📄 capcondll.asm
字号:
;@GOTO -)
.586P
.MODEL FLAT
INCLUDE WINDOWS.inc
UNICODE=0
INCLUDE APIMACRO.mac
INCLUDE ApiHooks.inc
INCLUDELIB iKERNEL32
INCLUDELIB iUSER32
;------------------------------------------------------------------
.CODE
_OrgWCA BYTE 32 DUP (?)
_OrgWF BYTE 32 DUP (?)
_Org_lw BYTE 32 DUP (?)
OrgWCA DWORD _OrgWCA
OrgWF DWORD _OrgWF
Org_lw DWORD _Org_lw
CaptureActive BYTE FALSE
TEXT zLogFile, <C:\Console.txt/0>
PUBLIC CaptureSwitch
CaptureSwitch PROC OnOff :BYTE
MOV AL, OnOff
XCHG CaptureActive, AL
RET
CaptureSwitch ENDP
;------------------------------------------------------------------
WriteLog PROC USES EAX EBX, lpvBuffer, lpchWritten
CMP CaptureActive, FALSE
JE FileError
iWin32i CreateFile, szLogFile, GENERIC_WRITE,\
NULL, NULL, OPEN_ALWAYS, NULL, NULL
MOV EBX, EAX
INC EAX
JE FileError
iWin32 _llseek, EBX, 0, FILE_END
MOV ECX, lpchWritten
sWin32 Org_lw, EBX, lpvBuffer, [ECX]
iWin32 _lclose, EBX
FileError:
RET
WriteLog ENDP
xWriteLog PROC USES EAX, hConOut, lpvBuffer, lpchWritten
LOCAL TempWritten: DWORD
CMP hConOut, STD_OUTPUT_HANDLE
JE WriteIt
CMP hConOut, STD_ERROR_HANDLE
JE WriteIt
LEA ECX, TempWritten
sWin32 OrgWCA, hConOut, lpvBuffer, 0,\
ECX, NULL
TEST EAX, EAX
JE Return
WriteIt:
sWin32 WriteLog, lpvBuffer, lpchWritten
Return:
RET
xWriteLog ENDP
;------------------------------------------------------------------
NewWriteConsoleA PROC hConOut, lpvBuffer, cchToWrite,\
lpcchWritten, lpvReserved
sWin32 OrgWCA, hConOut, lpvBuffer, cchToWrite,\
lpcchWritten, lpvReserved
TEST EAX, EAX
JE Return
sWin32 WriteLog, lpvBuffer, lpcchWritten
Return:
RET
NewWriteConsoleA ENDP
;------------------------------------------------------------------
NewWriteFile PROC hConOut, lpvBuffer, cchToWrite,\
lpcchWritten, lpvReserved
sWin32 OrgWF, hConOut, lpvBuffer, cchToWrite,\
lpcchWritten, lpvReserved
TEST EAX, EAX
JE Return
sWin32 xWriteLog, hConOut, lpvBuffer, lpcchWritten
Return:
RET
NewWriteFile ENDP
;------------------------------------------------------------------
New_lwrite PROC hConOut, lpvBuffer, cchToWrite
sWin32 Org_lw, hConOut, lpvBuffer, cchToWrite
TEST EAX, EAX
JE Return
PUSHp EAX, EAX
sWin32 xWriteLog, hConOut, lpvBuffer, ESP
POPc EAX, EAX
Return:
RET
New_lwrite ENDP
;names-------------------------------------------------------------
TEXTA zWriteConsoleA, <WriteConsoleA/0>
TEXTA zWriteFile, <WriteFile/0>
TEXTA z_lwrite, <_lwrite/0>
TEXTA zKERNEL32, <KERNEL32.dll/0>
;------------------------------------------------------------------
BeginHooks ApiHookChain
MkHook ,, WriteConsoleA, HOOK_OVERWRITE+HOOK_HARD, OrgWCA
MkHook ,, WriteFile, HOOK_OVERWRITE+HOOK_HARD, OrgWF
MkHook ,, _lwrite, HOOK_OVERWRITE+HOOK_HARD, Org_lw
EndHooks
;------------------------------------------------------------------
END
:-)
@ECHO OFF
ML /c /coff /Gz /Cp /nologo CapConDLL.bat
eLINK CapConDLL /nologo /DLL /OUT:CapCon.dll /NOENTRY /EXPORT:ApiHookChain /EXPORT:CaptureSwitch /SUBSYSTEM:WINDOWS /SECTION:.text,EWRS /OPTidata /MERGE:.rdata=.text /IGNORE:4078,4092 /BASE:0XAEF40000
DEL CapConDLL.obj
DEL CapCon.exp
DEL CapCon.lib
PAUSE
CLS⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -