IATHook

IATHookClass.h

 1 #pragma once
 2 
 3 #include <Windows.h>
 4 
 5 class IATHookClass
 6 {
 7 private:
 8     DWORD oldAddr;
 9     DWORD newAddr;
10 
11 public:
12     BOOL Hook(char *apiName, DWORD callfunc);
13     BOOL UnHook(void);
14 };

IATHookClass.cpp

 1 #include "IATHookClass.h"
 2 
 3 BOOL IATHookClass::Hook(char *apiName, DWORD callfunc)
 4 {
 5     BOOL bOk = FALSE;
 6     HMODULE hMod = GetModuleHandle(NULL);
 7     IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
 8     IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + 24);
 9     IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[1].VirtualAddress);
10 
11     while (pImportDesc->FirstThunk)
12     {
13         char *pszDllName = (char *)((BYTE *)hMod + pImportDesc->Name);
14         IMAGE_THUNK_DATA *pThunk = (IMAGE_THUNK_DATA *)((BYTE *)hMod + pImportDesc->FirstThunk);
15         IMAGE_THUNK_DATA *pThunkDesc = (IMAGE_THUNK_DATA *)((BYTE *)hMod + pImportDesc->OriginalFirstThunk);
16 
17         while (pThunkDesc->u1.Function)
18         {
19             if (!lstrcmpi(apiName, (char *)((BYTE *)hMod + (DWORD)pThunkDesc->u1.AddressOfData + 2)))
20             {
21                 IATHookClass::oldAddr = pThunk->u1.Function;
22                 IATHookClass::newAddr = (DWORD)callfunc;
23                 DWORD dwOldProtect = 0;
24 
25                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
26                 bOk = (pThunk->u1.Function = callfunc) ? TRUE : FALSE;
27                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, dwOldProtect, &dwOldProtect);
28                 CloseHandle(hMod);
29                 return bOk;
30             }
31             pThunk++;
32             pThunkDesc++;
33         }
34         pImportDesc++;
35     }
36     CloseHandle(hMod);
37     return bOk;
38 }
39 
40 BOOL IATHookClass::UnHook(void)
41 {
42     BOOL bOk = FALSE;
43     HMODULE hMod = GetModuleHandle(NULL);
44     IMAGE_DOS_HEADER *pDosHeader = (IMAGE_DOS_HEADER *)hMod;
45     IMAGE_OPTIONAL_HEADER *pOptHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + pDosHeader->e_lfanew + 24);
46     IMAGE_IMPORT_DESCRIPTOR *pImportDesc = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + pOptHeader->DataDirectory[1].VirtualAddress);
47 
48     while (pImportDesc->FirstThunk)
49     {
50         char *pszDllName = (char *)((BYTE *)hMod + pImportDesc->Name);
51         IMAGE_THUNK_DATA *pThunk = (IMAGE_THUNK_DATA *)((BYTE *)hMod + pImportDesc->FirstThunk);
52         while (pThunk->u1.Function)
53         {
54             if (IATHookClass::newAddr == pThunk->u1.Function)
55             {
56                 DWORD dwOldProtect = 0;
57                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
58                 bOk = (pThunk->u1.Function = IATHookClass::oldAddr) ? TRUE : FALSE;
59                 VirtualProtect((LPVOID)&pThunk->u1.Function, 4, dwOldProtect, &dwOldProtect);
60                 CloseHandle(hMod);
61                 if (bOk)
62                 {
63                     IATHookClass::newAddr = 0;
64                     IATHookClass::oldAddr = 0;
65                 }
66                 return bOk;
67             }
68         }
69     }
70     CloseHandle(hMod);
71     return bOk;
72 }

相关阅读:
PHP.ini配置
 Ubuntu下启动/重启/停止apache服务器
 为 Ubuntu 上的 PHP 安装 APC，提升应用速度
 PHP文件上传并解决中文文件名乱码问题
 php目录结构
 PHP 服务器变量 $_SERVER
PHP 编程的 5 个良好习惯
 PHP导入Excel和导出数据为Excel文件
 SharePoint 计算列公式（拷贝微软的SDK）
SharePoint2010 文档评分（转）
原文地址：https://www.cnblogs.com/biaoge140/p/8734239.html