vxdcalldll.asm

window编程,非常的好

;@GOTO TRANSLATE

.586P

.MODEL            FLAT, STDCALL

   OPTION         CASEMAP: NONE
   INCLUDE        WINDOWS.inc
   UNICODE        = FALSE
   INCLUDE        APIMACRO.mac

   INCLUDE        ApiHooks.inc

   INCLUDELIB     iKERNEL32.lib
   INCLUDELIB     iUSER32.lib

;------------------------------------------------------------------
.DATA
   MkUnhook       1, 1
   hWnd           HANDLE 0
.DATA?
   Place          DWORD 7+(MAX_PATH+1)/4 DUP (?)


.CODE
  DllMain     PROC     DllHandle, Reason, pContext
    CMP       Reason,  DLL_PROCESS_DETACH
    JNE       Success                   
   Detach:   
    PUSH      EDI
    PUSH      EAX
    MOV       EDI,   Unhook1.WhereWhat
    MOV       EDI,   (ADDR_CONTENTS PTR [EDI]).ReturnWhere
    iWin32    VirtualProtect, EDI, 4, PAGE_READWRITE, ESP
    TEST      EAX,   EAX
    POP       ECX
    JE        $      ;immortality required if can't be unhooked
    MOV       EAX,   Unhook1.WhereWhat
    MOV       EAX,   (ADDR_CONTENTS PTR [EAX]).ReturnWhat
    MOV       [EDI], EAX
    PUSH      EAX
    iWin32    VirtualProtect, EDI, 4, ECX, ESP
    POP       EAX
    POP       EDI
   Success:  
    MOV       EAX,   TRUE
    RET           
  DllMain     ENDP

  PUBLIC      RegHwnd
  RegHwnd     PROC 
    PUSH      [ESP+4]
    POP       hWnd
    RET       4
  RegHwnd     ENDP

   ALIGN 4
   cpdata         COPYDATASTRUCT <0,7*4+MAX_PATH+1,OFFSET Place>


;------------------------------------------------------------------
  New1             PROC     Service, par1, par2, par3, par4, par5, par6
                   EIP      EQU  DWORD PTR [EBP+4]
                   CMP      hWnd, 0
                   JE       @F 
                   CMP      EIP, 80000000H   ;log VxDCalls from user space only
                   JAE      @F
                   PUSH     EDI
                   iWin32   GetCurrentProcessId
                   CLD
                   MOV      EDI, OFFSET Place
                   STOSD
                   MOV      EAX, Service
                   STOSD
                   MOV      EAX, EIP
                   STOSD
                   MOV      EAX, par1
                   STOSD
                   MOV      EAX, par2
                   STOSD
                   MOV      EAX, par3
                   STOSD
                   MOV      EAX, par4
                   STOSD
                   iWin32i  GetModuleHandle, NULL
                   iWin32i  GetModuleFileName, EAX, EDI, MAX_PATH
                   POP      EDI
                   iWin32i  SendMessage, hWnd, WM_COPYDATA, hWnd, OFFSET cpdata
                  @@:
                   LEAVE
                   iWin32j  KERNEL32_ORD_0001
  New1             ENDP
;names-------------------------------------------------------------
                   TEXTA   KERNEL32, <KERNEL32.dll/0> 
;------------------------------------------------------------------
 BeginHooks      VxDCall
  MkHook ,, 1, HOOK_EXPORT + HOOK_HARD
 EndHooks
;------------------------------------------------------------------

END  DllMain

:TRANSLATE
@ECHO OFF
ML   /c /coff /nologo VxDCallDll.bat
LINK3 VxDCallDll /nologo /DLL /OUT:VxDCall.dll /EXPORT:VxDCall,@1,NONAME /EXPORT:RegHwnd /SUBSYSTEM:WINDOWS /SECTION:.bss,S /SECTION:.data,S /MERGE:.idata=.text /MERGE:.rdata=.text /IGNORE:4078,4092 /BASE:0XBFF40000
DEL  VxDCallDll.obj
DEL  VxDCall.exp
DEL  VxDCall.lib