vxdcall.asm

window编程,非常的好

;@goto translate


.586P

.MODEL       FLAT, STDCALL
 
   OPTION      CASEMAP: NONE
  
   INCLUDE     WINDOWS.inc
   UNICODE     = FALSE
   INCLUDE     APIMACRO.mac

   INCLUDELIB  iKERNEL32.lib
   INCLUDELIB  iUSER32.lib
   INCLUDELIB  iApiHooks.lib


.DATA?
   hLog      DWORD    ?
   WClass    WNDCLASS <>
   Place     SIGN     MAX_PATH+80 DUP (?)

.CODE
   TEXT      zTitle,  <VxDCall Monitor/0>
   TEXT      zPress,  <Press OK to stop VxDCall monitoring./0>
   TEXT      LogName, <vxdcall.log/0>      
   TEXT      VxDCallDll, <VXDCALL.dll/0>
;   TEXT      ApiHooks,   <ApiHooks.exe/0>
   TEXT      RegHwnd, <RegHwnd/0>      
   TEXT      LogTmpl, <Process /#0.8X: VxDCall /#0.8X returns to /#0.8X./nMain module = /#s./nParameters in C order: /#0.8X /#0.8X /#0.8X /#0.8X./n/n/0>

 PrimaryThread:
   MOV       EAX, DS
   TEST      AL,  100B
   JE        Exit      ;NT? -> exit

   iWin32    GetCurrentProcessId
   iWin32    EstablishApiHooksA, sVxDCallDll, EAX
   TEST      EAX, EAX
   JNE       Exit
   iWin32i   GetModuleHandle, sVxDCallDll
   TEST      EAX, EAX
   JE        Exit
   iWin32    GetProcAddress, EAX, sRegHwnd
   TEST      EAX, EAX
   JE        Exit
   MOV       EDI, EAX
   iWin32i   CreateFile, sLogName, GENERIC_WRITE, FILE_SHARE_READ,\
                          NULL, CREATE_ALWAYS, NULL, NULL
   MOV       hLog, EAX
   INC       EAX
   JE        Exit

   iWin32i   GetModuleHandle, NULL
   MOV       WClass.lpfnWndProc, OFFSET WndProc
   MOV       EBX, EAX
   MOV       WClass.lpszClassName, sRegHwnd
   MOV       WClass.hInstance, EAX
   iWin32i   RegisterClass, OFFSET WClass
   PUSH      EAX
   iWin32i   CreateWindowEx, 0, sRegHwnd, 0, 0, 0, 0, 0, 0, 0, 0, EBX, ESP
   POP       ECX 
   sWin32    EDI, EAX

   iWin32i   MessageBox, NULL, szPress, szTitle, MB_OK
   sWin32    EDI, 0
   iWin32    CloseHandle, hLog
  Exit:
   iWin32    ExitProcess, STATUS_SUCCESS

  WndProc    PROC
   CMP       DWORD PTR [ESP+8], WM_COPYDATA
   JNE       @F
   PUSH      EBX
   MOV       EAX, [ESP+20]
   MOV       EBX, OFFSET Place
   MOV       EAX, (COPYDATASTRUCT PTR [EAX]).lpData
   LEA       ECX, [EAX+28]
   icWin32i  wsprintf, EBX, sLogTmpl, [EAX], [EAX+4], [EAX+8], ECX, [EAX+12], [EAX+16], [EAX+20], [EAX+24]
   PUSH      EAX
   MOV       ECX, ESP
   iWin32    WriteFile, hLog, EBX, EAX, ECX, NULL
   POP       EAX
   POP       EBX
  @@:
   MOV       EAX, TRUE
   RET       16
  WndProc    ENDP

END PrimaryThread

:translate
@echo off
ML   /c /coff /nologo VxDCall.bat
LINK VxDCall /nologo /ALIGN:0X1000 /SUBSYSTEM:WINDOWS /RELEASE /MERGE:.rdata=.text /IGNORE:4108,4078
DEL  VxDCall.obj