uhooklib.pas

采用ACM与Skype4Com并且采用分布式UDP来进行语音的拨号、分传。

t := t or Tlb[c];
   until ((t and $000000FF) and 8) = 0;

   if (c = $0F6) or (c = $0F7) then
   begin
t := t or $00004000;
if (pOpCode^ and $38) = 0 then
   t := t or $00008000;
   end
   else if (c = $0CD) then
   begin
t := t or $00000100;
if pOpCode^ = $20 then
   t := t or $00000400;
   end
   else if (c = $0F) then
   begin
al := pOpCode^;
pOpCode := Pointer((DWORD(pOpCode) + 1));
t := t or Tlb[al + $100];
if t = $FFFFFFFF then
   Exit;
   end;

   if (((t and $0000FF00) shr 8) and $80) <> 0 then
   begin
dh := (t and $0000FF00) shr 8;
dh := dh xor $20;
if (c and 1) = 0 then
   dh := dh xor $21;
t := t and $FFFF00FF;
t := t or (dh shl 8);
   end;

   if (((t and $0000FF00) shr 8) and $40) <> 0 then
   begin
al := pOpCode^;
pOpCode := Pointer((DWORD(pOpCode) + 1));
c := al;
c := c or (al shl 8);
c := c and $C007;
if (c and $0000FF00) <> $C000 then
begin
   if ((t and $000000FF) and $10) = 0 then
   begin
       if (c and $000000FF) = 4 then
       begin
      al := pOpCode^;
      pOpCode := Pointer((DWORD(pOpCode) + 1));
      al := al and 7;
      c := c and $0000FF00;
      c := c or al;
       end;
       if (c and $0000FF00) <> $4000 then
       begin
      if (c and $0000FF00) = $8000 then
      begin
         t := t or 4;
      end
      else if c = 5 then
         t := t or 4;
       end
       else
       begin
      t := t or 1;
       end;
   end
   else
   begin
       if (c <> 6) then
       begin
      if (c and $0000FF00) = $4000 then
         t := t or 1
      else if (c and $0000FF00) = $8000 then
         t := t or 2;
       end
       else
      t := t or 2;
   end;
end;
   end;
  
   if (((t and $000000FF)) and $20) <> 0 then
   begin
dl := (t and $000000FF);
dl := dl xor 2;
t := t and $FFFFFF00;
t := t or dl;
if (dl and $10) = 0 then
begin
   dl := dl xor 6;
   t := t and $FFFFFF00;
   t := t or dl;
end;
   end;

   if (((t and $0000FF00) shr 8) and $20) <> 0 then
   begin
dh := (t and $0000FF00) shr 8;
dh := dh xor 2;
t := t and $FFFF00FF;
t := t or (dh shl 8);
if (dh and $10) = 0 then
begin
   dh := dh xor 6;
   t := t and $FFFFFF00;
   t := t or dh;
end;
   end;

   result := DWORD(pOPCode) - DWORD(Start);
   t := t and $707;
   result := result + (t and $000000FF);       //１条指令不可能大过255个字节
   result := result + ((t and $0000FF00) shr 8);
end;

function HookCode(const DllName: string; const ApiName: string;
   HookProc: Pointer): Boolean;
begin
end;

function SetOnBefore(const DllName: string; const ApiName: string;
   HookProc: Pointer): Boolean;
var
   ApiEntry: Pointer;
   DllHandle: THandle;
   ReplaceCodeSize: Integer;
   OpCode: array [0..15] of byte;
   StubPtr: Pointer;
   Addr: LongWord;
   RetSize: LongWord;
  
begin
   Result := False;
   DllHandle := GetModuleHandle(PChar(DllName));
   if DllHandle = 0 then
   begin
DllHandle := LoadLibrary(PChar(DllName));

if DllHandle = 0 then Exit;
   end;

   ApiEntry := GetProcAddress(DllHandle, PChar(ApiName));
   if ApiEntry = nil then Exit;

   ReplaceCodeSize := GetOpCodeSize(ApiEntry, MaskTable);

   while ReplaceCodeSize < 5 do
   begin
ReplaceCodeSize := ReplaceCodeSize +
   GetOpCodeSize(Pointer(LongWord(ApiEntry) + ReplaceCodeSize), MaskTable);
   end;

   if ReplaceCodeSize > 16 then Exit;

   if VirtualProtect(ApiEntry, ReplaceCodeSize, PAGE_READWRITE, nil) then
Exit;

   CopyMemory(@OpCode, ApiEntry, ReplaceCodeSize);

   StubPtr := VirtualAlloc(nil, SizeOf(BeforeStub), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
   if StubPtr = nil then Exit;

   CopyMemory(StubPtr, @BeforeStub, SizeOf(BeforeStub));

   // 求HookProc的地址  
   Addr := LongWord(HookProc) - LongWord(StubPtr) - 35 - 5;
   // 写入HookProc的地址
   PDWORD(LongWord(StubPtr) + 36)^ := Addr;

   // 求HookedApi的地址  
   Addr := LongWord(ApiEntry) + ReplaceCodeSize - LongWord(StubPtr) - 89 - 5;
   // 写入HookedApi的地址
   PDWORD(LongWord(StubPtr) + 90)^ := Addr;

   // 写入被Hook掉的OpCode
   CopyMemory(Pointer(LongWord(StubPtr) + 73), @OpCode, ReplaceCodeSize);

   // 改写Api入口地址
   Addr := LongWord(StubPtr) - LongWord(ApiEntry) - 5;
   PDWORD(LongWord(@JMPGate) + 1)^ := Addr;
   WriteProcessMemory(GetCurrentProcess, ApiEntry, @JMPGate, SizeOf(JMPGate), RetSize);
//   CopyMemory(ApiEntry, @JMPGate, SizeOf(JMPGate));

   Result := True;
end;

function SetOnAfter(const DllName: string; const ApiName: string;
   HookProc: Pointer): Boolean;
var
   ApiEntry: Pointer;
   DllHandle: THandle;
   ReplaceCodeSize: Integer;
   OpCode: array [0..15] of byte;
   StubPtr: Pointer;
   Addr: LongWord;
   RetSize: LongWord;
  
begin
   Result := False;
   DllHandle := GetModuleHandle(PChar(DllName));
   if DllHandle = 0 then
   begin
DllHandle := LoadLibrary(PChar(DllName));

if DllHandle = 0 then Exit;
   end;

   ApiEntry := GetProcAddress(DllHandle, PChar(ApiName));
   if ApiEntry = nil then Exit;

   ReplaceCodeSize := GetOpCodeSize(ApiEntry, MaskTable);

   while ReplaceCodeSize < 5 do
   begin
ReplaceCodeSize := ReplaceCodeSize +
   GetOpCodeSize(Pointer(LongWord(ApiEntry) + ReplaceCodeSize), MaskTable);
   end;

   if ReplaceCodeSize > 16 then Exit;

   if VirtualProtect(ApiEntry, ReplaceCodeSize, PAGE_READWRITE, nil) then
Exit;

   CopyMemory(@OpCode, ApiEntry, ReplaceCodeSize);

   StubPtr := VirtualAlloc(nil, SizeOf(AfterStub), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
   if StubPtr = nil then Exit;

   CopyMemory(StubPtr, @AfterStub, SizeOf(AfterStub));

   // 求HookProc的地址  
   Addr := LongWord(HookProc) - LongWord(StubPtr) - $63 - 5;
   // 写入HookProc的地址
   PDWORD(LongWord(StubPtr) + $64)^ := Addr;

   // 求HookedApi的地址  
   Addr := LongWord(ApiEntry) + ReplaceCodeSize - LongWord(StubPtr) - $3E - 5;
   // 写入HookedApi的地址
   PDWORD(LongWord(StubPtr) + $3F)^ := Addr;

   // 写入被Hook掉的OpCode
   CopyMemory(Pointer(LongWord(StubPtr) + $2E), @OpCode, ReplaceCodeSize);

   // 改写Api入口地址
   Addr := LongWord(StubPtr) - LongWord(ApiEntry) - 5;
   PDWORD(LongWord(@JMPGate) + 1)^ := Addr;
   WriteProcessMemory(GetCurrentProcess, ApiEntry, @JMPGate, SizeOf(JMPGate), RetSize);
//   CopyMemory(ApiEntry, @JMPGate, SizeOf(JMPGate));

   Result := True;
end;

end.