📄 apihooks.pas
字号:
{$IFDEF UNICODE}
unit ApihooksW;
{$ELSE}
unit Apihooks;
{$ENDIF}
{$ALIGN ON}
{$MINENUMSIZE 4}
interface
const
//dwFlags-----------------------------------------------
HOOK_EXPORT = 1;
HOOK_BY_NAME = 2;
HOOK_BY_ADDRESS = 4;
HOOK_HARD = 8;
HOOK_LOAD_IMPORT = 16;
HOOK_SPECIAL = 32;
HOOK_NOT_NT = 64;
HOOK_NOT_9X = 128;
HOOK_OVERWRITE = 256;
HOOK_RAW = 512;
HOOK_ALL_SAFE = 1024;
HOOK_LOAD_EXPORT= 2048;
//ModuleExport------------------------------------------
HOOKS_END = PAnsiChar(-1); // IF UNICODE PWideChar
HOOKS_DYNAMIC = PAnsiChar(-2); // IF UNICODE PWideChar
//ModuleExport or ModuleImport--------------------------
MAIN_MODULE = PAnsiChar(0); // IF UNICODE PWideChar
//ModuleImport------------------------------------------
ALL_MODULES = PAnsiChar(-1); // IF UNICODE PWideChar
WHOLE_AH_CHAIN = -1;
//Return values--------------------------------------
ErrorAHMin = ($E1C2F3B1);
ErrorAHException = (ErrorAHMin+0);
ErrorAHOpen = (ErrorAHMin+1);
ErrorAHPrepare = (ErrorAHMin+2);
ErrorAHTimeOut = (ErrorAHMin+3);
ErrorAHRemote = (ErrorAHMin+4);
ErrorAHMax = (ErrorAHMin+4);
ErrorAMMin = ErrorAHMin;
ErrorAMModule = (ErrorAHMax+1);
ErrorAMApi = (ErrorAHMax+2);
ErrorAMMax = (ErrorAHMax+2);
ErrorAWSuccess = ($E1C2F3B0);
//---------------------------------------------------
//RCFlags--------------------------------------------
RC_FL_OWNTIMEOUT = 1;
RC_FL_TERMINATE = 2;
RC_FL_OWNFREE = 4;
RC_FL_UNHIDE9X = 8;
RC_FL_DEFSD = 16;
//ProcFlags------------------------------------------
RC_PF_DEBUGGED = 1;
RC_PF_16TERM = 2;
RC_PF_NOOPEN = 4;
RC_PF_NATIVE = 8;
RC_PF_NOTINITED = 16;
RCBlockStart = $AC;
RCThreadBodyAlias = $E1C2F3AF;
LAC_PASCAL = $80000000;
LAC_FASTCALL = $40000000;
LAC_COMCALL = $20000000;
LAC_DELPHI = $10000000;
LACThreadBodyAlias = $E1C2F3AF;
LACSTKPointer = $E1C2E700;
LACMEMPointer = $E1C2DA00;
LACMEMOffset = $3DC;
LACMEMSize = $C24;
LACMaxArgs = $309;
type
//RCINFO---------------------------------------------
TRtlAllocMem = function(hProcess : LongWord; dwSize : LongWord) : Pointer; stdcall;
TRtlFreeMem = function(hProcess : LongWord; lpAddress : Pointer) : Boolean; stdcall;
RCINFO =
record
RCFlags : LongWord;
ProcFlags : LongWord;
RtlAllocMem : TRtlAllocMem;
RtlFreeMem : TRtlFreeMem;
hProcess : LongWord;
ProcessId : LongWord;
hThread : LongWord;
ThreadId : LongWord;
ThreadBody : Pointer;
ThreadStack : Pointer;
end;
PRCINFO = ^RCINFO;
//----------------------------------------------------
ADDR_CONTENTS =
record
ReturnWhere : ^LongWord;
ReturnWhat : LongWord;
end;
AADDR_CONTENTS = array of ADDR_CONTENTS;
PADDR_CONTENTS = ^AADDR_CONTENTS;
API_UNHOOK =
record
MaxNoAddr : LongWord;
CurNoAddr : LongWord;
WhereWhat : AADDR_CONTENTS;
end;
PAPI_UNHOOK = ^API_UNHOOK;
API_HOOK =
record
ModuleExport : PAnsiChar;
ApiNameOrOrd : PAnsiChar;
dwFlags : LongWord;
ModuleImport : PAnsiChar;
UnhookAddresses : PAPI_UNHOOK;
HookAddress : Pointer;
end;
PAPI_HOOK = ^API_HOOK;
API_HOOK_CHAIN = array of API_HOOK;
PAPI_HOOK_CHAIN = ^API_HOOK_CHAIN;
function EstablishApiHooksA (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function hEstablishApiHooksA (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function EstablishApiHooksW (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function hEstablishApiHooksW (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function IsModuleLoadedA (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function hIsModuleLoadedA (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function IsModuleLoadedW (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function hIsModuleLoadedW (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongInt) : LongWord; stdcall;
function UnloadModuleA (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord) : LongWord; stdcall;
function hUnloadModuleA (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord) : LongWord; stdcall;
function UnloadModuleW (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord) : LongWord; stdcall;
function hUnloadModuleW (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord) : LongWord; stdcall;
function LoadAndCallA (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord; ApiNameOrOrd : PAnsiChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function hLoadAndCallA (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord; ApiNameOrOrd : PAnsiChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function LoadAndCallW (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord; ApiNameOrOrd : PWideChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function hLoadAndCallW (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongInt; HowManyTimes : LongWord; ApiNameOrOrd : PWideChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function RemoteExecute (pRCI : PRCINFO; ProcessId : LongWord; dwMilliseconds : LongInt; lpBlock : Pointer; BlockSize: LongWord; lpParameter: Pointer) : LongWord; stdcall;
function hRemoteExecute (pRCI : PRCINFO; hProcess : LongWord; dwMilliseconds : LongInt; lpBlock : Pointer; BlockSize: LongWord; lpParameter: Pointer) : LongWord; stdcall;
function HookApiA (ModuleExport : PAnsiChar; ApiNameOrOrd : PAnsiChar; dwFlags : LongWord; ModuleImport : PAnsiChar; ApiUnhook : PAPI_UNHOOK; HookAddress : Pointer; ExcludeModules : Pointer) : LongWord; stdcall;
function HookApiW (ModuleExport : PWideChar; ApiNameOrOrd : PWideChar; dwFlags : LongWord; ModuleImport : PWideChar; ApiUnhook : PAPI_UNHOOK; HookAddress : Pointer; ExcludeModules : Pointer) : LongWord; stdcall;
function GetDefaultRCInfo() : PRCINFO; stdcall;
function GetProcFlags(ProcessId : LongWord) : LongWord; stdcall;
function hGetProcFlags(hProcess : LongWord) : LongWord; stdcall;
function UnhookApis(lpAHChain : PAPI_HOOK; nAHooks : LongInt) : Boolean; stdcall;
function CallOrigFn(ModuleExport : PAnsiChar; ApiNameOrOrd : PAnsiChar; dwFlags : LongWord; OrigFn : PAnsiChar; ApiUnhook : PAPI_UNHOOK; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
{$IFDEF UNICODE}
function EstablishApiHooks (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function hEstablishApiHooks (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function IsModuleLoaded (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function hIsModuleLoaded (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function UnloadModule (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord) : LongWord; stdcall;
function hUnloadModule (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord) : LongWord; stdcall;
function LoadAndCall (pRCI : PRCINFO; lpszDll : PWideChar; ProcessId : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord; ApiNameOrOrd : PChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function hLoadAndCall (pRCI : PRCINFO; lpszDll : PWideChar; hProcess : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord; ApiNameOrOrd : PChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function HookApi (ModuleExport : PWideChar; ApiNameOrOrd : PWideChar; dwFlags : LongWord; ModuleImport : PWideChar; ApiUnhook : PAPI_UNHOOK; HookAddress : Pointer; ExcludeModules : Pointer) : LongWord; stdcall;
{$ELSE}
function EstablishApiHooks (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function hEstablishApiHooks (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function IsModuleLoaded (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function hIsModuleLoaded (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongWord) : LongWord; stdcall;
function UnloadModule (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord) : LongWord; stdcall;
function hUnloadModule (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord) : LongWord; stdcall;
function LoadAndCall (pRCI : PRCINFO; lpszDll : PAnsiChar; ProcessId : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord; ApiNameOrOrd : PChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function hLoadAndCall (pRCI : PRCINFO; lpszDll : PAnsiChar; hProcess : LongWord; dwMilliseconds : LongWord; HowManyTimes : LongWord; ApiNameOrOrd : PChar; nArgs : LongWord; pArgs : Pointer) : LongWord; stdcall;
function HookApi (ModuleExport : PAnsiChar; ApiNameOrOrd : PAnsiChar; dwFlags : LongWord; ModuleImport : PAnsiChar; ApiUnhook : PAPI_UNHOOK; HookAddress : Pointer; ExcludeModules : Pointer) : LongWord; stdcall;
{$ENDIF}
implementation
const
ApihooksDll = 'ApiHooks.dll';
function EstablishApiHooksA; external ApihooksDll name 'EstablishApiHooksA';
function hEstablishApiHooksA; external ApihooksDll name 'hEstablishApiHooksA';
function EstablishApiHooksW; external ApihooksDll name 'EstablishApiHooksW';
function hEstablishApiHooksW; external ApihooksDll name 'hEstablishApiHooksW';
function IsModuleLoadedA; external ApihooksDll name 'IsModuleLoadedA';
function hIsModuleLoadedA; external ApihooksDll name 'hIsModuleLoadedA';
function IsModuleLoadedW; external ApihooksDll name 'IsModuleLoadedW';
function hIsModuleLoadedW; external ApihooksDll name 'hIsModuleLoadedW';
function UnloadModuleA; external ApihooksDll name 'UnloadModuleA';
function hUnloadModuleA; external ApihooksDll name 'hUnloadModuleA';
function UnloadModuleW; external ApihooksDll name 'UnloadModuleW';
function hUnloadModuleW; external ApihooksDll name 'hUnloadModuleW';
function LoadAndCallA; external ApihooksDll name 'LoadAndCallA';
function hLoadAndCallA; external ApihooksDll name 'hLoadAndCallA';
function LoadAndCallW; external ApihooksDll name 'LoadAndCallW';
function hLoadAndCallW; external ApihooksDll name 'hLoadAndCallW';
function RemoteExecute; external ApihooksDll name 'RemoteExecute';
function hRemoteExecute; external ApihooksDll name 'hRemoteExecute';
function HookApiA; external ApihooksDll name 'HookApiA';
function HookApiW; external ApihooksDll name 'HookApiW';
function GetDefaultRCInfo; external ApihooksDll name 'GetDefaultRCInfo';
function GetProcFlags; external ApihooksDll name 'GetProcFlags';
function hGetProcFlags; external ApihooksDll name 'hGetProcFlags';
function UnhookApis; external ApihooksDll name 'UnhookApis';
function CallOrigFn; external ApihooksDll name 'CallOrigFn';
{$IFDEF UNICODE}
function EstablishApiHooks; external ApihooksDll name 'EstablishApiHooksW';
function hEstablishApiHooks; external ApihooksDll name 'hEstablishApiHooksW';
function IsModuleLoaded; external ApihooksDll name 'IsModuleLoadedW';
function hIsModuleLoaded; external ApihooksDll name 'hIsModuleLoadedW';
function UnloadModule; external ApihooksDll name 'UnloadModuleW';
function hUnloadModule; external ApihooksDll name 'hUnloadModuleW';
function LoadAndCall; external ApihooksDll name 'LoadAndCallW';
function hLoadAndCall; external ApihooksDll name 'hLoadAndCallW';
function HookApi; external ApihooksDll name 'HookApiW';
{$ELSE}
function EstablishApiHooks; external ApihooksDll name 'EstablishApiHooksA';
function hEstablishApiHooks; external ApihooksDll name 'hEstablishApiHooksA';
function IsModuleLoaded; external ApihooksDll name 'IsModuleLoadedA';
function hIsModuleLoaded; external ApihooksDll name 'hIsModuleLoadedA';
function UnloadModule; external ApihooksDll name 'UnloadModuleA';
function hUnloadModule; external ApihooksDll name 'hUnloadModuleA';
function LoadAndCall; external ApihooksDll name 'LoadAndCallA';
function hLoadAndCall; external ApihooksDll name 'hLoadAndCallA';
function HookApi; external ApihooksDll name 'HookApiA';
{$ENDIF}
end.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -