📄 capconsolealt.c
字号:
#if _MSC_VER > 1000
#pragma once
#endif
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include "ApiHooks.h"
HANDLE hLog = INVALID_HANDLE_VALUE;
ADDR_CONTENTS AddrAndValue[3];
API_UNHOOK UnhookWriteConsoleA = {3,0,AddrAndValue};
void HookApis();
HANDLE ExcludeModules[3] = {0,0,0};
void LibTest() {
LoadAndCall("KERNEL32.DLL",GetCurrentProcessId(), 1, NULL);
UnloadModule("KERNEL32.DLL",GetCurrentProcessId(), 1);
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved)
{
switch (ul_reason_for_call)
{ case DLL_PROCESS_ATTACH:
if(hLog == INVALID_HANDLE_VALUE)
hLog = CreateFile("console.log", GENERIC_WRITE, FILE_SHARE_READ,
NULL, CREATE_ALWAYS, 0, NULL);
ExcludeModules[0] = hModule;
ExcludeModules[1] = GetModuleHandle("MSVCRT.DLL");
HookApis();
break;
case DLL_PROCESS_DETACH:
CloseHandle(hLog);
hLog = INVALID_HANDLE_VALUE;
LibTest();
break;
}
return TRUE;
}
BOOL WINAPI NewWriteConsoleA(HANDLE hConOut, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) {
WriteFile(hLog, lpvBuffer, cchToWrite, lpcchWritten, NULL);
return(WriteConsoleA(hConOut, lpvBuffer, cchToWrite,lpcchWritten, lpvReserved));
}
FARPROC WINAPI NewGetProcAddress(HMODULE hModule, LPCSTR lpProcName) {
if(hModule == GetModuleHandle("KERNEL32.DLL")) {
if(!lstrcmp(lpProcName, "WriteConsoleA")) return((FARPROC)NewWriteConsoleA);
if(!lstrcmp(lpProcName, "GetProcAddress")) return((FARPROC)NewGetProcAddress);
}
return(GetProcAddress(hModule, lpProcName));
}
void HookApis() {
DWORD result = HookApi("KERNEL32.DLL","WriteConsoleA", HOOK_ALL, ALL_MODULES, &UnhookWriteConsoleA, NewWriteConsoleA, ExcludeModules);
result|= HookApi("KERNEL32.DLL","GetProcAddress",HOOK_ALL, ALL_MODULES, NULL, NewGetProcAddress, NULL);
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -