📄 hooks.pas

📁 CreateFile Hook with Delphi with AdvHooKLib

💻 PAS

字号:

unit Hooks;

interface
uses Windows;

procedure InitHooks;

var
  CreateFileWNextHook: function(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
    lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
    hTemplateFile: THandle): THandle; stdcall;
  ReadFileNextHook: function(hFile: THandle; var Buffer; nNumberOfBytesToRead: DWORD;
    var lpNumberOfBytesRead: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;

implementation
uses
  AdvApiHook, FileList, Crypt;

var
  Log: TextFile;

function CreateFileWHookProc(lpFileName: PWideChar; dwDesiredAccess, dwShareMode: DWORD;
  lpSecurityAttributes: PSecurityAttributes; dwCreationDisposition, dwFlagsAndAttributes: DWORD;
  hTemplateFile: THandle): THandle; stdcall;
begin
  WriteLn(Log, WideString(lpFilename));
  Flush(Log);

  Result := CreateFileWNextHook(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);

  FileList.OnFileOpen(Result, WideString(lpFileName));
end;

function ReadFileHookProc(hFile: THandle; var Buffer; nNumberOfBytesToRead: DWORD;
  var lpNumberOfBytesRead: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;
var
  Offset: DWORD;
  Total: DWORD;
begin

  Result := ReadFileNextHook(hFile, Buffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);

  if (Result = True) and FileList.IsFileEncrypted(hFile) then
  begin
    Offset := SetFilePointer(hFile, 0, nil, FILE_CURRENT);
    Total := GetFileSize(hFile, nil);

    Crypt.CryptData(Buffer, Offset, lpNumberOfBytesRead, Total);
  end;

end;

procedure InitHooks;
begin
  StopThreads();

  if HookProc(PChar('kernel32.dll'), PChar('CreateFileW'), @CreateFileWHookProc, @CreateFileWNextHook) and
    HookProc(PChar('kernel32.dll'), PChar('ReadFile'), @ReadFileHookProc, @ReadFileNextHook) then
  begin
    WriteLn(Log, 'Hooks installed.');
    Flush(Log);
  end
  else
  begin
    WriteLn(Log, 'Hooks not installed.');
    Flush(Log);
  end;

  RunThreads();
end;

begin
  Assign(Log, 'LameHide.log');
  Rewrite(Log);
end.

💿 文件大小 59 K

👤 上传用户 zln12345

📂 所属分类文章/文档

🏷️ 相关标签

#with #CreateFile #AdvHooKLib #Delphi

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -