capconsole.c

window编程,非常的好

#if _MSC_VER > 1000
#pragma once
#endif

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include "ApiHooks.h"


HANDLE hLog = INVALID_HANDLE_VALUE;


BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
					 )
{   
    switch (ul_reason_for_call)
	{
		case DLL_PROCESS_ATTACH:
			if(hLog == INVALID_HANDLE_VALUE)
                 hLog = CreateFile("console.log", GENERIC_WRITE, FILE_SHARE_READ,
                         NULL, CREATE_ALWAYS, 0, NULL);
		         break;
		case DLL_PROCESS_DETACH:
             CloseHandle(hLog);
			 hLog = INVALID_HANDLE_VALUE;
			break;
    }
    return TRUE;
}


BOOL WINAPI NewWriteConsoleA(HANDLE hConOut, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) {              
      WriteFile(hLog, lpvBuffer, cchToWrite, lpcchWritten, NULL);
      return(WriteConsoleA(hConOut, lpvBuffer, cchToWrite,lpcchWritten, lpvReserved));
}


char Place[4096];

BOOL WINAPI NewWriteConsoleW(HANDLE hConOut, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) {
	  int nbytes = 0;
      if(nbytes = WideCharToMultiByte(CP_ACP, 0, lpvBuffer, -1, Place, sizeof(Place), NULL, NULL))
        WriteFile(hLog, Place, nbytes, lpcchWritten, NULL);
      return(WriteConsoleW(hConOut, lpvBuffer, cchToWrite,lpcchWritten, lpvReserved));
}


HANDLE hErr = 0;

HANDLE WINAPI NewGetStdHandle(DWORD nStdHandle) {
	     HANDLE NewHandle = GetStdHandle(nStdHandle);
	     if(nStdHandle == STD_ERROR_HANDLE) hErr = NewHandle;
	     return(NewHandle);
}


BOOL WINAPI NewWriteFile(HANDLE hFile, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) {
	  if(hFile == hErr)
      WriteFile(hLog, lpvBuffer, cchToWrite, lpcchWritten, NULL);
      return(WriteFile(hFile, lpvBuffer, cchToWrite, lpcchWritten, lpvReserved));
}


FARPROC WINAPI NewGetProcAddress(HMODULE hModule, LPCSTR lpProcName) {
	if(hModule == GetModuleHandle("KERNEL32.DLL"))	{ 
      if(!lstrcmp(lpProcName, "WriteConsoleA"))  return((FARPROC)NewWriteConsoleA);
      if(!lstrcmp(lpProcName, "WriteConsoleW"))  return((FARPROC)NewWriteConsoleW);
      if(!lstrcmp(lpProcName, "GetStdHandle"))   return((FARPROC)NewGetStdHandle);
      if(!lstrcmp(lpProcName, "WriteFile"))      return((FARPROC)NewWriteFile);
      if(!lstrcmp(lpProcName, "GetProcAddress")) return((FARPROC)NewGetProcAddress);
	}
    return(GetProcAddress(hModule, lpProcName));
}

__declspec(dllexport) API_HOOK ApiHookChain[6] = {
	{"KERNEL32.DLL","WriteConsoleA", HOOK_ALL, ALL_MODULES, NULL, NewWriteConsoleA},
	{"KERNEL32.DLL","WriteConsoleW", HOOK_ALL, ALL_MODULES, NULL, NewWriteConsoleW},
	{"KERNEL32.DLL","GetStdHandle" , HOOK_ALL, ALL_MODULES, NULL, NewGetStdHandle},
	{"KERNEL32.DLL","WriteFile"    , HOOK_ALL, ALL_MODULES, NULL, NewWriteFile},
	{"KERNEL32.DLL","GetProcAddress",HOOK_ALL, ALL_MODULES, NULL, NewGetProcAddress},
	{HOOKS_END}
};