📄 unhook.c
字号:
#if _MSC_VER > 1000
#pragma once
#endif
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include "ApiHooks.h"
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
};
ADDR_CONTENTS AddrAndValue[3];
API_UNHOOK UnhookGetVersion = {3,0,AddrAndValue};
void __stdcall UnhookApi(PAPI_UNHOOK unhook) {
UINT i;
ULONG OldAttr;
for(i = 0; i < unhook->CurNoAddr; ++i)
if(VirtualProtect(unhook->WhereWhat[i].ReturnWhere, sizeof(DWORD), PAGE_READWRITE, &OldAttr))
{ *unhook->WhereWhat[i].ReturnWhere = unhook->WhereWhat[i].ReturnWhat;
VirtualProtect(unhook->WhereWhat[i].ReturnWhere, sizeof(DWORD), OldAttr, &OldAttr);
};
}
DWORD WINAPI NewGetVersion(void) {
static counter = 0;
if(++counter > 10) MessageBox(NULL, "Not Unhooked!", "Unhook", MB_OK);
else if (counter == 10) {
UnhookApi(&UnhookGetVersion);
MessageBox(NULL, "Unhooked?", "Unhook", MB_OK);
}
return (GetVersion());
}
__declspec(dllexport) API_HOOK ApiHookChain[2] = {
{"KERNEL32.DLL","GetVersion", HOOK_ALL, ALL_MODULES, &UnhookGetVersion, NewGetVersion},
{HOOKS_END}
};
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -