原文地址:http://blog.csdn.net/leeeryan/archive/2010/06/08/5656364.aspx
// APIHOOKImageDirectoryEntryToData.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include <windows.h>
#include <imagehlp.h>//ImageDirectoryEntryToData
#pragma comment(lib,"imagehlp.lib")

char *szModName = NULL ;
char *szHacked = "不好意思hook到了!" ;
DWORD dwHookFun ;
PROC dwHookApiAddr;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc ;
PIMAGE_THUNK_DATA32 pThunk;
ULONG uSize ;

/**//************************************************************/
void MYhook()


{
__asm

{
mov esp,ebp
push szHacked
pop DWORD PTR [ebp+12]
pop ebp
jmp dwHookApiAddr
}
}

int main(int argc, char* argv[])


{
HMODULE hInstance =GetModuleHandle(NULL);
dwHookFun = (DWORD)MYhook;
dwHookApiAddr = GetProcAddress(LoadLibrary("USER32.dll"), "MessageBoxA") ;
//通过函数)ImageDirectoryEntryToData获得IAT
pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(hInstance,
TRUE,
IMAGE_DIRECTORY_ENTRY_IMPORT,
&uSize) ;
//找到要HOOK的函数所在的模块
while(pImportDesc->Name)

{
szModName = (char *)((PBYTE)hInstance+pImportDesc->Name) ;
if (strcmp(szModName,"USER32.dll")==0)
break ;
pImportDesc++ ;
}
//原始的THUNK信息指针
pThunk= (PIMAGE_THUNK_DATA32)((PBYTE)hInstance+pImportDesc->FirstThunk) ;
for(;pThunk->u1.Function;pThunk++)

{
PROC* ppfn = (PROC*) &pThunk->u1.Function;
if (*ppfn == dwHookApiAddr)

{
VirtualProtect(&pThunk->u1.Function, 4096,PAGE_READWRITE,0);
pThunk->u1.Function = (PDWORD)dwHookFun;
break ;
}
}

//要hook下面这个API
MessageBoxA(0,"这是正常的!","xicao",0);

return 0;
}

posted on 2010-10-14 15:42
漂漂 阅读(800)
评论(0) 编辑 收藏 引用 所属分类:
深入vc++