📄 dynamic.asm
字号:
;@goto translate
.586P
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE WINDOWS.inc
UNICODE = FALSE
INCLUDE APIMACRO.mac
INCLUDE ApiHooks.inc
INCLUDELIB iKERNEL32.lib
INCLUDELIB iUSER32.lib
INCLUDELIB iApiHooks.lib
;------------------------------------------------------------------
.DATA
;dynamic hooks------
BeginHooks HooksDynamic
API_HOOK <HOOKS_DYNAMIC>
MkHook DynamicHook, , CreateFileA, HOOK_BY_ADDRESS
EndHooks
;static hooks------
BeginHooks Dynamic
MkHook , , CreateFileA
MkHook , , LoadLibraryA
MkHook , , LoadLibraryW
MkHook , , LoadLibraryExA
MkHook , , LoadLibraryExW
EndHooks
hLog HANDLE INVALID_HANDLE_VALUE
TEXTA KERNEL32, <KERNEL32.dll/0>
TEXTA LoadLibraryW, <LoadLibraryW/0>
TEXTA LoadLibraryA, <LoadLibraryA/0>
TEXTA LoadLibraryExW, <LoadLibraryExW/0>
TEXTA LoadLibraryExA, <LoadLibraryExA/0>
TEXTA CreateFileA, <CreateFileA/0>
TEXT LogName, <open.log/0>
TEXTA CRFTemplate, </#s/n/0>
.DATA?
Place SIGN 1000 DUP (?)
.CODE
DllMain PROC DllHandle, Reason, pContext
MOV EAX, Reason
CMP EAX, DLL_PROCESS_ATTACH
JE Attach
CMP EAX, DLL_PROCESS_DETACH
JE Detach
Success:
MOV EAX, TRUE
RET
Attach:
CMP hLog, INVALID_HANDLE_VALUE
JNE Success
iWin32i CreateFile, sLogName, GENERIC_WRITE, FILE_SHARE_READ,\
NULL, CREATE_ALWAYS, NULL, NULL
MOV hLog, EAX
JMP Success
Detach:
iWin32 CloseHandle, hLog
MOV hLog, INVALID_HANDLE_VALUE
JMP Success
DllMain ENDP
;------------------------------------------------------------------
;Helper part
NewLoadLibraryW PROC lpLibFileName
iWin32 LoadLibraryW, lpLibFileName
TEST EAX, EAX
JE @F
PUSH EAX
iWin32 WideCharToMultiByte, CP_ACP, NULL, lpLibFileName, -1, OFFSET Place, SIZEOF Place, NULL, NULL
TEST EAX, EAX
JE WCTMBFailed
MOV EAX, OFFSET DynamicHook
ASSUME EAX: PTR API_HOOK
MOV [EAX].ModuleImport, OFFSET Place
iWin32 GetCurrentProcessId
iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX
WCTMBFailed:
POP EAX
@@:
RET
NewLoadLibraryW ENDP
;------------------------------------------------------------------
NewLoadLibraryA PROC lpLibFileName
iWin32 LoadLibraryA, lpLibFileName
TEST EAX, EAX
JE @F
PUSH EAX
MOV EAX, OFFSET DynamicHook
ASSUME EAX: PTR API_HOOK
PUSH lpLibFileName
POP [EAX].ModuleImport
iWin32 GetCurrentProcessId
iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX
POP EAX
@@:
RET
NewLoadLibraryA ENDP
;------------------------------------------------------------------
NewLoadLibraryExW PROC lpLibFileName, hFile, dwFlags
iWin32 LoadLibraryExW, lpLibFileName, hFile, dwFlags
TEST EAX, EAX
JE @F
CMP dwFlags, DONT_RESOLVE_DLL_REFERENCES
JE @F
CMP dwFlags, LOAD_LIBRARY_AS_DATAFILE
JE @F
PUSH EAX
iWin32 WideCharToMultiByte, CP_ACP, NULL, lpLibFileName, -1, OFFSET Place, SIZEOF Place, NULL, NULL
TEST EAX, EAX
JE WCTMBFailed
MOV EAX, OFFSET DynamicHook
ASSUME EAX: PTR API_HOOK
MOV [EAX].ModuleImport, OFFSET Place
iWin32 GetCurrentProcessId
iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX
WCTMBFailed:
POP EAX
@@:
RET
NewLoadLibraryExW ENDP
;------------------------------------------------------------------
NewLoadLibraryExA PROC lpLibFileName, hFile, dwFlags
iWin32 LoadLibraryExA, lpLibFileName, hFile, dwFlags
TEST EAX, EAX
JE @F
CMP dwFlags, DONT_RESOLVE_DLL_REFERENCES
JE @F
CMP dwFlags, LOAD_LIBRARY_AS_DATAFILE
JE @F
PUSH EAX
MOV EAX, OFFSET DynamicHook
ASSUME EAX: PTR API_HOOK
PUSH lpLibFileName
POP [EAX].ModuleImport
iWin32 GetCurrentProcessId
iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX
WCTMBFailed:
POP EAX
@@:
RET
NewLoadLibraryExA ENDP
;------------------------------------------------------------------
;Executive part
NewCreateFileA PROC sFile
LOCAL Written : DWORD
PUSH EBX
MOV EBX, OFFSET Place
icWin32 wsprintfA, EBX, sCRFTemplate, sFile
iWin32 lstrlenA, EBX
LEA ECX, Written
iWin32 WriteFile, hLog, EBX, EAX, ECX, NULL
POP EBX
LEAVE
iWin32j CreateFileA
NewCreateFileA ENDP
;------------------------------------------------------------------
END DllMain
:TRANSLATE
@ECHO OFF
ML /c /coff /nologo Dynamic.bat
LINK3 Dynamic /nologo /DLL /EXPORT:Dynamic,@1,NONAME /SUBSYSTEM:WINDOWS /MERGE:.idata=.text /MERGE:.rdata=.text /SECTION:.text,WRE /IGNORE:4078 /BASE:0X77600000
DEL Dynamic.obj
DEL Dynamic.exp
DEL Dynamic.lib
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -