📄 apihooks.h
字号:
// ApiHooks.h - constants and structures for ApiHooks
#ifndef _APIHOOKS_
#define _APIHOOKS_ 1
// Core constants and structures
//Return values--------------------------------------
#define ErrorAHMin (0xE1C2F3B1)
#define ErrorAHException (ErrorAHMin+0)
#define ErrorAHOpen (ErrorAHMin+1)
#define ErrorAHPrepare (ErrorAHMin+2)
#define ErrorAHTimeOut (ErrorAHMin+3)
#define ErrorAHRemote (ErrorAHMin+4)
#define ErrorAHMax (ErrorAHMin+4)
#define ErrorAMMin ErrorAHMin
#define ErrorAMModule (ErrorAHMax+1)
#define ErrorAMApi (ErrorAHMax+2)
#define ErrorAMMax (ErrorAHMax+2)
#define ErrorAWSuccess (0xE1C2F3B0)
//---------------------------------------------------
//RCFlags--------------------------------------------
#define RC_FL_OWNTIMEOUT 1
#define RC_FL_TERMINATE 2
#define RC_FL_OWNFREE 4
#define RC_FL_UNHIDE9X 8
#define RC_FL_DEFSD 16
//RC constants:
#define RCBlockStart 0xAC
#define RCThreadBodyAlias 0xE1C2F3AF
//ProcFlags------------------------------------------
#define RC_PF_DEBUGGED 1
#define RC_PF_16TERM 2
#define RC_PF_NOOPEN 4
#define RC_PF_NATIVE 8
#define RC_PF_NOTINITED 16
//RCINFO---------------------------------------------
typedef struct _RCINFO {
DWORD RCFlags;
DWORD ProcFlags;
LPVOID (WINAPI *RtlAllocMem)(HANDLE, DWORD);
BOOL (WINAPI *RtlFreeMem)(HANDLE, LPVOID);
HANDLE hProcess;
DWORD ProcessId;
HANDLE hThread;
DWORD ThreadId;
LPVOID ThreadBody;
LPVOID ThreadStack;
} RCINFO, *PRCINFO;
//ModWorks.LoadAndCall flags---------------------------------------
#define LAC_PASCAL 0x80000000
#define LAC_FASTCALL 0x40000000
#define LAC_COMCALL 0x20000000
#define LAC_DELPHI 0x10000000
//ModWorks.LoadAndCall constants:
#define LACThreadBodyAlias 0xE1C2F3AF
#define LACSTKPointer 0xE1C2E700
#define LACMEMPointer 0xE1C2DA00
#define LACMEMOffset 0x3DC
#define LACMEMSize 0xC24
#define LACMaxArgs 0x309
//------------------------------------------------------
// ApiWorks constants and structures
//dwFlags-----------------------------------------------
#define HOOK_EXPORT 1
#define HOOK_BY_NAME 2
#define HOOK_BY_ADDRESS 4
#define HOOK_HARD 8
#define HOOK_LOAD_IMPORT 16
#define HOOK_SPECIAL 32
#define HOOK_NOT_NT 64
#define HOOK_NOT_9X 128
#define HOOK_OVERWRITE 256
#define HOOK_RAW 512
#define HOOK_ALL_SAFE 1024
#define HOOK_LOAD_EXPORT 2048
//ModuleExport------------------------------------------
#define HOOKS_END ((LPCSTR)-1)
#define HOOKS_DYNAMIC ((LPCSTR)-2)
//ModuleExport or ModuleImport--------------------------
#define MAIN_MODULE ((LPCSTR)0)
//ModuleImport------------------------------------------
#define ALL_MODULES ((LPCSTR)-1)
//UnhookApis--------------------------------------------
#define WHOLE_AH_CHAIN (-1)
typedef struct _ADDR_CONTENTS {
DWORD *ReturnWhere;
DWORD ReturnWhat;
} ADDR_CONTENTS, *PADDR_CONTENTS;
typedef struct _API_UNHOOK {
DWORD MaxNoAddr;
DWORD CurNoAddr;
PADDR_CONTENTS WhereWhat;
} API_UNHOOK, *PAPI_UNHOOK;
typedef struct _API_HOOK {
LPCSTR ModuleExport;
LPCSTR ApiNameOrOrd;
DWORD dwFlags;
LPCVOID ModuleImport;
PAPI_UNHOOK UnhookAddresses;
LPCVOID HookAddress;
} API_HOOK, *PAPI_HOOK;
//Protos--------------------------------------------
#ifdef __TURBOC__
#ifdef __cplusplus
#define __EXPORT extern "C" __declspec(dllexport)
#else
#define __EXPORT __declspec(dllexport)
#endif
#ifdef AH_STATIC_LINKING
#ifdef __cplusplus
#define __XTRN194 extern "C"
#else
#define __XTRN194 extern
#endif
__XTRN194 DWORD __stdcall _EstablishApiHooksA(PRCINFO pRCI, LPCSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _hEstablishApiHooksA(PRCINFO pRCI, LPCSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _EstablishApiHooksW(PRCINFO pRCI, LPCWSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _hEstablishApiHooksW(PRCINFO pRCI, LPCWSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _IsModuleLoadedA(PRCINFO pRCI, LPCSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _hIsModuleLoadedA(PRCINFO pRCI, LPCSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _IsModuleLoadedW(PRCINFO pRCI, LPCWSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _hIsModuleLoadedW(PRCINFO pRCI, LPCWSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds);
__XTRN194 DWORD __stdcall _UnloadModuleA(PRCINFO pRCI, LPCSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds, DWORD HowManyTimes);
__XTRN194 DWORD __stdcall _hUnloadModuleA(PRCINFO pRCI, LPCSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds, DWORD HowManyTimes);
__XTRN194 DWORD __stdcall _UnloadModuleW(PRCINFO pRCI, LPCWSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds, DWORD HowManyTimes);
__XTRN194 DWORD __stdcall _hUnloadModuleW(PRCINFO pRCI, LPCWSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds, DWORD HowManyTimes);
__XTRN194 DWORD __stdcall _LoadAndCallA(PRCINFO pRCI, LPCSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds, DWORD HowManyTimes, LPCSTR ApiNameOrOrd, DWORD nArgs, LPVOID pArgs);
__XTRN194 DWORD __stdcall _hLoadAndCallA(PRCINFO pRCI, LPCSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds, DWORD HowManyTimes, LPCSTR ApiNameOrOrd, DWORD nArgs, LPVOID pArgs);
__XTRN194 DWORD __stdcall _LoadAndCallW(PRCINFO pRCI, LPCWSTR lpszDll, DWORD ProcessId, LONG dwMilliseconds, DWORD HowManyTimes, LPCWSTR ApiNameOrOrd, DWORD nArgs, LPVOID pArgs);
__XTRN194 DWORD __stdcall _hLoadAndCallW(PRCINFO pRCI, LPCWSTR lpszDll, HANDLE hProcess, LONG dwMilliseconds, DWORD HowManyTimes, LPCWSTR ApiNameOrOrd, DWORD nArgs, LPVOID pArgs);
__XTRN194 DWORD __stdcall _RemoteExecute(PRCINFO pRCI, DWORD ProcessId, LONG dwMilliseconds, LPVOID lpBlock, DWORD BlockSize, LPVOID lpParameter);
__XTRN194 DWORD __stdcall _hRemoteExecute(PRCINFO pRCI, HANDLE hProcess, LONG dwMilliseconds, LPVOID lpBlock, DWORD BlockSize, LPVOID lpParameter);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -