📄 unit1.~cpp
字号:
//---------------------------------------------------------------------------
#include <winsock2.h>
#include <vcl.h>
#include <windows.h>
#pragma hdrstop
#pragma argsused
#include "Unit2.cpp"
HHOOK prochook,keyhook;
HINSTANCE hinstance;
FARPROC pfsend,pfsendto,pfrecv,pfrecvfrom;
BYTE mysendbuf[70000],mysendtobuf[70000],myrecvbuf[70000],myrecvfrombuf[70000];
BYTE oldsend[5],newsend[5],oldsendto[5],newsendto[5],
oldrecv[5],newrecv[5],oldrecvfrom[5],newrecvfrom[5];
DWORD dwIdOld,dwIdNew;
HMODULE hModule;
BOOL init();
int WINAPI Mysend(
SOCKET s,
const char FAR * buf,
int len,
int flags
);
int WINAPI Mysendto(
SOCKET s,
const char FAR * buf,
int len,
int flags,
const struct sockaddr FAR * to,
int tolen
);
int WINAPI Myrecv (
SOCKET s,
char FAR* buf,
int len,
int flags
);
int WINAPI Myrecvfrom (
SOCKET s,
char FAR* buf,
int len,
int flags,
struct sockaddr FAR* from,
int FAR* fromlen
);
extern "C" __declspec(dllexport) void __stdcall sendHookOn();
extern "C" __declspec(dllexport) void __stdcall sendHookOff();
extern "C" __declspec(dllexport) void __stdcall sendtoHookOn();
extern "C" __declspec(dllexport) void __stdcall sendtoHookOff();
extern "C" __declspec(dllexport) void __stdcall recvHookOn();
extern "C" __declspec(dllexport) void __stdcall recvHookOff();
extern "C" __declspec(dllexport) void __stdcall recvfromHookOn();
extern "C" __declspec(dllexport) void __stdcall recvfromHookOff();
extern "C" __declspec(dllexport) void __stdcall InstallHook();
extern "C" __declspec(dllexport) void __stdcall UninstallHook();
int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{hinstance=hinst;
switch (reason)
{case DLL_PROCESS_ATTACH:
//isnew=true;
//isnewok=true;
if(!init())
{
MessageBoxA(NULL,"初始化错误","错误",MB_OK);
return(false);
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
sendHookOff();
sendtoHookOff();
recvHookOff();
recvfromHookOff();
UninstallHook();
break;
}
return 1;
}
//---------------------------------------------------------------------------
LRESULT WINAPI MyProcHook(int nCode,WPARAM wParam,LPARAM lParam)
{
return(CallNextHookEx(prochook,nCode,wParam,lParam));
};
LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
WPARAM wKey =wParam;
if((HIWORD(lParam) & KF_UP) == 0 && HC_ACTION == nCode)
{
if(wKey == VK_MULTIPLY)
{
HWND hWnd = GetForegroundWindow();
HWND op=FindWindow(NULL,"halflifezy");
if (hWnd==op)
{goto bb;}
if (isnew==true)
{
form0=new TForm2(NULL);
isnew=false;
isdelete=true;
isnewok=true;
}
form0->ParentWindow=hWnd;
form0->Show();
bb:
}
}
return CallNextHookEx(keyhook, nCode, wParam, lParam );
}
void __stdcall InstallHook()
{
prochook=SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)MyProcHook,hinstance,0);
keyhook=SetWindowsHookEx(WH_KEYBOARD,(HOOKPROC)KeyboardProc, hinstance, 0);
};
void __stdcall UninstallHook()
{
//sendHookOff();
//sendtoHookOff();
//recvHookOff();
//recvfromHookOff();
FreeLibrary(hModule);
UnhookWindowsHookEx(prochook);
UnhookWindowsHookEx(keyhook);
};
int WINAPI Mysend(
SOCKET s,
const char FAR * buf,
int len,
int flags
)
{int nReturn=0;
sendHookOff();
memcpy(mysendbuf,buf,len);
if ((ok!=0)&&(isnewok==true))
{//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n\r\n\r\n"+"send"+"\r\n";
form0->Memo1->Lines->Add(AnsiString("\r\n\r\n\r\n\r\n")+"send");
int i,a,o;
a=1;
AnsiString mytext;
for (i=0;i<=(len-1);i++)
{ if (a>16)
{form0->Memo1->Lines->Add(mytext);
a=1;
//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n";
form0->Memo1->Lines->Add("\r");
mytext="";
}
mytext=mytext+IntToHex(mysendbuf[i],2)+" ";
o=i+1;
if (o>(len-1))
{
form0->Memo1->Lines->Add(mytext);
}
//form0->Memo1->Text=form0->Memo1->Text+IntToHex(mysendbuf[i],2)+" ";
a=a+1;
}
}
nReturn=send(s,(char *)mysendbuf,len,flags);
sendHookOn();
return(nReturn);
}
int WINAPI Mysendto(
SOCKET s,
const char FAR * buf,
int len,
int flags,
const struct sockaddr FAR * to,
int tolen
)
{
int nReturn=0;
sendtoHookOff();
memcpy(mysendtobuf,buf,len);
if ((ok!=0)&&(isnewok==true))
{//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n\r\n\r\n"+"sendto"+"\r\n";
form0->Memo1->Lines->Add(AnsiString("\r\n\r\n\r\n\r\n")+"sendto");
int i,a,o;
a=1;
AnsiString mytext;
for (i=0;i<=(len-1);i++)
{ if (a>16)
{form0->Memo1->Lines->Add(mytext);
a=1;
//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n";
form0->Memo1->Lines->Add("\r");
mytext="";
}
mytext=mytext+IntToHex(mysendtobuf[i],2)+" ";
o=i+1;
if (o>(len-1))
{
form0->Memo1->Lines->Add(mytext);
}
//form0->Memo1->Text=form0->Memo1->Text+IntToHex(mysendtobuf[i],2)+" ";
a=a+1;
}
}
nReturn=sendto(s,(char *)mysendtobuf,len,flags,to,tolen);
sendtoHookOn();
return(nReturn);
}
int WINAPI Myrecv (
SOCKET s,
char FAR* buf,
int len,
int flags
)
{int nReturn=0;
recvHookOff();
nReturn=recv(s,buf,len,flags);
memcpy(myrecvbuf,buf,len);
if ((ok!=0)&&(isnewok==true))
{//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n\r\n\r\n"+"recv"+"\r\n";
form0->Memo1->Lines->Add(AnsiString("\r\n\r\n\r\n\r\n")+"recv");
int i,a,o;
a=1;
AnsiString mytext;
for (i=0;i<=(len-1);i++)
{ if (a>16)
{form0->Memo1->Lines->Add(mytext);
a=1;
//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n";
form0->Memo1->Lines->Add("\r");
mytext="";
}
mytext=mytext+IntToHex(myrecvbuf[i],2)+" ";
o=i+1;
if (o>(len-1))
{
form0->Memo1->Lines->Add(mytext);
}
//form0->Memo1->Text=form0->Memo1->Text+IntToHex(myrecvbuf[i],2)+" ";
a=a+1;
}
}
recvHookOn();
return(nReturn);
}
int WINAPI Myrecvfrom (
SOCKET s,
char FAR* buf,
int len,
int flags,
struct sockaddr FAR* from,
int FAR* fromlen
)
{int nReturn=0;
recvfromHookOff();
nReturn=recvfrom(s,buf,len,flags,from,fromlen);
memcpy(myrecvfrombuf,buf,len);
if ((ok!=0)&&(isnewok==true))
{//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n\r\n\r\n"+"recvfrom"+"\r\n";
form0->Memo1->Lines->Add(AnsiString("\r\n\r\n\r\n\r\n")+"recvfrom");
int i,a,o;
a=1;
AnsiString mytext;
for (i=0;i<=(len-1);i++)
{ if (a>16)
{form0->Memo1->Lines->Add(mytext);
a=1;
//form0->Memo1->Text=form0->Memo1->Text+"\r\n\r\n";
form0->Memo1->Lines->Add("\r");
mytext="";
}
mytext=mytext+IntToHex(myrecvfrombuf[i],2)+" ";
o=i+1;
if (o>(len-1))
{
form0->Memo1->Lines->Add(mytext);
}
//form0->Memo1->Text=form0->Memo1->Text+IntToHex(myrecvfrombuf[i],2)+" ";
a=a+1;
}
}
recvfromHookOn();
return(nReturn);
}
void __stdcall sendHookOn()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfsend,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfsend,newsend,5,0);
VirtualProtectEx(hProc,pfsend,5,dwIdOld,&dwIdOld);
}
void __stdcall sendHookOff()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfsend,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfsend,oldsend,5,0);
VirtualProtectEx(hProc,pfsend,5,dwIdOld,&dwIdOld);
}
void __stdcall sendtoHookOn()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfsendto,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfsendto,newsendto,5,0);
VirtualProtectEx(hProc,pfsendto,5,dwIdOld,&dwIdOld);
}
void __stdcall sendtoHookOff()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfsendto,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfsendto,oldsendto,5,0);
VirtualProtectEx(hProc,pfsendto,5,dwIdOld,&dwIdOld);
}
void __stdcall recvHookOn()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfrecv,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfrecv,newrecv,5,0);
VirtualProtectEx(hProc,pfrecv,5,dwIdOld,&dwIdOld);
}
void __stdcall recvHookOff()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfrecv,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfrecv,oldrecv,5,0);
VirtualProtectEx(hProc,pfrecv,5,dwIdOld,&dwIdOld);
}
void __stdcall recvfromHookOn()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfrecvfrom,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfrecvfrom,newrecvfrom,5,0);
VirtualProtectEx(hProc,pfrecvfrom,5,dwIdOld,&dwIdOld);
}
void __stdcall recvfromHookOff()
{
HANDLE hProc;
dwIdOld=dwIdNew;
hProc=OpenProcess(PROCESS_ALL_ACCESS,0,dwIdOld);
VirtualProtectEx(hProc,pfrecvfrom,5,PAGE_READWRITE,&dwIdOld);
WriteProcessMemory(hProc,pfrecvfrom,oldrecvfrom,5,0);
VirtualProtectEx(hProc,pfrecvfrom,5,dwIdOld,&dwIdOld);
}
BOOL init()
{
hModule=LoadLibrary("wsock32.dll");
pfsend=GetProcAddress(hModule,"send");
if(pfsend==NULL)
return false;
_asm
{
lea edi,oldsend
mov esi,pfsend
cld
movsd
movsb
}
newsend[0]=0xe9;
_asm
{
lea eax,Mysend
mov ebx,pfsend
sub eax,ebx
sub eax,5
mov dword ptr [newsend+1],eax
}
//hModule=LoadLibrary("wsock32.dll");
pfsendto=GetProcAddress(hModule,"sendto");
if(pfsendto==NULL)
return false;
_asm
{
lea edi,oldsendto
mov esi,pfsendto
cld
movsd
movsb
}
newsendto[0]=0xe9;
_asm
{
lea eax,Mysendto
mov ebx,pfsendto
sub eax,ebx
sub eax,5
mov dword ptr [newsendto+1],eax
}
//hModule=LoadLibrary("wsock32.dll");
pfrecv=GetProcAddress(hModule,"recv");
if(pfrecv==NULL)
return false;
_asm
{
lea edi,oldrecv
mov esi,pfrecv
cld
movsd
movsb
}
newrecv[0]=0xe9;
_asm
{
lea eax,Myrecv
mov ebx,pfrecv
sub eax,ebx
sub eax,5
mov dword ptr [newrecv+1],eax
}
//hModule=LoadLibrary("wsock32.dll");
pfrecvfrom=GetProcAddress(hModule,"recvfrom");
if(pfrecvfrom==NULL)
return false;
_asm
{
lea edi,oldrecvfrom
mov esi,pfrecvfrom
cld
movsd
movsb
}
newrecvfrom[0]=0xe9;
_asm
{
lea eax,Myrecvfrom
mov ebx,pfrecvfrom
sub eax,ebx
sub eax,5
mov dword ptr [newrecvfrom+1],eax
}
isnew=true;
isnewok=true;
dwIdNew=GetCurrentProcessId();
dwIdOld=dwIdNew;
sendHookOn();
sendtoHookOn();
recvHookOn();
recvfromHookOn();
return(true);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -