apiredir.cpp

此为本书的配套光盘.本书不但由浅入深地讲解了软件保护技术

/********************************************************************

	Copyright (c) Beijing Feitian Technologies
	http://www.FTSafe.com

	File :		APIRedir.cpp	

	Created:	2003/11/05

	Author:		yihai
	
	Purpose:	?

	Revision:	?

*********************************************************************/
// APIRedir.cpp : Defines the entry point for the application.
//

#include "stdafx.h"
#include "apidata.h"

void InitAPITable();

PRTM_IMPORT_TABLE	g_pRunTimeImp = NULL;
int					g_nItemCount = 0;
DWORD				g_dwTempAddr;


int APIENTRY WinMain(HINSTANCE hInstance,
                     HINSTANCE hPrevInstance,
                     LPSTR     lpCmdLine,
                     int       nCmdShow)
{
	InitAPITable();
	MessageBox(0,"Init ok",0,0);
	
	return 0;
}

void InitAPITable()
{
	PSHL_IMPORT_TABLE  pMyImp = g_shl_import_table;
	char szBuf[512];
	
	wsprintf(szBuf,"First String %s %x",pMyImp[0].pName,pMyImp[0].dwType);
	OutputDebugString(szBuf);
	HMODULE hMod = NULL;
	
	
	g_nItemCount = GetDataSize();
	int nCount = g_nItemCount;
	
	g_pRunTimeImp = new RTM_IMPORT_TABLE[nCount];
	{
		for(int i=0;i<nCount;i++)
		{
			memset(&g_pRunTimeImp[i],0,sizeof(RTM_IMPORT_TABLE));
		}
	}	
	
	DWORD dwStartRVA=0;
	int iCurPos = 0;
	int iDllIndex=0;
	for(int i=0;i<nCount;i++)
	{		
		if(IsImpStart(pMyImp[i].dwType))
		{
			wsprintf(szBuf,"Load %s %X",pMyImp[i].pName,pMyImp[i].dwType);
			OutputDebugString(szBuf);
			hMod = LoadLibrary(pMyImp[i].pName);
			dwStartRVA = pMyImp[i].dwType;			
			iDllIndex = 0;
		}
		else 
		{
			DWORD dwProcAddr = (DWORD)GetProcAddress(hMod,pMyImp[i].pName);
			DWORD dwOldAddr = dwStartRVA+4*(iDllIndex++);
			
			if(IsImpByString(pMyImp[i].dwType))
			{
				wsprintf(szBuf,"%d Get API %s %X %X",i,pMyImp[i].pName,dwOldAddr,dwProcAddr);
			}
			else
			{
				wsprintf(szBuf,"%d Get API ord(%X) %X %X",i,pMyImp[i].pName,dwOldAddr,dwProcAddr);				
			}	
			OutputDebugString(szBuf);
			
			g_pRunTimeImp[iCurPos].dwOldRVA = dwOldAddr;
			g_pRunTimeImp[iCurPos].dwProcEntry = dwProcAddr;
			iCurPos++;		
		}		
	}	
}


DWORD LookUpAPITable(DWORD dwOldAddr)
{
/*	char szBuf[512];
	wsprintf(szBuf,"Searching (%X)",dwOldAddr);
	OutputDebugString(szBuf);*/
	for(int i=0;i<g_nItemCount;i++)
	{
		if(dwOldAddr == g_pRunTimeImp[i].dwOldRVA)
			return g_pRunTimeImp[i].dwProcEntry;
	}
	return 0;
}

extern "C" void ShellAPIRedirProc(DWORD dwOldRVA)
{
	__asm sub ebp,4
	g_dwTempAddr = LookUpAPITable(dwOldRVA);
	if(g_dwTempAddr==0)
	{
		MessageBox(0,"Can't find entry",0,0);
		ExitProcess(0);
	}		
	else
	{
		__asm pop edi
		__asm pop esi
		__asm pop ebx
		__asm pop ebp
		__asm pop eax
		__asm mov eax,g_dwTempAddr
		__asm jmp eax
	}
}