📄 hooking.pas

📁 Delphi Driver Development Kit 有了它以后可以用delphi开发驱动程序了。里面有详尽的例子。

💻 PAS

字号:

unit Hooking;

interface

uses DDDK;

var
 HookActive:Boolean;

//this works only for original unpatched functions
function SystemService(AFunc:Pointer):PLONG;

function HookingHook:Integer; stdcall;
function HookingUnhook:Integer; stdcall;

implementation

uses HookedProc;

//var
// KeServiceDescriptorTable:TServiceDescriptorEntry;

function SystemService(AFunc:Pointer):PLONG;
begin
 Result:=PLONG(Cardinal(KeServiceDescriptorTable^.ServiceTableBase)+SizeOf(ULONG)*PULONG(ULONG(AFunc)+1)^);
end;


function HookingHook:Integer; stdcall;
begin
 DbgMsg('hooking.pas: HookingHook()',[]);

 if HookActive then
 begin
  DbgMsg('hooking.pas: HookingHook error: hook is already active',[]);
  DbgMsg('hooking.pas: HookingHook(-):False',[]);
  Result:=Integer(False);
  Exit;
 end;

 // 
 // now we are changing SDT
 // we have to use atomic operations because of multiprocessor machines
 //
 // we also have to disable WP bit for WXP SP2 and higher
 // to be able to write to SDT
 //

 asm                                            //disable WP bit
  mov eax,cr0                                   //move CR0 register into EAX
  and eax,not 000010000h                        //disable WP bit 
  mov cr0,eax                                   //write register back
 end;

 OldZwOpenProcess:=TZwOpenProcess(InterlockedExchange(SystemService(ZwOpenProcessAddr),LONG(@NewZwOpenProcess)));

 asm                                            //enable WP bit
  mov eax,cr0                                   //move CR0 register into EAX
  or eax,000010000h                             //enable WP bit         
  mov cr0,eax                                   //write register back           
 end;

 DbgMsg('OldZwOpenProcess=0x%.8X',[@OldZwOpenProcess]);
 DbgMsg('ZwOpenProcess=0x%.8X',[SystemService(ZwOpenProcessAddr)^]);

 HookActive:=True;

 Result:=Integer(True);

 DbgMsg('hooking.pas: HookingHook(-):True',[]);
end;


function HookingUnhook:Integer; stdcall;
begin
 DbgMsg('hooking.pas: HookingUnhook()',[]);

 if not HookActive then
 begin
  DbgMsg('hooking.pas: HookingUnhook error: hook is not active',[]);
  DbgMsg('hooking.pas: HookingUnhook(-):False',[]);
  Result:=Integer(False);
  Exit;
 end;

 DbgMsg('NewZwOpenProcess=0x%.8X',[@NewZwOpenProcess]);


 //
 // similar actions as in hooking_hook()
 //

 asm                                            //disable WP bit
  mov eax,cr0                                   //move CR0 register into EAX
  and eax,not 000010000h                        //disable WP bit 
  mov cr0,eax                                   //write register back
 end;

 InterlockedExchange(SystemService(ZwOpenProcessAddr),LONG(@OldZwOpenProcess));

 asm                                          //enable WP bit
  mov eax,cr0                                 //move CR0 register into EAX
  or eax,000010000h                           //enable WP bit         
  mov cr0,eax                                 //write register back           
 end;

 DbgMsg('ZwOpenProcess=0x%.8X',[SystemService(ZwOpenProcessAddr)^]);

 HookActive:=False;

 Result:=Integer(True);

 DbgMsg('hooking.pas: HookingUnhook(-):True',[]);
end;

end.

💿 文件大小 1114 K

👤 上传用户 zxyxwd6

📂 所属分类 Delphi控件源码

🏷️ 相关标签

#Development #Delphi #Driver #delphi

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -