#include <Windows.h>
PVOID HookAPI(PBYTE pbModule, PCSTR pszName, PVOID pvOrg, PVOID pvNew)
{
PIMAGE_THUNK_DATA r;
PIMAGE_NT_HEADERS p;
PIMAGE_IMPORT_DESCRIPTOR q;
p = (PIMAGE_NT_HEADERS) (pbModule + ((PIMAGE_DOS_HEADER) pbModule)->e_lfanew);
q = (PIMAGE_IMPORT_DESCRIPTOR) (pbModule +
p->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
for (; q->Name; q++)
{
if (lstrcmpiA(pszName, (PCSTR) (pbModule + q->Name)) == 0)
{
for (r = (PIMAGE_THUNK_DATA) (pbModule + q->FirstThunk); r->u1.Function; r++)
{
if ((PVOID) r->u1.Function == pvOrg)
{
WriteProcessMemory(GetCurrentProcess(),
&r->u1.Function, &pvNew, sizeof(PVOID), NULL);
return pvOrg;
}
}
}
}
return NULL;
}
typedef VOID (__stdcall* SleepType)(DWORD);
SleepType OldSleep;
VOID __stdcall NewSleep(DWORD dwMilliseconds)
{
OldSleep(dwMilliseconds/100);
}
int main(int argc, char* argv[])
{
OldSleep = (SleepType)
HookAPI((PBYTE)GetModuleHandle(NULL), "Kernel32.dll", Sleep, NewSleep);
Sleep(20000);
Sleep(20000);
Sleep(20000);
return 0;
}
HOOK IAT的代碼與例子,備忘
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章