原文地址:http://blog.csdn.net/leeeryan/archive/2010/06/08/5656364.aspx
// APIHOOKImageDirectoryEntryToData.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
#include <imagehlp.h>//ImageDirectoryEntryToData
#pragma comment(lib,"imagehlp.lib")
char *szModName = NULL ;
char *szHacked = "不好意思hook到了!" ;
DWORD dwHookFun ;
PROC dwHookApiAddr;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc ;
PIMAGE_THUNK_DATA32 pThunk;
ULONG uSize ;
/**//************************************************************/
void MYhook()
{
__asm
{
mov esp,ebp
push szHacked
pop DWORD PTR [ebp+12]
pop ebp
jmp dwHookApiAddr
}
}
int main(int argc, char* argv[])
{
HMODULE hInstance =GetModuleHandle(NULL);
dwHookFun = (DWORD)MYhook;
dwHookApiAddr = GetProcAddress(LoadLibrary("USER32.dll"), "MessageBoxA") ;
//通过函数)ImageDirectoryEntryToData获得IAT
pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hInstance,
TRUE,
IMAGE_DIRECTORY_ENTRY_IMPORT,
&uSize) ;
//找到要HOOK的函数所在的模块
while(pImportDesc->Name)
{
szModName = (char *)((PBYTE)hInstance+pImportDesc->Name) ;
if (strcmp(szModName,"USER32.dll")==0)
break ;
pImportDesc++ ;
}
//原始的THUNK信息指针
pThunk= (PIMAGE_THUNK_DATA32)((PBYTE)hInstance+pImportDesc->FirstThunk) ;
for(;pThunk->u1.Function;pThunk++)
{
PROC* ppfn = (PROC*) &pThunk->u1.Function;
if (*ppfn == dwHookApiAddr)
{
VirtualProtect(&pThunk->u1.Function, 4096,PAGE_READWRITE,0);
pThunk->u1.Function = (PDWORD)dwHookFun;
break ;
}
}
//要hook下面这个API
MessageBoxA(0,"这是正常的!","xicao",0);
return 0;
}
posted on 2010-10-14 15:42
漂漂 阅读(827)
评论(0) 编辑 收藏 引用 所属分类:
深入vc++