Chinaunix首页 | 论坛 | 博客

laomms的博客

首页 |  博文目录 |  关于我

langxang

  • 博客访问: 1049118
  • 博文数量: 50
  • 博客积分: 10000
  • 博客等级: 上将
  • 技术积分: 2037
  • 用 户 组: 普通用户
  • 注册时间: 2007-04-05 08:03
文章分类

全部博文(50)

文章存档

2011年(1)

2010年(3)

2009年(17)

2008年(29)

我的朋友
最近访客
推荐博文
相关博文
HookAPI实例源码

分类: WINDOWS

2009-05-18 22:28:41

 

.586
.model flat, stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include HookApiTest.inc
includelib kernel32.lib
includelib user32.lib
_ProtoHookAPI typedef proto :dword,:dword,:dword
_ProtoUnHookAPI typedef proto :dword
_ProtoMessageBoxA typedef proto :dword,:dword,:dword,:dword
_HookAPI typedef ptr _ProtoHookAPI
_UnHookAPI typedef ptr _ProtoUnHookAPI
_MessageBoxA typedef ptr _ProtoMessageBoxA
.data?
HookAPI _HookAPI ?
UnHookAPI _UnHookAPI ?
lpMessageBoxA _MessageBoxA ?
DllPath db MAX_PATH dup (?)
hDll dd ?
ofn OPENFILENAME <>
startinfo STARTUPINFO <>
processInfo PROCESS_INFORMATION <>
Pid dd ?
buffer db 1024 dup(?)
CTEXT macro Text:VARARG
 local szText
 .data
         szText byte Text, 0
 .code
  exitm <offset szText>
         endm
.code
;/////////////////////////
;加载HookAPI.dll
;/////////////////////////
LoadDll proc
LOCAL hFile,dwBytesWritten:dword
 invoke GetTempPath, sizeof DllPath, addr DllPath
 invoke lstrcat, addr DllPath, CTEXT("temp.dll")
 invoke CreateFile, addr DllPath, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_ARCHIVE or FILE_ATTRIBUTE_NORMAL or FILE_ATTRIBUTE_SYSTEM, 0
        mov hFile,eax
        invoke WriteFile, hFile, addr dllfile, dlllength, addr dwBytesWritten, 0
        invoke CloseHandle,hFile
        invoke LoadLibrary,addr DllPath
        mov hDll,eax
        invoke GetProcAddress, hDll, CTEXT("HookAPI")
        mov HookAPI,eax
        invoke GetProcAddress, hDll, CTEXT("UnHookAPI")
        mov UnHookAPI,eax
        ;invoke CloseHandle,hFile
 ret
LoadDll endp
;/////////////////////////
;卸载HookAPI.dll
;/////////////////////////
FreeDll proc
        invoke FreeLibrary, hDll
        mov ecx, 0
@@:
        inc ecx
        cmp ecx, 100
        je @f
        invoke DeleteFile,addr DllPath
        cmp eax, TRUE
        jne @b
@@:
 ret
FreeDll endp
myMessageBoxA proc hWnd,lpszText,lpszTitle,dwFlag
 invoke lpMessageBoxA,hWnd,CTEXT("内容被HOOK了"),CTEXT("标题被HOOK了"),dwFlag
 ret
myMessageBoxA endp

start:
        invoke LoadDll
        invoke HookAPI,CTEXT("user32.dll"),CTEXT("MessageBoxA"),offset myMessageBoxA
        mov lpMessageBoxA, eax
        invoke MessageBox,0,0,0,0
        invoke UnHookAPI,lpMessageBoxA
        invoke MessageBox,0,0,0,0
        invoke FreeDll
        invoke ExitProcess,0
        
end start

将HOOKAPI.DLL直接写入到inc文件中:

.data
dlllength dd 5120
dllfile db 77,90,144,0,3,0,0,0,4,0,0,0,255,255,0,0
db 184,0,0,0,0,0,0,0,64,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,184,0,0,0
db 14,31,186,14,0,180,9,205,33,184,1,76,205,33,84,104
db 105,115,32,112,114,111,103,114,97,109,32,99,97,110,110,111
db 116,32,98,101,32,114,117,110,32,105,110,32,68,79,83,32
db 109,111,100,101,46,13,13,10,36,0,0,0,0,0,0,0
db 56,25,93,41,124,120,51,122,124,120,51,122,124,120,51,122
db 128,88,33,122,125,120,51,122,242,103,32,122,105,120,51,122
db 82,105,99,104,124,120,51,122,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,80,69,0,0,76,1,4,0
db 48,219,47,72,0,0,0,0,0,0,0,0,224,0,14,33
db 11,1,5,12,0,8,0,0,0,8,0,0,0,0,0,0
db 127,21,0,0,0,16,0,0,0,32,0,0,0,0,0,16
db 0,16,0,0,0,2,0,0,4,0,0,0,0,0,0,0
db 4,0,0,0,0,0,0,0,0,80,0,0,0,4,0,0
db 27,15,1,0,2,0,0,0,0,0,16,0,0,16,0,0
db 0,0,16,0,0,16,0,0,0,0,0,0,16,0,0,0
db 224,33,0,0,90,0,0,0,72,32,0,0,40,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,64,0,0,72,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,32,0,0,72,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 46,116,101,120,116,0,0,0,6,6,0,0,0,16,0,0
db 0,8,0,0,0,4,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,32,0,0,96,46,114,100,97,116,97,0,0
db 58,2,0,0,0,32,0,0,0,4,0,0,0,12,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,64
db 46,100,97,116,97,0,0,0,36,0,0,0,0,48,0,0
db 0,2,0,0,0,16,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,64,0,0,192,46,114,101,108,111,99,0,0
db 92,0,0,0,0,64,0,0,0,2,0,0,0,18,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,64,0,0,66
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 17,17,40,0,17,17,40,0,17,17,40,0,17,17,40,0
db 17,17,40,240,17,17,40,240,17,17,40,240,17,17,40,240
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,17,255,255,137,35,0,0,34,34,34,34,34,34,34,34
db 57,51,17,17,17,17,17,17,0,0,0,0,0,192,0,0
db 136,136,0,0,40,0,0,0,34,34,34,34,136,136,136,136
db 51,64,17,57,96,64,2,0,17,17,34,0,17,17,17,17
db 34,34,34,34,136,194,0,0,240,255,0,17,0,0,0,17
db 17,17,224,0,0,238,225,3,17,17,17,17,30,238,238,238
db 17,17,30,30,17,17,17,17,0,0,0,238,238,238,238,238
db 17,17,17,17,17,17,17,17,17,17,17,17,17,17,17,17
db 17,17,17,17,17,17,17,17,51,51,17,16,17,17,17,17
db 136,136,136,136,136,136,136,136,17,17,17,17,17,17,17,17
db 0,1,49,17,0,1,49,17,17,17,17,17,238,49,17,17
db 17,49,51,49,0,0,0,0,225,17,17,17,17,17,17,17
db 17,17,17,17,17,17,17,17,225,17,17,17,17,17,17,30
db 85,139,236,86,83,139,117,8,51,201,51,192,51,219,153,172
db 138,200,60,15,116,15,102,129,126,255,205,32,117,10,70,173
db 233,0,1,0,0,172,254,196,209,232,138,128,0,16,0,16
db 114,3,193,232,4,131,224,15,147,128,251,14,15,132,239,0
db 0,0,128,251,15,116,75,11,219,15,132,214,0,0,0,15
db 186,243,0,114,91,15,186,243,1,15,130,192,0,0,0,15
db 186,243,2,15,130,181,0,0,0,128,227,247,128,249,160,114
db 19,128,249,163,119,14,246,197,2,15,133,159,0,0,0,233
db 152,0,0,0,246,197,1,15,132,143,0,0,0,233,140,0
db 0,0,128,249,102,116,17,128,249,103,15,133,106,255,255,255
db 128,205,2,233,98,255,255,255,128,205,1,233,90,255,255,255
db 172,128,249,247,116,5,128,249,246,117,18,168,56,117,14,246
db 193,1,116,8,246,197,1,117,2,70,70,70,70,139,208,36
db 7,246,194,192,116,19,15,138,93,255,255,255,120,50,246,197
db 2,117,60,60,4,116,55,235,54,246,197,2,116,9,60,6
db 116,44,233,66,255,255,255,60,4,117,12,172,36,7,60,5
db 116,26,233,50,255,255,255,60,5,116,17,233,41,255,255,255
db 246,197,2,117,9,60,4,116,2,235,1,70,70,70,70,70
db 233,20,255,255,255,43,117,8,131,254,15,119,4,139,198,235
db 3,51,192,72,91,94,201,194,4,0,85,139,236,96,139,117
db 8,139,125,16,139,69,12,255,112,12,143,135,180,0,0,0
db 255,112,8,143,135,184,0,0,0,80,143,135,196,0,0,0
db 97,184,0,0,0,0,201,195,85,139,236,131,196,240,255,117
db 8,106,0,104,255,15,31,0,232,89,3,0,0,133,192,15
db 132,190,0,0,0,137,69,252,255,117,12,232,112,3,0,0
db 137,69,248,106,4,104,0,16,0,0,255,117,248,106,0,255
db 117,252,232,53,3,0,0,11,192,117,13,255,117,252,232,237
db 2,0,0,233,139,0,0,0,137,69,240,141,69,244,80,255
db 117,248,255,117,12,255,117,240,255,117,252,232,42,3,0,0
db 11,192,117,29,104,0,64,0,0,255,117,248,255,117,240,255
db 117,252,232,251,2,0,0,255,117,252,232,177,2,0,0,235
db 82,104,0,48,0,16,232,183,2,0,0,104,13,48,0,16
db 80,232,178,2,0,0,106,0,106,0,255,117,240,80,106,0
db 106,0,255,117,252,232,140,2,0,0,106,255,80,232,210,2
db 0,0,104,0,64,0,0,255,117,248,255,117,240,255,117,252
db 232,173,2,0,0,255,117,252,232,99,2,0,0,51,192,201
db 194,8,0,232,100,2,0,0,201,194,8,0,104,120,86,52
db 18,80,184,120,86,52,18,255,72,8,88,195,131,196,4,80
db 87,191,120,86,52,18,139,68,36,8,137,7,184,120,86,52
db 18,137,68,36,8,184,120,86,52,18,255,64,8,95,88,233
db 0,0,0,0,85,139,236,131,196,224,87,86,255,117,8,232
db 30,2,0,0,255,117,12,80,232,27,2,0,0,11,192,117
db 6,94,95,201,194,12,0,137,69,252,131,61,32,48,0,16
db 0,117,29,106,0,104,0,4,0,0,106,1,232,3,2,0
db 0,11,192,117,6,94,95,201,194,12,0,163,28,48,0,16
db 255,5,32,48,0,16,106,112,106,9,255,53,28,48,0,16
db 232,217,1,0,0,11,192,117,6,94,95,201,194,12,0,139
db 208,255,117,252,143,2,141,66,40,137,66,12,190,92,19,0
db 16,141,122,40,51,201,138,6,136,7,65,70,71,129,249,40
db 0,0,0,114,241,141,122,40,139,247,131,198,36,139,69,16
db 43,198,131,232,4,137,71,36,141,66,88,137,71,17,137,87
db 26,190,76,19,0,16,141,122,88,51,201,138,6,136,7,65
db 70,71,129,249,16,0,0,0,114,241,141,122,88,137,87,7
db 141,114,88,141,122,40,70,137,119,6,51,201,82,81,255,117
db 252,232,154,252,255,255,89,3,200,1,69,252,131,249,6,114
db 236,90,137,74,4,139,50,141,122,16,138,6,136,7,73,70
db 71,133,201,117,245,198,7,233,255,117,252,143,71,1,41,127
db 1,184,5,0,0,0,41,71,1,139,58,82,87,106,28,141
db 69,224,80,87,232,69,1,0,0,141,69,252,80,106,64,255
db 117,236,255,117,224,232,46,1,0,0,95,90,198,7,255,198
db 71,1,21,141,66,12,137,71,2,82,141,69,252,80,255,117
db 252,255,117,236,255,117,224,232,12,1,0,0,90,141,66,16
db 94,95,201,194,12,0,85,139,236,131,196,224,87,86,85,141
db 131,58,18,0,16,80,100,255,53,0,0,0,0,100,137,37
db 0,0,0,0,139,85,8,131,234,16,139,66,8,11,192,116
db 11,184,1,0,0,0,94,95,201,194,4,0,82,106,28,141
db 69,228,80,255,50,232,196,0,0,0,141,69,224,80,106,64
db 255,117,240,255,117,228,232,173,0,0,0,90,141,114,16,139
db 58,139,74,4,138,6,136,7,73,70,71,133,201,117,245,82
db 106,1,255,53,28,48,0,16,232,115,0,0,0,255,13,32
db 48,0,16,131,61,32,48,0,16,0,117,11,255,53,28,48
db 0,16,232,83,0,0,0,51,192,94,95,201,194,4,0,85
db 139,236,131,125,12,1,117,7,184,1,0,0,0,235,13,131
db 125,12,0,117,7,106,0,232,4,0,0,0,201,194,12,0
db 255,37,0,32,0,16,255,37,4,32,0,16,255,37,8,32
db 0,16,255,37,12,32,0,16,255,37,16,32,0,16,255,37
db 20,32,0,16,255,37,24,32,0,16,255,37,28,32,0,16
db 255,37,32,32,0,16,255,37,36,32,0,16,255,37,40,32
db 0,16,255,37,44,32,0,16,255,37,48,32,0,16,255,37
db 52,32,0,16,255,37,56,32,0,16,255,37,60,32,0,16
db 255,37,64,32,0,16,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 184,32,0,0,198,32,0,0,220,32,0,0,236,32,0,0
db 0,33,0,0,18,33,0,0,30,33,0,0,44,33,0,0
db 58,33,0,0,70,33,0,0,84,33,0,0,102,33,0,0
db 118,33,0,0,136,33,0,0,152,33,0,0,174,33,0,0
db 196,33,0,0,0,0,0,0,112,32,0,0,0,0,0,0
db 0,0,0,0,208,33,0,0,0,32,0,0,0,0,0,0
db 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
db 184,32,0,0,198,32,0,0,220,32,0,0,236,32,0,0
db 0,33,0,0,18,33,0,0,30,33,0,0,44,33,0,0
db 58,33,0,0,70,33,0,0,84,33,0,0,102,33,0,0
db 118,33,0,0,136,33,0,0,152,33,0,0,174,33,0,0
db 196,33,0,0,0,0,0,0,26,0,67,108,111,115,101,72
db 97,110,100,108,101,0,66,0,67,114,101,97,116,101,82,101
db 109,111,116,101,84,104,114,101,97,100,0,0,253,0,71,101
db 116,76,97,115,116,69,114,114,111,114,0,0,9,1,71,101
db 116,77,111,100,117,108,101,72,97,110,100,108,101,65,0,0
db 31,1,71,101,116,80,114,111,99,65,100,100,114,101,115,115
db 0,0,127,1,72,101,97,112,65,108,108,111,99,0,129,1
db 72,101,97,112,67,114,101,97,116,101,0,0,130,1,72,101
db 97,112,68,101,115,116,114,111,121,0,131,1,72,101,97,112
db 70,114,101,101,0,0,209,1,79,112,101,110,80,114,111,99
db 101,115,115,0,130,2,86,105,114,116,117,97,108,65,108,108
db 111,99,69,120,0,0,132,2,86,105,114,116,117,97,108,70
db 114,101,101,69,120,0,134,2,86,105,114,116,117,97,108,80
db 114,111,116,101,99,116,0,0,136,2,86,105,114,116,117,97
db 108,81,117,101,114,121,0,0,143,2,87,97,105,116,70,111
db 114,83,105,110,103,108,101,79,98,106,101,99,116,0,167,2
db 87,114,105,116,101,80,114,111,99,101,115,115,77,101,109,111
db 114,121,0,0,191,2,108,115,116,114,108,101,110,65,0,0
db 107,101,114,110,101,108,51,50,46,100,108,108,0,0,0,0
db 0,0,0,0,48,219,47,72,0,0,0,0,28,34,0,0
db 1,0,0,0,2,0,0,0,2,0,0,0,8,34,0,0
db 16,34,0,0,24,34,0,0,132,19,0,0,230,20,0,0
db 40,34,0,0,48,34,0,0,0,0,1,0,72,111,111,107
db 65,112,105,46,100,108,108,0,72,111,111,107,65,80,73,0
db 85,110,72,111,111,107,65,80,73,0,0,0,0

阅读(2500) | 评论(0) | 转发(0) |
0

上一篇:通过DLL劫持让程序自动弹出注册码

下一篇:老外写的简单WEB服务器源码,非常值得参考

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6