📄 hook.cpp
字号:
/*
本例中拦截以下两个位于Kernel32.dll中的API
BOOL WINAPI CreateProcessW( // UNICODE 版本
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
BOOL CreateProcessA( // ANSI 版本
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
*/
#include "Hook.h"
#include <windows.h>
#include "detours.h"
#include "Mwic_32.h"
#include <stdio.h>
#pragma comment(lib, "Mwic_32.lib")
#pragma comment(lib, "detours.lib")
HHOOK g_hHook = NULL;
HMODULE g_hInst = NULL;
bool g_bIntercepted = false;
BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved );
LRESULT CALLBACK ShellProc( int nCode, WPARAM wParam, LPARAM lParam );
void Intercept();
void UnIntercept();
//BOOL WINAPI Replace_CreateProcessW(
// LPCWSTR lpApplicationName,
// LPWSTR lpCommandLine,
// LPSECURITY_ATTRIBUTES lpProcessAttributes,
// LPSECURITY_ATTRIBUTES lpThreadAttributes,
// BOOL bInheritHandles,
// DWORD dwCreationFlags,
// LPVOID lpEnvironment,
// LPCWSTR lpCurrentDirectory,
// LPSTARTUPINFOW lpStartupInfo,
// LPPROCESS_INFORMATION lpProcessInformation
//);
__int16 WINAPI Replace_csc_4442(HANDLE icdev,__int16 len,unsigned char *data_buffer);
__int16 WINAPI Replace_cmp_dvsc(HANDLE icdev, __int16 len,
unsigned char *dta_buffer);
//HANDLE WINAPI Replace_ic_init(__int16 port,unsigned long baud);
//BOOL Replace_CreateProcessA(
// LPCTSTR lpApplicationName,
// LPTSTR lpCommandLine,
// LPSECURITY_ATTRIBUTES lpProcessAttributes,
// LPSECURITY_ATTRIBUTES lpThreadAttributes,
// BOOL bInheritHandles,
// DWORD dwCreationFlags,
// LPVOID lpEnvironment,
// LPCTSTR lpCurrentDirectory,
// LPSTARTUPINFO lpStartupInfo,
// LPPROCESS_INFORMATION lpProcessInformation
//);
// ---------------------------------------------------------------------------
DETOUR_TRAMPOLINE (__int16 WINAPI Real_csc_4442(HANDLE icdev,__int16 len,unsigned char *data_buffer),csc_4442);
DETOUR_TRAMPOLINE (__int16 WINAPI Real_cmp_dvsc(HANDLE icdev, __int16 len,
unsigned char *dta_buffer),cmp_dvsc);
//DETOUR_TRAMPOLINE (__int16 WINAPI Real_wsc_4442(HANDLE icdev,__int16 len,unsigned char *data_buffer),wsc_4442);
//DETOUR_TRAMPOLINE (__int16 WINAPI Real_swr_4442(HANDLE icdev,__int16 offset,__int16 len,unsigned char *data_buffer),swr_4442);
//DETOUR_TRAMPOLINE (HANDLE WINAPI Real_ic_init(__int16 port,unsigned long baud),ic_init);
//DETOUR_TRAMPOLINE( BOOL WINAPI Real_CreateProcessA( LPCTSTR lpApplicationName,
//LPTSTR lpCommandLine,
//LPSECURITY_ATTRIBUTES lpProcessAttributes,
//LPSECURITY_ATTRIBUTES lpThreadAttributes,
//BOOL bInheritHandles,
//DWORD dwCreationFlags,
//LPVOID lpEnvironment,
//LPCTSTR lpCurrentDirectory,
//LPSTARTUPINFO lpStartupInfo,
//LPPROCESS_INFORMATION lpProcessInformation),
//CreateProcessA);
//
//DETOUR_TRAMPOLINE( BOOL WINAPI Real_CreateProcessW( LPCWSTR lpApplicationName,
// LPWSTR lpCommandLine,
// LPSECURITY_ATTRIBUTES lpProcessAttributes,
// LPSECURITY_ATTRIBUTES lpThreadAttributes,
// BOOL bInheritHandles,
// DWORD dwCreationFlags,
// LPVOID lpEnvironment,
// LPCWSTR lpCurrentDirectory,
// LPSTARTUPINFOW lpStartupInfo,
// LPPROCESS_INFORMATION lpProcessInformation),
// CreateProcessW);
// ---------------------------------------------------------------------------
BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved )
{
g_hInst = hinstDLL;
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
UnIntercept();
break;
}
return TRUE;
}
LRESULT CALLBACK ShellProc( int nCode, WPARAM wParam, LPARAM lParam )
{
if(!g_bIntercepted)
Intercept();
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
void InstallHook()
{
if(g_hHook == NULL)
g_hHook = ::SetWindowsHookEx(WH_SHELL , ShellProc ,(HINSTANCE)g_hInst, 0);
}
void UninstallHook()
{
if(::UnhookWindowsHookEx( g_hHook ))
g_hHook = NULL;
}
//BOOL WINAPI Replace_CreateProcessW(
// LPCWSTR lpApplicationName,
// LPWSTR lpCommandLine,
// LPSECURITY_ATTRIBUTES lpProcessAttributes,
// LPSECURITY_ATTRIBUTES lpThreadAttributes,
// BOOL bInheritHandles,
// DWORD dwCreationFlags,
// LPVOID lpEnvironment,
// LPCWSTR lpCurrentDirectory,
// LPSTARTUPINFOW lpStartupInfo,
// LPPROCESS_INFORMATION lpProcessInformation
//)
//{
// BOOL res = 0;
// __try
// {
// MessageBoxW( NULL, lpApplicationName, L"拦截成功!", MB_OK );
// res = Real_CreateProcessW( lpApplicationName,
// lpCommandLine,
// lpProcessAttributes,
// lpThreadAttributes,
// bInheritHandles,
// dwCreationFlags,
// lpEnvironment,
// lpCurrentDirectory,
// lpStartupInfo,
// lpProcessInformation);
// }
// __finally
// {
// };
// return res;
//}
//BOOL Replace_CreateProcessA(
// LPCTSTR lpApplicationName,
// LPTSTR lpCommandLine,
// LPSECURITY_ATTRIBUTES lpProcessAttributes,
// LPSECURITY_ATTRIBUTES lpThreadAttributes,
// BOOL bInheritHandles,
// DWORD dwCreationFlags,
// LPVOID lpEnvironment,
// LPCTSTR lpCurrentDirectory,
// LPSTARTUPINFO lpStartupInfo,
// LPPROCESS_INFORMATION lpProcessInformation
//)
//{
// BOOL res = 0;
// __try
// {
// MessageBoxA( NULL, lpApplicationName, "拦截成功!", MB_OK );
// res = Real_CreateProcessA( lpApplicationName,
// lpCommandLine,
// lpProcessAttributes,
// lpThreadAttributes,
// bInheritHandles,
// dwCreationFlags,
// lpEnvironment,
// lpCurrentDirectory,
// lpStartupInfo,
// lpProcessInformation);
// }
// __finally
// {
// };
// return res;
//}
__int16 WINAPI Replace_csc_4442(HANDLE icdev,__int16 len,unsigned char *data_buffer)
{
__int16 res;
__try
{
BYTE DefualtPwd[4];
DefualtPwd[0] = 255;
DefualtPwd[1] = 255;
DefualtPwd[2] = 255;
res = Real_csc_4442(icdev,len,DefualtPwd);
if (res < 0){
res =Real_csc_4442(icdev,len,data_buffer);
if (res < 0){
MessageBoxA( NULL,"验证初始密码FFFFF失败", "卡密码!", MB_OK );
return res;
}
}
res =wsc_4442(icdev,len,data_buffer);
swr_4442(icdev,253,3,data_buffer);
// res =Real_csc_4442(icdev,len,data_buffer);
char msg[64];
sprintf(msg,"己改6位IC卡密码为:%02x%02x%02x",data_buffer[0],data_buffer[1],data_buffer[2]);
MessageBoxA( NULL,(LPCSTR) msg, "卡密码!", MB_OK );
}
__finally
{
};
return res;
}
__int16 WINAPI Replace_cmp_dvsc(HANDLE icdev, __int16 len, unsigned char *data_buffer)
{
__try
{
char msg[64];
sprintf(msg,"己改6位IC卡密码为:%02x%02x%02x",data_buffer[0],data_buffer[1],data_buffer[2]);
MessageBoxA( NULL,(LPCSTR) msg, "卡密码!", MB_OK );
}
__finally
{
};
return 0;
}
//HANDLE WINAPI Replace_ic_init(__int16 port,unsigned long baud)
//{
// HANDLE res;
// __try
// {
// char msg[256];
// sprintf(msg,"%06d",baud);
// MessageBoxA( NULL,(LPCSTR) msg, "拦截成功!", MB_OK );
// res =Real_ic_init(port,baud);
// }
// __finally
// {
// };
// return res;
//
//}
void Intercept()
{
DetourFunctionWithTrampoline((PBYTE)Real_csc_4442, (PBYTE)Replace_csc_4442);
DetourFunctionWithTrampoline((PBYTE)Real_cmp_dvsc, (PBYTE)Replace_cmp_dvsc);
}
void UnIntercept()
{
DetourRemove( (PBYTE)Real_csc_4442,(PBYTE)Replace_csc_4442);
DetourRemove( (PBYTE)Real_cmp_dvsc,(PBYTE)Replace_cmp_dvsc);
//DetourRemove( (PBYTE)Real_ic_init,(PBYTE)Replace_ic_init);
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -