📄 tmext01.bat
字号:
JMP @F ;I'm in ATM
NewCreateDialogParamW:
PUSH OrgCreateDialogParamW ;TASKMGR
@@:
sWin32 CreateWndStub
MOV ECX, [ESP+16+4] ;lpDialogFunc
MOV [ESP+16+4], EDX ;replace with the new stub
MOV OrigWndProc[EAX*4], ECX
RET
WndStub:
POP EAX
NewWndProc PROC hwnd, uMsg, wParam, lParam
CMP uMsg, WM_COMMAND
JNE @F
CMP wParam, ApplyHooksId ;User selected "Apply Hooks" in Popup menu
JNE @F
CMP WatchTerminateProcess, 3
JNE @F
MOV ECX, EndProcessId
DEC WatchTerminateProcess
MOV wParam, ECX
@@:
LEAVE
JMP OrigWndProc[EAX*4]
NewWndProc ENDP
;-----------------------------------------------------------------
;One routine for both MessageBoxA and MessageBoxW
NewMessageBoxA:
PUSH OrgMessageBoxA
JMP @F
NewMessageBoxW:
PUSH OrgMessageBoxW
@@:
CMP WatchTerminateProcess, 2
JNE @F
ReturnYES:
POP ECX
DEC WatchTerminateProcess
MOV EAX, IDYES ;press Yes
RETN 16
@@:
MOV WatchTerminateProcess, 0
RETN
;-----------------------------------------------------------------
NewOpenProcess PROC dwDesiredAccess, bInheritHandle, dwProcessId
@@:
sWin32 OrgOpenProcess, dwDesiredAccess, bInheritHandle, dwProcessId
CMP InATM, TRUE
JE ATMactive
CMP WatchTerminateProcess, 1
JMP @F
;required for ATM's OpenThread9x
BYTE 24H-($-NewOpenProcess) DUP (90H)
MOV ECX, 0
iMOV ECX, OpenProcess
ADD ECX, 24H
JMP ECX
@@:
JNE @F
ATMactive:
MOV ECX, dwProcessId
MOV PHD, EAX
MOV PID, ECX
@@:
RET
NewOpenProcess ENDP
;-----------------------------------------------------------------
;SetPriority and TerminateProcess have the same position of hProcess
;in stack so I can write one routine for them
NewSetPriorityClass:
PUSH OrgSetPriorityClass
JMP @F
NewTerminateProcess:
PUSH OrgTerminateProcess
;FinProcess PROC hProcess, uExitCode
@@:
CMP WatchTerminateProcess, 1
JNE @F
MOV EAX, [ESP+4+4] ;hProcess
CMP EAX, PHD ;check it
JNE @F
DEC WatchTerminateProcess
POP ECX
iWin32 GetOpenFileNameA, OFFSET OpenFName
TEST EAX, EAX
JE CleanUp0
iWin32 LoadAndCallA, NULL, OFFSET szFileName, PID, 10000, 1, NULL, 0, NULL
CMP EAX, ErrorAHMin
MOV ECX, sFailed
JAE CleanUp
TEST EAX, EAX
JE CleanUp
MOV ECX, sApplied
CleanUp:
iWin32i MessageBox, NULL, ECX, sHooks, MB_ICONINFORMATION
CleanUp0:
MOV EAX, TRUE
RET 2*4
@@:
RET
;FinProcess ENDP
;-----------------------------------------------------------------
;optimized GetProcAddress Hook
NewGetProcAddress PROC USES ESI, hLibrary, lpszProc
CMP lpszProc, 10000H
JB NotFound ;don't pass ordinals to lstrcmpA
MOV ESI, OFFSET ForGPA
SearchProc:
LODSD
TEST EAX, EAX
JNE DoProc
NextProc:
CMP EAX, [ESI]
JE NotFound
LODSD
iWin32 GetModuleHandleA, EAX
TEST EAX, EAX
JE @F
CMP EAX, hLibrary
JE SearchProc
@@:
LODSD
TEST EAX, EAX
JNE @B
JMP NextProc
DoProc:
iWin32 lstrcmpA, EAX, lpszProc
MOV ECX, EAX
LODSD
MOV EDX, EAX
TEST ECX, ECX
LODSD
JNE SearchProc
CMP DWORD PTR [EDX], 0
JNE @F
PUSHp EAX, EDX
sWin32 OrgGetProcAddress, hLibrary, lpszProc
POP EDX
MOV [EDX], EAX
POP EAX
@@:
RET
NotFound:
POP ESI
LEAVE
JMP OrgGetProcAddress
NewGetProcAddress ENDP
ALIGN DWORD
ForGPA DWORD NULL, szUSER32,\
szTrackPopupMenu, OrgTrackPopupMenu, NewTrackPopupMenu,\
szTrackPopupMenuEx, OrgTrackPopupMenuEx, NewTrackPopupMenuEx,\
szRegisterClassExA, OrgRegisterClassExA, NewRegisterClassExA,\
szCreateDialogParamA, OrgCreateDialogParamA, NewCreateDialogParamA;,\
DWORD szCreateDialogParamW, OrgCreateDialogParamW, NewCreateDialogParamW,\
szMessageBoxA, OrgMessageBoxA, NewMessageBoxA,\
szMessageBoxW, OrgMessageBoxW, NewMessageBoxW
DWORD NULL, szKERNEL32,\
szOpenProcess, OrgOpenProcess, NewOpenProcess,\
szSetPriorityClass, OrgSetPriorityClass, NewSetPriorityClass,\
szTerminateProcess, OrgTerminateProcess, NewTerminateProcess,\
szGetProcAddress, OrgGetProcAddress, NewGetProcAddress
DWORD NULL, NULL
;------------------------------------------------------------------
ALIGN 4
OrgTrackPopupMenu EQU DWORD PTR $+4
MkUnhook TrackPopupMenu, 1
OrgTrackPopupMenuEx EQU DWORD PTR $+4
MkUnhook TrackPopupMenuEx, 1
OrgRegisterClassExA EQU DWORD PTR $+4
MkUnhook RegisterClassExA, 1
OrgCreateDialogParamA EQU DWORD PTR $+4
MkUnhook CreateDialogParamA, 1
OrgCreateDialogParamW EQU DWORD PTR $+4
MkUnhook CreateDialogParamW, 1
OrgMessageBoxA EQU DWORD PTR $+4
MkUnhook MessageBoxA, 1
OrgMessageBoxW EQU DWORD PTR $+4
MkUnhook MessageBoxW, 1
OrgOpenProcess EQU DWORD PTR $+4
MkUnhook OpenProcess, 1
OrgSetPriorityClass EQU DWORD PTR $+4
MkUnhook SetPriorityClass, 1
OrgTerminateProcess EQU DWORD PTR $+4
MkUnhook TerminateProcess, 1
OrgGetProcAddress EQU DWORD PTR $+4
MkUnhook GetProcAddress, 1
; SuggestFlags told me I can use HOOK_BY_NAME. I also count with the situation
; you have packed the TMs and I hook GetProcAddress. I don't use HOOK_EXPORT
; because I don't want to accept APIs from all modules.
BeginHooks ApiHookChain
MkHook , USER32, TrackPopupMenu, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , USER32, TrackPopupMenuEx, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , USER32, RegisterClassExA, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , USER32, CreateDialogParamA, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , USER32, CreateDialogParamW, HOOK_BY_NAME OR HOOK_BY_ADDRESS OR HOOK_NOT_9X, MAIN_MODULE
MkHook , USER32, MessageBoxA, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , USER32, MessageBoxW, HOOK_BY_NAME OR HOOK_BY_ADDRESS OR HOOK_NOT_9X, MAIN_MODULE
MkHook , , OpenProcess, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , , SetPriorityClass, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , , TerminateProcess, HOOK_BY_NAME OR HOOK_BY_ADDRESS, MAIN_MODULE
MkHook , , GetProcAddress, HOOK_BY_ADDRESS, MAIN_MODULE ;for packed TMs
EndHooks
;-----------------------------------------------------------------
END
:TRANSLATE
@ECHO OFF
ML /c /coff /nologo TMext01.bat
eLINK TMext01 /nologo /DLL /NOENTRY /EXPORT:ApiHookChain /SUBSYSTEM:WINDOWS /MERGE:.idata=.text /MERGE:.rdata=.text /SECTION:.text,EWR /BASE:0X72770000 /IGNORE:4108,4078,4060,4086
DEL TMext01.obj
DEL TMext01.exp
DEL TMext01.lib
PAUSE
CLS⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -