📄 capconsole.c
字号:
#include <windows.h>
#include <ApiHooks.h>
HFILE hLog = HFILE_ERROR;
BOOL WINAPI NewWriteConsoleA(HANDLE hConsoleOutput, CONST VOID *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved) {
BOOL Result = WriteConsoleA(hConsoleOutput, lpBuffer, nNumberOfCharsToWrite, lpNumberOfCharsWritten, lpReserved);
if(Result) _lwrite(hLog, lpBuffer, *lpNumberOfCharsWritten);
return Result;
}
BOOL WINAPI NewWriteConsoleW(HANDLE hConsoleOutput, CONST VOID *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved) {
HLOCAL Place;
BOOL Result;
int nbytes;
int nchars;
DWORD LastError;
if( (Result = WriteConsoleW(hConsoleOutput, lpBuffer, nNumberOfCharsToWrite, lpNumberOfCharsWritten, lpReserved))
|| ((LastError = GetLastError()) == ERROR_CALL_NOT_IMPLEMENTED)
) { // WCW succeeded or it is not implemented (Windows 9x)
nchars = Result ? *lpNumberOfCharsWritten : nNumberOfCharsToWrite;
if(nbytes = WideCharToMultiByte(GetConsoleOutputCP(), 0, lpBuffer, nchars, NULL, 0, NULL, NULL))
if(Place = LocalAlloc(LPTR, nbytes)) {
if(WideCharToMultiByte(GetConsoleOutputCP(), 0, lpBuffer, nchars, Place, nbytes, NULL, NULL)) {
_lwrite(hLog, Place, nbytes);
if(!Result && (LastError == ERROR_CALL_NOT_IMPLEMENTED)) // bonus: emulate WriteConsoleW in Windows 9x
Result = WriteConsoleA(hConsoleOutput, Place, nbytes, lpNumberOfCharsWritten, lpReserved);
}
LocalFree(Place);
}
}
return Result;
}
BOOL WINAPI NewWriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite, LPDWORD lpNumberOfBytesWritten, LPOVERLAPPED lpOverlapped) {
DWORD NumberOfCharsWritten;
BOOL Result = WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped);
if(Result && (((DWORD)hFile == STD_ERROR_HANDLE) || ((DWORD)hFile == STD_OUTPUT_HANDLE)
|| WriteConsole( hFile, lpBuffer, 0, &NumberOfCharsWritten, NULL)))
_lwrite(hLog, lpBuffer, *lpNumberOfBytesWritten);
return Result;
}
UINT WINAPI New_lwrite(HFILE hFile, LPCSTR lpBuffer, UINT uBytes) {
DWORD NumberOfCharsWritten;
UINT Result = _lwrite(hFile, lpBuffer, uBytes);
if(Result && (((DWORD)hFile == STD_ERROR_HANDLE) || ((DWORD)hFile == STD_OUTPUT_HANDLE)
|| WriteConsole((HANDLE)hFile, lpBuffer, 0, &NumberOfCharsWritten, NULL)))
_lwrite(hLog, lpBuffer, Result);
return Result;
}
HINSTANCE WINAPI NewLoadLibraryA(LPCSTR);
HINSTANCE WINAPI NewLoadLibraryExA(LPCSTR, HANDLE, DWORD);
FARPROC WINAPI NewGetProcAddress(HMODULE hModule, LPCSTR lpProcName) {
if((DWORD)lpProcName >= 0x10000)
if(hModule == GetModuleHandle(TEXT("KERNEL32.DLL"))) {
if(!lstrcmpA(lpProcName, "WriteConsoleW")) return (FARPROC)NewWriteConsoleW;
if(!lstrcmpA(lpProcName, "WriteConsoleA")) return (FARPROC)NewWriteConsoleA;
if(!lstrcmpA(lpProcName, "WriteFile")) return (FARPROC)NewWriteFile;
if(!lstrcmpA(lpProcName, "_lwrite")) return (FARPROC)New_lwrite;
if(!lstrcmpA(lpProcName, "LoadLibraryA")) return (FARPROC)NewLoadLibraryA;
if(!lstrcmpA(lpProcName, "LoadLibraryExA")) return (FARPROC)NewLoadLibraryExA;
if(!lstrcmpA(lpProcName, "GetProcAddress")) return (FARPROC)NewGetProcAddress;
}
return GetProcAddress(hModule, lpProcName);
}
#define NHOOKS 9
//__declspec(dllexport) API_HOOK ApiHookChain[NHOOKS] = {
__EXPORT API_HOOK ApiHookChain[NHOOKS] = {
{NULL,NULL,0}, //empty hook will be changed to dynamic if LoadLibrary(Ex)A will be called in Win9x in order to hook newly loaded module
{"KERNEL32.DLL", "WriteConsoleW" , HOOK_BY_NAME | HOOK_BY_ADDRESS | HOOK_SPECIAL, ALL_MODULES, NULL, NewWriteConsoleW},
{"KERNEL32.DLL", "WriteConsoleA" , HOOK_BY_NAME | HOOK_BY_ADDRESS, ALL_MODULES, NULL, NewWriteConsoleA},
{"KERNEL32.DLL", "WriteFile" , HOOK_BY_NAME | HOOK_BY_ADDRESS, ALL_MODULES, NULL, NewWriteFile},
{"KERNEL32.DLL", "_lwrite" , HOOK_BY_NAME | HOOK_BY_ADDRESS, ALL_MODULES, NULL, New_lwrite},
{"KERNEL32.DLL", "LoadLibraryA" , HOOK_BY_NAME | HOOK_BY_ADDRESS | HOOK_NOT_NT, ALL_MODULES, NULL, NewLoadLibraryA},
{"KERNEL32.DLL", "LoadLibraryExA", HOOK_BY_NAME | HOOK_BY_ADDRESS | HOOK_NOT_NT, ALL_MODULES, NULL, NewLoadLibraryExA},
{"KERNEL32.DLL", "GetProcAddress", HOOK_BY_NAME | HOOK_BY_ADDRESS | HOOK_NOT_NT, ALL_MODULES, NULL, NewGetProcAddress},
{HOOKS_END}
};
void HookNewModule(
LPCSTR lpLibFileName
){
int i;
ApiHookChain[0].ModuleExport = HOOKS_DYNAMIC;
for(i=1; i<NHOOKS-1; i++) {
ApiHookChain[i].ModuleImport = lpLibFileName;
}
EstablishApiHooks(NULL, (LPCTSTR)ApiHookChain, GetCurrentProcessId(), 0);
}
HINSTANCE WINAPI NewLoadLibraryA(
LPCSTR lpLibFileName
){
HANDLE hMod = GetModuleHandleA(lpLibFileName);
HINSTANCE Result = LoadLibraryA(lpLibFileName);
if(!hMod && Result)
HookNewModule(lpLibFileName);
return Result;
}
HINSTANCE WINAPI NewLoadLibraryExA(
LPCSTR lpLibFileName,
HANDLE hFile,
DWORD dwFlags
) {
HANDLE hMod = GetModuleHandleA(lpLibFileName);
HINSTANCE Result = LoadLibraryExA(lpLibFileName, hFile, dwFlags);
if(!hMod && Result && (dwFlags != LOAD_LIBRARY_AS_DATAFILE))
HookNewModule(lpLibFileName);
return Result;
}
#ifdef __TURBOC__
BOOL APIENTRY DllEntryPoint(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
#else
#ifdef _MSC_VER
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
#else
BOOL APIENTRY LibMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
#endif
#endif
{
if(ul_reason_for_call == DLL_PROCESS_ATTACH)
hLog = _lcreat("CONSOLE.log", 0); // create logfile
// Because hooks are applied after Hooks_DLL initialization (after DllMain(DLL_PROCESS_ATTACH)
// ApiHookChain can be modified here. It is similar to dynamic hooks modification/preparation.
else if(ul_reason_for_call == DLL_PROCESS_DETACH)
_lclose(hLog), hLog = HFILE_ERROR;
return TRUE;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -