📄 mischooks.asm
字号:
;@goto translate
.586P
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE WINDOWS.inc
UNICODE = FALSE
INCLUDE APIMACRO.mac
INCLUDE ApiHooks.inc
INCLUDELIB iKERNEL32.lib
INCLUDELIB iUSER32.lib
INCLUDELIB iADVAPI32.lib
;------------------------------------------------------------------
.DATA?
Place SIGN 80 DUP (?)
.CODE
;if DllMain is not required then use /noentry switch on LINK commandline
DllMain PROC DllHandle, Reason, pContext
MOV EAX, Reason
CMP EAX, DLL_PROCESS_ATTACH
JE Attach
CMP EAX, DLL_PROCESS_DETACH
JE Detach
Success:
MOV EAX, TRUE
RET
Attach:
CMP hLog, INVALID_HANDLE_VALUE
JNE Success
iWin32i CreateFile, sLogName, GENERIC_WRITE, FILE_SHARE_READ,\
NULL, CREATE_ALWAYS, NULL, NULL
MOV hLog, EAX
JMP Success
Detach:
iWin32 CloseHandle, hLog
MOV hLog, INVALID_HANDLE_VALUE
JMP Success
TEXT LogName, <createf.log/0>
ALIGN 4
hLog HANDLE INVALID_HANDLE_VALUE
DllMain ENDP
;------------------------------------------------------------------
NewGetVersionExW PROC lpOSVERSIONINFO
iWin32 GetVersionExW, lpOSVERSIONINFO
MOV ECX, lpOSVERSIONINFO
;make Windows 9.0
MOV (OSVERSIONINFO PTR [ECX]).dwMajorVersion, 9
RET
TEXTA GetVersionExW, <GetVersionExW/0>
NewGetVersionExW ENDP
NewGetVersionExA PROC lpOSVERSIONINFO
iWin32 GetVersionExA, lpOSVERSIONINFO
MOV ECX, lpOSVERSIONINFO
;make Windows 9.0
MOV (OSVERSIONINFO PTR [ECX]).dwMajorVersion, 9
RET
TEXTA GetVersionExA, <GetVersionExA/0>
NewGetVersionExA ENDP
;------------------------------------------------------------------
NewRegOpenKeyExA PROC hKey, pSubKey, dwReserved, samDesired, phkResult
iWin32 RegOpenKeyExA, hKey, pSubKey, dwReserved, samDesired, phkResult
PUSHp EBX, EAX
MOV EBX, OFFSET Place
TEST EAX, EAX
MOV EDX, sRegOSucc
JE @F
MOV EDX, sRegOFail
@@:
icWin32 wsprintfA, EBX, sRegOTemplate, pSubKey, EDX
iWin32 MessageBoxA, NULL, EBX, sHookTitle, MB_OK
POPc EBX, EAX
RET
TEXTA RegOpenKeyExA, <RegOpenKeyExA/0>
TEXTA RegOSucc, <succeeded/0>
TEXTA RegOFail, <failed/0>
TEXTA RegOTemplate,<RegOpenKeyExA(/=/#s/=) /#s/:/0>
TEXTA HookTitle, <Api Hook/0>
NewRegOpenKeyExA ENDP
;------------------------------------------------------------------
NewCreateFileA PROC sFile
LOCAL Written : DWORD
PUSH EBX
MOV EBX, OFFSET Place
icWin32 wsprintfA, EBX, sCRFTemplate, sFile
iWin32 lstrlenA, EBX
LEA ECX, Written
iWin32 WriteFile, hLog, EBX, EAX, ECX, NULL
POP EBX
LEAVE
iWin32j CreateFileA
TEXTA CreateFileA, <CreateFileA/0>
TEXTA CRFTemplate, </#s/n/0>
NewCreateFileA ENDP
;------------------------------------------------------------------
NewDialogBoxParamA PROC hInstance, lpTemplateName, hWndParent,\
lpDialogFunc, dwInitParam
CMP HookFree, 0
JNE @F
MOV EAX, lpDialogFunc
INC HookFree
MOV OrgDlgProc, EAX
MOV lpDialogFunc, OFFSET DialogHook
@@:
LEAVE
iWin32j DialogBoxParamA
TEXTA DialogBoxParamA, <DialogBoxParamA/0>
ALIGN 4
HookFree DWORD 0
OrgDlgProc DWORD ?
NewDialogBoxParamA ENDP
DialogHook PROC hWndDlg, uMsg, wParam, lParam
CMP WORD PTR uMsg, WM_DESTROY
JNE @F
DEC HookFree
iWin32i MessageBox, NULL, sDlgDestroyed, sDlgHook, MB_ICONINFORMATION
@@:
LEAVE
JMP OrgDlgProc
TEXT DlgHook, <Dialog Hook/0>
TEXT DlgDestroyed, <Dialog destroyed/:/0>
DialogHook ENDP
;names-------------------------------------------------------------
TEXTA KERNEL32, <KERNEL32.dll/0>
TEXTA USER32, <USER32.dll/0>
TEXTA ADVAPI32, <ADVAPI32.dll/0>
TEXTA SHELL32, <SHELL32.dll/0>
;------------------------------------------------------------------
BeginHooks ExampleHooks
API_HOOK <sKERNEL32, sGetVersionExW, HOOK_EXPORT OR HOOK_IMPORT, sSHELL32,\
NULL, NewGetVersionExW>
MkHook , , GetVersionExA,, SHELL32
MkHook ,ADVAPI32, RegOpenKeyExA
MkHook , , CreateFileA
MkHook ,USER32 , DialogBoxParamA
EndHooks
;------------------------------------------------------------------
END DllMain
:TRANSLATE
@ECHO OFF
ML /c /coff /nologo MiscHooks.bat
LINK3 MiscHooks /nologo /DLL /EXPORT:ExampleHooks,@1,NONAME /SUBSYSTEM:WINDOWS /MERGE:.idata=.text /MERGE:.rdata=.text /SECTION:.text,WRE /IGNORE:4078 /BASE:0X77FD0000
DEL MiscHooks.obj
DEL MiscHooks.exp
DEL MiscHooks.lib
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -