apiredir.cpp

此为本书的配套光盘.本书不但由浅入深地讲解了软件保护技术

/********************************************************************

	Copyright (c) Beijing Feitian Technologies
	http://www.FTSafe.com

	File :		APIRedir.cpp	

	Created:	2003/11/05

	Author:		yihai
	
	Purpose:	?

	Revision:	?

*********************************************************************/
// APIRedir.cpp : Defines the entry point for the application.
//

#include "stdafx.h"
#include "apidata.h"

void InitAPITable();
bool SetAPIHookProc(LPCTSTR lpName,LPCTSTR lpDllName,PVOID pHookProc);

PRTM_IMPORT_TABLE	g_pRunTimeImp = NULL;
int					g_nItemCount = 0;
DWORD				g_dwTempAddr;

DWORD				g_dwOSVersion=0;
PSTR				g_pCmdLine=NULL;
HMODULE				g_hModHandle=NULL;
STARTUPINFO			g_siStartupInfo;

DWORD WINAPI GetVersionHookProc()
{	
	OutputDebugString("Calling GetVersion");
	return g_dwOSVersion;
}

LPTSTR WINAPI GetCommandLineHookProc()
{
	OutputDebugString("Calling GetCommandLine");
	return g_pCmdLine;
}

HMODULE WINAPI GetModuleHandleHookProc(LPCTSTR lpModuleName)
{
	OutputDebugString("Calling GetModuleHandle");
	if(lpModuleName==NULL)
	{
		return g_hModHandle;
	}
	else	
		return GetModuleHandle(lpModuleName);
}

VOID WINAPI GetStartupInfoHookProc(LPSTARTUPINFO lpStartupInfo)
{
	OutputDebugString("Calling GetStartupInfo");
	memcpy(lpStartupInfo,&g_siStartupInfo,sizeof(STARTUPINFO));
}

int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
	g_dwOSVersion = GetVersion();
	g_pCmdLine	  = GetCommandLine();
	g_hModHandle = GetModuleHandle(NULL);
	GetStartupInfo(&g_siStartupInfo);


	InitAPITable();

	if(SetAPIHookProc("GetVersion","KERNEL32",GetVersionHookProc))
	{
		OutputDebugString("GetVersion Hooked");
	}

	if(SetAPIHookProc("GetCommandLineA","KERNEL32",GetCommandLineHookProc))
	{
		OutputDebugString("GetCommandLineA Hooked");
	}

	if(SetAPIHookProc("GetModuleHandleA","KERNEL32",GetModuleHandleHookProc))
	{
		OutputDebugString("GetModuleHandle Hooked");
	}

	if(SetAPIHookProc("GetStartupInfoA","KERNEL32",GetStartupInfoHookProc))
	{
		OutputDebugString("GetStartupInfoA Hooked");
	}

	MessageBox(0,"Init ok",0,0);
	
	return 0;
}

bool SetAPIHookProc(LPCTSTR lpName,LPCTSTR lpDllName,PVOID pHookProc)
{
	HMODULE hMod = LoadLibrary(lpDllName);
	if(!hMod)
		return false;
	
	DWORD dwProcAddr = (DWORD)GetProcAddress(hMod,lpName);
	FreeLibrary(hMod);

	if(dwProcAddr==0)
		return false;
	for(int i=0;i<g_nItemCount;i++)
	{
		if(g_pRunTimeImp[i].dwProcEntry == dwProcAddr)
		{
			g_pRunTimeImp[i].dwProcEntry =(DWORD)pHookProc;
			return true;
		}
	}
	return false;
}

void InitAPITable()
{
	PSHL_IMPORT_TABLE  pMyImp = g_shl_import_table;
	char szBuf[512];
	
	wsprintf(szBuf,"First String %s %x",pMyImp[0].pName,pMyImp[0].dwType);
	OutputDebugString(szBuf);
	HMODULE hMod = NULL;
	
	
	g_nItemCount = GetDataSize();
	int nCount = g_nItemCount;
	
	g_pRunTimeImp = new RTM_IMPORT_TABLE[nCount];
	{
		for(int i=0;i<nCount;i++)
		{
			memset(&g_pRunTimeImp[i],0,sizeof(RTM_IMPORT_TABLE));
		}
	}	
	
	DWORD dwStartRVA=0;
	int iCurPos = 0;
	int iDllIndex=0;
	for(int i=0;i<nCount;i++)
	{		
		if(IsImpStart(pMyImp[i].dwType))
		{
			wsprintf(szBuf,"Load %s %X",pMyImp[i].pName,pMyImp[i].dwType);
			OutputDebugString(szBuf);
			hMod = LoadLibrary(pMyImp[i].pName);
			dwStartRVA = pMyImp[i].dwType;			
			iDllIndex = 0;
		}
		else 
		{
			DWORD dwProcAddr = (DWORD)GetProcAddress(hMod,pMyImp[i].pName);
			DWORD dwOldAddr = dwStartRVA+4*(iDllIndex++);
			
			if(IsImpByString(pMyImp[i].dwType))
			{
				wsprintf(szBuf,"%d Get API %s %X %X",i,pMyImp[i].pName,dwOldAddr,dwProcAddr);
			}
			else
			{
				wsprintf(szBuf,"%d Get API ord(%X) %X %X",i,pMyImp[i].pName,dwOldAddr,dwProcAddr);				
			}	
			OutputDebugString(szBuf);
			
			g_pRunTimeImp[iCurPos].dwOldRVA = dwOldAddr;
			g_pRunTimeImp[iCurPos].dwProcEntry = dwProcAddr;
			iCurPos++;		
		}		
	}	
}


DWORD LookUpAPITable(DWORD dwOldAddr)
{
	//char szBuf[512];
	//wsprintf(szBuf,"Searching (%X)",dwOldAddr);
	//OutputDebugString(szBuf);
	for(int i=0;i<g_nItemCount;i++)
	{
		if(dwOldAddr == g_pRunTimeImp[i].dwOldRVA)
			return g_pRunTimeImp[i].dwProcEntry;
	}
	return 0;
}

extern "C" void ShellAPIRedirProc(DWORD dwOldRVA)
{
	__asm sub ebp,4
	g_dwTempAddr = LookUpAPITable(dwOldRVA);
	if(g_dwTempAddr==0)
	{
		MessageBox(0,"Can't find entry",0,0);
		ExitProcess(0);
	}		
	else
	{
		__asm pop edi
		__asm pop esi
		__asm pop ebx
		__asm pop ebp
		__asm pop eax
		__asm mov eax,g_dwTempAddr
		__asm jmp eax
	}
}