📄 hookiat.cpp

📁 《Windows应用程序捆绑核心编程》配套源码

💻 CPP

字号:

// HookIAT.cpp:使用IAT法挂钩.
//
#include "stdafx.h"
#include <afxdllx.h>
#include "HookApi_IAT.h"

void WINAPI ExampleIAT();
void WINAPI ExampleIAT_OFF();

static AFX_EXTENSION_MODULE HookIATDLL = { NULL, NULL };

extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
	// Remove this if you use lpReserved
	UNREFERENCED_PARAMETER(lpReserved);

	if (dwReason == DLL_PROCESS_ATTACH)
	{
		ExampleIAT();
	}
	else if (dwReason == DLL_PROCESS_DETACH)
	{
        ExampleIAT_OFF();
		TRACE0("HOOKIAT.DLL Terminating!\n");
		// Terminate the library before destructors are called
		AfxTermExtensionModule(HookIATDLL);
	}
	return 1;   
}

//---------------------------------------------------------------------------
CHookApi_IAT myIAT;
int WINAPI IATMessageBoxA(HWND hWnd, LPCTSTR lpText,LPCTSTR lpCaption,UINT uType )
{ 
	int nReturn=0; 
	nReturn=MessageBoxA(hWnd,"Hooking MessageBox by IAT",lpCaption,uType); 
	return(nReturn); 
} 

//---------------------------------------------------------------------------
// 通过IAT挂钩API
void WINAPI ExampleIAT()
{
	PROC HookAPIAddr =(FARPROC)
		GetProcAddress(GetModuleHandle("user32.dll"), "MessageBoxA");
    HMODULE hModule= GetModuleHandle(NULL);

// 挂钩所有模块，备用调用.
//	myIAT.HookAllAPI("user32.dll",HookAPIAddr,(PROC)IATMessageBoxA);

// 挂钩单个模块.
 	myIAT.HookOneAPI("user32.dll",HookAPIAddr,(PROC)IATMessageBoxA,hModule);
}

//---------------------------------------------------------------------------
// 卸载IAT挂钩API
void WINAPI ExampleIAT_OFF()
{
    HMODULE hModule= GetModuleHandle(NULL);
 	myIAT.HookOneAPI_OFF("user32.dll",hModule);
}

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -