Delphi Hook API ÒÑ·è¿ñ

×÷Õß: yangyxd   תÔØÇë×¢Ã÷³ö´¦ http://hi.baidu.com/yangyxd   2009-3-12
     ÂÛ̳ÀïÓйØÓÚHOOK APIµÄÌù×Ó£¬ µ«ÆäʵÏÖÔÚ·½Ê½ÏÔʾµÃÂé·³£¬ ÆäʵÏÖÔÚÀ¹½ØAPIÒ»°ã²»ÓÃÄÇÖÖ·½Ê½£¬ ´ó¶¼²ÉÓÃinline Hook API·½Ê½¡£ÆäʵҲ¾ÍÊÇÖ±½ÓÐÞ¸ÄÁËÒªÀ¹½ØµÄAPIÔ´ÂëµÄÍ·²¿£¬ÈÃËüÎÞÌõ¼þÌøתµ½ÎÒÃÇ×Ô¼ºµÄ´¦Àí¹ý³Ì¡£
   ²»¶à˵±ðµÄÁË£¬¿ªÊ¼ÎÒÃÇ×Ô¼ºµÄHook API°É¡£
   ÎÒÃǽñÌìÒªÀ¹½ØµÄAPIÈçÏ£º
   MessageBoxA¡¢MessageBoxW¡¢MessageBeep ºÍ OpenProcess ¡£
   Ê×ÏÈ£¬´ó¼Ò¶¼ÖªµÀÒªÔÚÕû¸öϵͳ·¶Î§ÖÐÀ¹½Ø£¬ÐèҪʹÓÃDllÀ´Íê³É¡£ÏÖÔÚÎÒÃÇ´ò¿ªDelphi 2009£¬Ð½¨Ò»¸öDll¹¤³Ì£ºhookDll¡£ÐèҪ˵Ã÷µÄÊÇ£¬DelphiÊÇÍêÈ«ÃæÏò¶ÔÏóµÄ±à³ÌÓïÑÔ£¬ËùÒÔÎÒÃDz»ÒªÀË·Ñ£¬Õâ¸öDll´òËãÓÃÀàµÄ·½Ê½Íê³É¡£ÓÚÊÇ£¬ÔÚн¨µÄDLL¹¤³ÌÖÐÔÚÌí¼ÓÒ»¸öUnit Pas£¬ÃüÃûΪunitHook£¬ ÓÃÀ´Ð´À¹½ØÀàµÄ´¦Àí¡£unitHook.pasÖеĴúÂëÈçÏ£º
unit unitHook;
interface
uses
Windows, Messages, Classes, SysUtils;
type
//NtHookÀàÏà¹ØÀàÐÍ
TNtJmpCode=packed record //8×Ö½Ú
MovEax:Byte;
Addr:DWORD;
JmpCode:Word;
dwReserved:Byte;
end;
TNtHookClass=class(TObject)
private
hProcess:THandle;
NewAddr:TNtJmpCode;
OldAddr:array[0..7] of Byte;
ReadOK:Boolean;
public
BaseAddr:Pointer;
constructor Create(DllName,FuncName:string;NewFunc:Pointer);
destructor Destroy; override;
procedure Hook;
procedure UnHook;
end;
implementation
//==================================================
//NtHOOK À࿪ʼ
//==================================================
constructor TNtHookClass.Create(DllName: string; FuncName: string;NewFunc:Pointer);
var
DllModule:HMODULE;
dwReserved:DWORD;
begin
//»ñÈ¡Ä£¿é¾ä±ú
DllModule:=GetModuleHandle(PChar(DllName));
//Èç¹ûµÃ²»µ½ËµÃ÷δ±»¼ÓÔØ
if DllModule=0 then DllModule:=LoadLibrary(PChar(DllName));
//µÃµ½Ä£¿éÈë¿ÚµØÖ·£¨»ùÖ·£©
BaseAddr:=Pointer(GetProcAddress(DllModule,PChar(FuncName)));
//»ñÈ¡µ±Ç°½ø³Ì¾ä±ú
hProcess:=GetCurrentProcess;
//Ö¸ÏòеØÖ·µÄÖ¸Õë
NewAddr.MovEax:=$B8;
NewAddr.