *pNewFuncAddress=(DWORD)lpNewFunc-(DWORD)m_lpHookFunc-5;    
                return TRUE;   
            }  
        }
    }
    return FALSE;
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::Lock(void) //多线程下使用
{
    EnterCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------
void CHookApi_Jmp::Unlock(void)
{ 
    LeaveCriticalSection(&m_cs);
}
//---------------------------------------------------------------------------

// HookApi.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include "ApiHookLib.h"

CHookApi_Jmp Hook;

int __stdcall HOOK_MessageBox( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption,UINT uType)
{
    printf("HOOK_MessageBox Called!\r\n");

    Hook.SetHookOff();
    int iRet = MessageBox(hWnd,lpText,TEXT("hook到了!"),uType);
    Hook.SetHookOn();

    return iRet;
}

int _tmain(int argc, _TCHAR* argv[])
{
    Hook.Initialize(TEXT("User32.dll"),"MessageBoxW",(FARPROC)HOOK_MessageBox);
    Hook.SetHookOn();
    MessageBox(NULL,TEXT("Hooked User32.dll MessageBoxW."),TEXT("SetHookOn"),MB_OK);
    Hook.SetHookOff();
    MessageBox(NULL,TEXT("UnHooked User32.dll MessageBoxW."),TEXT("SetHookOff"),MB_OK);

    return getchar();
}