autohook.bas

Cracker终结者——提供最优秀的软件保护技术

Attribute VB_Name = "MainModule"
Option Explicit

Public Declare Function GetCurrentProcessId Lib "KERNEL32.dll" _
    () As Long

Public Declare Function GetVersion Lib "KERNEL32.dll" _
    () As Long
    
Public Declare Function GetModuleHandle Lib "KERNEL32.dll" _
    Alias "GetModuleHandleA" (ByVal Module As Any) As Long
    
Public AddrContents(2) As ADDRESS_CONTENTS
Public ApiUnhook As API_UNHOOK
Function GetFuncAddr(lpFuncAddr As Long) As Long
 GetFuncAddr = lpFuncAddr
End Function
Function NewGetVersion() As Long
 NewGetVersion = 9
End Function
Sub Main()
 If LoadAndCall("Alien.dll", GetCurrentProcessId(), 1, 0&) <> 0 Then
  MsgBox "Module Alien.dll loaded!", vbOKOnly, "AH in VB"
 Else
  MsgBox "Module Alien.dll not loaded!", vbOKOnly, "AH in VB"
 End If
 
 MsgBox "KERNEL32.dll loaded at " + Hex(IsModuleLoaded("kernel32.dll", GetCurrentProcessId())), _
       vbOKOnly, "AH in VB"
 
 If HookApi("kernel32.dll", "GetVersion", HOOK_ALL, ALL_MODULES, 0&, GetFuncAddr(AddressOf NewGetVersion), 0&) = ErrorSuccess Then
  MsgBox "API GetVersion hooked!", vbOKOnly, "AH in VB"
 Else
  MsgBox "API GetVersion not hooked!", vbOKOnly, "AH in VB"
 End If
 
 If UnloadModule("Alien.dll", GetCurrentProcessId(), 10) = 0 Then
  MsgBox "Module Alien.dll unloaded!", vbOKOnly, "AH in VB"
 Else
  MsgBox "Module Alien.dll not unloaded!", vbOKOnly, "AH in VB"
 End If
 
  MsgBox "OS Version = " + Str(GetVersion() And 15), vbOKOnly, "AH in VB"
End Sub