如果要hook遊戲中的函數我是不是隻要修改
pfMessageBoxA = GetProcAddress( hModule, "MessageBoxA" );
改爲
pfMessageBoxA=0x00******(遊戲中該函數的地址)
網絡上的程序如下
dll
//---------------------------------------------------------------------------
#include <windows.h>
#include <vcl.h>
#pragma argsused
HHOOK g_hHook;
HINSTANCE g_hinstDll;
FARPROC pfMessageBoxA;
int WINAPI MyMessageBoxA( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType );
BYTE OldMessageBoxACode[5], NewMessageBoxACode[5];
HMODULE hModule;
DWORD dwIdOld, dwIdNew;
BOOL bHook = false;
void HookOn();
void HookOff();
BOOL init();
extern "C"__declspec( dllexport )__stdcall BOOL UninstallHook();
LRESULT WINAPI MousHook( int nCode, WPARAM wParam, LPARAM lParam );
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch ( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
if ( !init() )
{
MessageBoxA( NULL, "Init", "ERROR", MB_OK );
return ( false );
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
if ( bHook ) UninstallHook();
break;
}
return TRUE;
}
LRESULT WINAPI Hook( int nCode, WPARAM wParam, LPARAM lParam ) //空的鉤子函數
{
return ( CallNextHookEx( g_hHook, nCode, wParam, lParam ) );
}
extern "C"__declspec( dllexport )__stdcall BOOL InstallHook() //輸出安裝空的鉤子函數
{
g_hinstDll = LoadLibrary( "Project2.dll" );
g_hHook = SetWindowsHookEx( WH_GETMESSAGE, ( HOOKPROC )Hook, g_hinstDll, 0 );
if ( !g_hHook )
{
MessageBoxA( NULL, "SET ERROR", "ERROR", MB_OK );
return ( false );
}
return ( true );
}
extern "C"__declspec( dllexport )__stdcall BOOL UninstallHook() //輸出御在鉤子函數
{
return ( UnhookWindowsHookEx( g_hHook ) );
}
BOOL init() //初始化得到MessageBoxA的地址,並生成Jmp XXX(MyMessageBoxA)的跳轉指令
{
hModule = LoadLibrary( "user32.dll" );
pfMessageBoxA = GetProcAddress( hModule, "MessageBoxA" );
if ( pfMessageBoxA == NULL )
return false;
_asm
{
lea edi,OldMessageBoxACode
mov esi, pfMessageBoxA
cld
movsd
movsb
}
NewMessageBoxACode[0] = 0xe9; //jmp MyMessageBoxA的相對地址的指令
_asm
{
lea eax, MyMessageBoxA
mov ebx, pfMessageBoxA
sub eax, ebx
sub eax, 5
mov dword ptr[NewMessageBoxACode + 1], eax
}
dwIdNew = GetCurrentProcessId(); //得到所屬進程的ID
dwIdOld = dwIdNew;
HookOn(); //開始攔截
return ( true );
}
int WINAPI MyMessageBoxA( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType ) //首先關閉攔截,然後才能調用被攔截的Api 函數
{
int nReturn = 0;
HookOff();
nReturn = MessageBoxA( hWnd, "Hook", lpCaption, uType );
HookOn();
return ( nReturn );
}
void HookOn()
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess( PROCESS_ALL_ACCESS, 0, dwIdOld ); //得到所屬進程的句柄
VirtualProtectEx( hProc, pfMessageBoxA, 5, PAGE_READWRITE, & dwIdOld ); //修改所屬進程中MessageBoxA的前5個字節的屬性爲可寫
WriteProcessMemory( hProc, pfMessageBoxA, NewMessageBoxACode, 5, 0 ); //將所屬進程中MessageBoxA的前5個字節改爲JMP 到MyMessageBoxA
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, & dwIdOld ); //修改所屬進程中MessageBoxA的前5個字節的屬性爲原來的屬性
bHook = true;
}
void HookOff() //將所屬進程中JMP MyMessageBoxA的代碼改爲Jmp MessageBoxA
{
HANDLE hProc;
dwIdOld = dwIdNew;
hProc = OpenProcess( PROCESS_ALL_ACCESS, 0, dwIdOld );
VirtualProtectEx( hProc, pfMessageBoxA, 5, PAGE_READWRITE, & dwIdOld );
WriteProcessMemory( hProc, pfMessageBoxA, OldMessageBoxACode, 5, 0 );
VirtualProtectEx( hProc, pfMessageBoxA, 5, dwIdOld, & dwIdOld );
bHook = false;
}
測試程序:
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include "Unit1.h"
extern "C" __declspec(dllimport) __stdcall
BOOL InstallHook();
extern "C" __declspec(dllimport) __stdcall
BOOL UninstallHook();
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TForm1 *Form1;
//---------------------------------------------------------------------------
__fastcall TForm1::TForm1(TComponent* Owner)
: TForm(Owner)
{
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button1Click(TObject *Sender)
{
if(!InstallHook())
{
Label1->Caption = "Hook Error!";
}
MessageBoxA(NULL, "內容", "標題", MB_OK);
// 可以看見"內容變成了"來自鉤子中的內容"
if(!UninstallHook())
{
Label1->Caption = "Uninstall Error!";
}
}
原文:http://bbs.gameres.com/showthread.asp?threadid=8370