首页  编辑  

微软Detour开发包及其Demo

Tags: /超级猛料/Hook.钩子/   Date Created:

这可是官方的拦截API的方法。:)

可惜是"Delphi",看不太懂呀!那位大哥能翻译成VC码就好了。将非常感激!

//=======================================

function csb_DetourHook(pTargetAddr: Pointer; pNewAddr: Pointer; dwLength: Cardinal; var pCallOrigAddress: Pointer):LongBool;

type

 TJumP = packed record

   bJmp: Byte;

   dwAddress: DWord;

end;

function WriteNops(lpFunctionAddress: Pointer; lpLength:Cardinal):LongBool;

const

 lpNop: Byte = $90;

var

 dwProtect: DWord;

 g: Byte;

 dwBytesWritten: DWord;

begin

 result := false;

 if VirtualProtectEx(GetCurrentProcess, lpFunctionAddress, lpLength, PAGE_READWRITE, dwProtect) then

 begin

   for g := 0 to lpLength do

     result := WriteProcessMemory(GetCurrentProcess, Pointer(DWord(lpFunctionAddress) + g), @lpNop, 1, dwBytesWritten);

   VirtualProtectEx(GetCurrentProcess, lpFunctionAddress, lpLength, dwProtect, dwProtect);

 end;

end;

var

 gOrigJump: TJump;

 gJump: TJump;

 dwProtect: DWord;

begin

 result := false;

 

 pCallOrigAddress := VirtualAlloc(nil, dwLength + 5, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);

 if pCallOrigAddress <> nil then

 begin

   CopyMemory(pCallOrigAddress, pTargetAddr, dwLength);

   gOrigJump.bJmp := $E9;

   gOrigJump.dwAddress := (DWord(pTargetAddr) + dwLength) - DWord(pCallOrigAddress) - (dwLength + 5);

   CopyMemory(Pointer(DWord(pCallOrigAddress) + dwLength), @gOrigJump, dwLength+5);

   if (WriteNops(pTargetAddr, dwLength-1) = true) and (VirtualProtect(pTargetAddr, dwLength, PAGE_EXECUTE_READWRITE, dwProtect) = true) then

 begin

   gJump.bJmp := $E9;

   gJump.dwAddress := DWord(pNewAddr) - DWord(pTargetAddr) - 5;

   CopyMemory(pTargetAddr, @gJump, sizeof(TJump));

   result := true;

 end;

 end;

end;

detours-src-1.2.exe (572.5KB)