uhooklib.pas

采用ACM与Skype4Com并且采用分布式UDP来进行语音的拨号、分传。

{
   Name: API Hook Lib
   Version: 0.1
   Author: coded by xIkUg/RCT/CCG
   HomePage: http://www.wintoolspro.com, http://debugman.wintoolspro.com
   CreateDate: 2006-12-03
}

unit uHookLib;

interface
uses
   Windows, SysUtils;

type
   PBytes = ^Byte;
   TMaskTable = array [0..517] of LongWord;

var
   MaskTable: TMaskTable = (
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000000, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000000, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000000, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000000, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000008, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000008, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000008, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00008000, $00008000, $00000008, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00004000, $00004000,
$00000008, $00000008, $00001008, $00000018,
$00002000, $00006000, $00000100, $00004100,
$00000000, $00000000, $00000000, $00000000,
$00000100, $00000100, $00000100, $00000100,
$00000100, $00000100, $00000100, $00000100,
$00000100, $00000100, $00000100, $00000100,
$00000100, $00000100, $00000100, $00000100,
$00004100, $00006000, $00004100, $00004100,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00002002, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000020, $00000020, $00000020, $00000020,
$00000000, $00000000, $00000000, $00000000,
$00000100, $00002000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000100, $00000100, $00000100, $00000100,
$00000100, $00000100, $00000100, $00000100,
$00002000, $00002000, $00002000, $00002000,
$00002000, $00002000, $00002000, $00002000,
$00004100, $00004100, $00000200, $00000000,
$00004000, $00004000, $00004100, $00006000,
$00000300, $00000000, $00000200, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00000100, $00000100, $00000000, $00000000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00000100, $00000100, $00000100, $00000100,
$00000100, $00000100, $00000100, $00000100,
$00002000, $00002000, $00002002, $00000100,
$00000000, $00000000, $00000000, $00000000,
$00000008, $00000000, $00000008, $00000008,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$FFFFFFFF, $FFFFFFFF, $00000000, $FFFFFFFF,
$00000000, $00000000, $00000000, $00000000,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$00002000, $00002000, $00002000, $00002000,
$00002000, $00002000, $00002000, $00002000,
$00002000, $00002000, $00002000, $00002000,
$00002000, $00002000, $00002000, $00002000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00000000, $00000000, $00000000, $00004000,
$00004100, $00004000, $FFFFFFFF, $FFFFFFFF,
$00000000, $00000000, $00000000, $00004000,
$00004100, $00004000, $FFFFFFFF, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $00004000, $00004000,
$FFFFFFFF, $FFFFFFFF, $00004100, $00004000,
$00004000, $00004000, $00004000, $00004000,
$00004000, $00004000, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$00000000, $00000000, $00000000, $00000000,
$00000000, $00000000, $00000000, $00000000,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$00000000, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF,
$FFFFFFFF, $FFFFFFFF
   );

function SetOnBefore(const DllName: string; const ApiName: string;
   HookProc: Pointer): Boolean;
function SetOnAfter(const DllName: string; const ApiName: string;
   HookProc: Pointer): Boolean;
  
function GetOpCodeSize(Start: Pointer; Tlb: TMaskTable): integer; stdcall;

implementation

var
   JMPGate: array [0..4] of byte = (
$E9, $00, $00, $00, $00    // JMP XXXXXXXX
   );

   // HookProc offset is 36
   // HookApi offset is   82
   BeforeStub: array [0..93] of byte = (
$58,                         // 0 pop     eax
$EB, $08,                       // 1 jmp     short 0040100B
$00, $00, $00, $00,          // 3 dd    00000000
$00, $00, $00, $00,          // 7 dd    00000000
$E8, $00, $00, $00, $00,        // 11 call 00401010
$59,                         // 16 pop     ecx
$81, $E9, $10, $10, $40, $00, // 17 sub     ecx, 00401010
$89, $A1, $03, $10, $40, $00, // 23 mov     [ecx+401003], esp
$89, $81, $07, $10, $40, $00, // 29 mov     [ecx+401007], eax
$E8, $36, $01, $00, $00,        // 35 call HookProc
$8B, $44, $24, $FC,          // 40 mov     eax, [esp - 4]
$E8, $00, $00, $00, $00,        // 44 call 0040102D
$59,                         // 49 pop     ecx
$89, $44, $24, $FC,          // 50 mov [esp - 4], eax
$81, $E9, $31, $10, $40, $00, // 54 sub     ecx, 0040102D
$8B, $A1, $03, $10, $40, $00, // 60 mov     esp, [ecx+401003]
$8B, $81, $07, $10, $40, $00, // 66 mov     eax, [ecx+401007]
$50,                         // 72 push eax
$90, $90, $90, $90,          // 73
$90, $90, $90, $90,
$90, $90, $90, $90,
$90, $90, $90, $90, 
$E9, $18, $01, $00, $00       // 89 jmp     HookedApi
   );

   AfterStub: array [0..129] of Byte = (
$58,                         // 00 pop     eax
$EB, $0C,                       // 01 jmp     short 0040100F
$00, $00, $00, $00,          // 03 dd    00000000
$00, $00, $00, $00,          // 07 add     [eax], al
$00, $00, $00, $00,          // 0B add     [eax], al
$E8, $00, $00, $00, $00,        // 0F call 00401014
$59,                         // 14 pop     ecx
$81, $E9, $14, $10, $40, $00, // 15 sub     ecx, 00401014
$89, $A1, $03, $10, $40, $00, // 1B mov     [ecx+401003], esp
$89, $81, $07, $10, $40, $00, // 21 mov     [ecx+401007], eax
$8D, $89, $43, $10, $40, $00, // 27 lea     ecx, [ecx+401043]
$51,                         // 2D push ecx
$90,                         // 2E nop
$90,                         // 2F nop
$90,                         // 30 nop
$90,                         // 31 nop
$90,                         // 32 nop
$90,                         // 33 nop
$90,                         // 34 nop
$90,                         // 35 nop
$90,                         // 36 nop
$90,                         // 37 nop
$90,                         // 38 nop
$90,                         // 39 nop
$90,                         // 3A nop
$90,                         // 3B nop
$90,                         // 3C nop
$90,                         // 3D nop
$E9, $57, $01, $00, $00,        // 3E jmp     0040119A
$8B, $5C, $24, $FC,          // 43 mov     ebx, [esp-4]
$E8, $00, $00, $00, $00,        // 47 call 0040104C
$59,                         // 4C pop     ecx
$89, $5C, $24, $FC,          // 4D mov     [esp-4], ebx
$81, $E9, $4C, $10, $40, $00, // 51 sub     ecx, 0040104C
$89, $81, $0B, $10, $40, $00, // 57 mov     [ecx+40100B], eax
$8B, $A1, $03, $10, $40, $00, // 5D mov     esp, [ecx+401003]
$E8, $32, $01, $00, $00,        // 63 call 0040119A
$E8, $00, $00, $00, $00,        // 68 call 0040106D
$59,                         // 6D pop     ecx
$81, $E9, $6D, $10, $40, $00, // 6E sub     ecx, 0040106D
$8B, $81, $07, $10, $40, $00, // 74 mov     eax, [ecx+401007]
$50,                         // 7A push eax
$8B, $81, $0B, $10, $40, $00, // 7B mov     eax, [ecx+40100B]
$C3                             // 81 retn
   );

function GetOpCodeSize(Start: Pointer; Tlb: TMaskTable): integer;
var
   pOPCode: PBytes;
   t, c: LongWord;
   dh, dl, al: byte;
begin
   result := -1;
   t := 0;
   pOPCode := Start;

   repeat
t := t and $F7;
c := pOPCode^;
pOpCode := Pointer((DWORD(pOpCode) + 1));