系统相关
首页 > 系统相关> > Windows Hook 的常用方式 一

Windows Hook 的常用方式 一

作者:互联网

# windows hook 一

下载安装

链接我就不放了github上有,我这里使用的是4.0版本

1、编译:
image

image
2.使用:这里具体过程我就不说了,先实现一个简单的hook MessageBoxA的dll,使用dll注入进去
这里使用的是微软的dll修改了的,读者也可以,修改成自己需要的

//////////////////////////////////////////////////////////////////////////////
//
//  Detours Test Program (simple.cpp of simple.dll)
//
//  Microsoft Research Detours Package
//
//  Copyright (c) Microsoft Corporation.  All rights reserved.
//
//  This DLL will detour the Windows SleepEx API so that TimedSleep function
//  gets called instead.  TimedSleepEx records the before and after times, and
//  calls the real SleepEx API through the TrueSleepEx function pointer.
//
#include <stdio.h>
#include <windows.h>
#include "detours.h"
#pragma comment(lib,"detours.lib")

static LONG dwSlept = 0;
static int (WINAPI* FunMessageBoxA)(_In_opt_ HWND hWnd, _In_opt_ LPCSTR lpText, _In_opt_ LPCSTR lpCaption, _In_ UINT uType) = MessageBoxA;

int WINAPI MyMessageBox(_In_opt_ HWND hWnd,
    _In_opt_ LPCSTR lpText,
    _In_opt_ LPCSTR lpCaption,
    _In_ UINT uType)
{
    DWORD dwBeg = GetTickCount();
    char szText[] = {"this is Text"};
    char szCaption[] = {"this is Caption"};
    int ret = FunMessageBoxA(hWnd, szText, szCaption, uType);
    DWORD dwEnd = GetTickCount();

    InterlockedExchangeAdd(&dwSlept, dwEnd - dwBeg);

    return ret;
}

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
    LONG error;
    (void)hinst;
    (void)reserved;

    if (DetourIsHelperProcess()) {
        return TRUE;
    }

    if (dwReason == DLL_PROCESS_ATTACH) {
        DetourRestoreAfterWith();
                           // 32位还是64位
        printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
            " Starting.\n");
        fflush(stdout);

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)FunMessageBoxA, MyMessageBox);//HOOK 的API 函数指针
        error = DetourTransactionCommit();

        if (error == NO_ERROR) {
            printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
                " Detoured SleepEx().\n");
        }
        else {
            printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
                " Error detouring SleepEx(): %d\n", error);
        }
    }
    else if (dwReason == DLL_PROCESS_DETACH) {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)FunMessageBoxA, MyMessageBox);
        error = DetourTransactionCommit();

        printf("simple" DETOURS_STRINGIFY(DETOURS_BITS) ".dll:"
            " Removed SleepEx() (result=%d), slept %d ticks.\n", error, dwSlept);
        fflush(stdout);
    }
    return TRUE;
}

//
///////////////////////////////////////////////////////////////// End of File.

主函数测试代码

#include <iostream>
#include <Windows.h>

int main()
{
	system("pause");
	MessageBoxA(0, 0, 0, 0);
	system("pause");
	return 0;
}

标签:opt,常用,Windows,dll,Hook,DETOURS,error,include,simple
来源: https://www.cnblogs.com/ice1992/p/15773498.html