|
超级版主
注册日期: 04-03
帖子: 18592
精华: 36
现金: 249466 标准币
资产: 1080358888 标准币
|
[☆ 例程] 传奇|| Hook 源码
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#define WIN32_LEAN_AND_MEAN
#define LOGFILE "C:\\hookwsock.log"
#include "stdio.h"
#include
#include
/*// IEXPLORE Droiyan Online "IEFrame"
#define NameClass "IEFrame"
#define TitleClass NULL
*/
/*
// 传奇 II
#define NameClass NULL
#define TitleClass "legend of mir2"
*/
int _stdcall ws2_32_recv(SOCKET s, char FAR *buf, int len, int flags);
int _stdcall ws2_32_send(SOCKET s, const char FAR *buf, int len, int flags);
DWORD pws2_32Send = 0;
DWORD pws2_32Recv = 0;
DWORD dwCurrentPID = 0;
DWORD hProcId;
HHOOK hHook;
BYTE btNewBytes[8] = { 0x0B8, 0x0, 0x0, 0x40, 0x0, 0x0FF, 0x0E0, 0 };
DWORD dwOldBytes[2];
HANDLE hGame = INVALID_HANDLE_value;
HANDLE hDebug = INVALID_HANDLE_value;
HWND GamehWnd;
HMODULE hLib;
LRESULT CALLBACK Call9XWndProc(int nCode, WPARAM wParam, LPARAM lParam )
{
DWORD dwSize;
if (dwCurrentPID == 0)
{
dwCurrentPID = GetCurrentProcessId();
if (GamehWnd = FindWindow(NameClass, TitleClass))
{
GetWindowThreadProcessId(GamehWnd, &hProcId);
hGame = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE, TRUE, hProcId);
//打开进程并得到读与权限
hLib = LoadLibrary("WS2_32.DLL");
pws2_32Send = (DWORD)GetProcAddress(hLib, "send");
pws2_32Recv = (DWORD)GetProcAddress(hLib, "recv");
ReadProcessMemory(hGame, (void *)pws2_32Send, (void *)dwOldBytes[0], sizeof(DWORD)*2, &dwSize);
*(DWORD *)( btNewBytes + 1) = (DWORD)ws2_32_send;
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize);
ReadProcessMemory(hGame, (void *)pws2_32Recv, (void *)dwOldBytes[1], sizeof(DWORD)*2, &dwSize);
*(DWORD *)( btNewBytes + 1 ) = (DWORD)ws2_32_recv;
WriteProcessMemory(hGame, (void *)pws2_32Recv, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize);
}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
LRESULT CALLBACK CallNTWndProc( int nCode, WPARAM wParam, LPARAM lParam )
{
DWORD dwSize;
HMODULE hLib;
if (dwCurrentPID == 0)
{
dwCurrentPID = GetCurrentProcessId();
if (GamehWnd = FindWindow(NameClass, TitleClass))
{
GetWindowThreadProcessId(GamehWnd, &hProcId);
if( dwCurrentPID == hProcId )
{
hLib = LoadLibrary( "WS2_32.DLL" );
pws2_32Send = (DWORD)GetProcAddress( hLib, "send" );
pws2_32Recv = (DWORD)GetProcAddress( hLib, "recv" );
ReadProcessMemory(hGame, (void *)pws2_32Send, (void *)dwOldBytes[0], sizeof(DWORD)*2, &dwSize );
*(DWORD *)( btNewBytes + 1 ) = (DWORD)ws2_32_send;
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize );
ReadProcessMemory(hGame, (void *)pws2_32Recv, (void *)dwOldBytes[1], sizeof(DWORD)*2, &dwSize );
*(DWORD *)( btNewBytes + 1 ) = (DWORD)ws2_32_recv;
WriteProcessMemory(hGame, (void *)pws2_32Recv, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize );
MessageBox(NULL,"监测到程序","信息",0);
#ifdef _LOG
hDebug = CreateFile( LOGFILE, GENERIC_WRITE, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0 );
#endif
}
}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
// 发送网络数据包拦截
int __stdcall ws2_32_send(SOCKET s, const char FAR *buf, int len, int flags)
{
DWORD dwSize;
char szTemp[1024];
char szTemp1[1024];
int r = 0;
// restore it at first
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)dwOldBytes[0], sizeof(DWORD)*2, &dwSize );
// execute it
_asm
{
push esp
push flags
push len
push buf
push s
call pws2_32Send
pop esp
mov r, eax
}
// hook it again
*(DWORD *)( btNewBytes + 1) = (DWORD)ws2_32_send;
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize );
#ifdef _LOG
//Watch here before it’s executed.
sprintf( szTemp, "发送信息 SOCKET %d, 长度 %d, flags %d\r\nContent: \r\n", s, len, flags );
for( int i=0; i 4) ||
((osvi.dwMajorVersion == 4) && (osvi.dwMinorVersion > 0)))
{
return 1;
}
else return 1;
break;
case VER_PLATFORM_WIN32s:
return 2;
break;
}
return 3;
}
bool InstallHook(HMODULE hLib)
{
// Windows NT/2000/XP
if (GetSystemVersion() == 0) {
hHook = SetWindowsHookEx(WH_CALLWNDPROC, (HOOKPROC)CallNTWndProc, hLib, 0);
return true; }
// Windows 95/98
if (GetSystemVersion() == 1) {
hHook = SetWindowsHookEx(WH_CALLWNDPROC, (HOOKPROC)Call9XWndProc, hLib, 0);
return true; }
return false;
}
bool UninstallHook()
{
// 卸载钩子
UnhookWindowsHookEx(hHook);
// 卸载动态连接库
FreeLibrary(hLib);
return true;
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
return TRUE;
}
__________________
借用达朗贝尔的名言:前进吧,你会得到信心!
[url="http://www.dimcax.com"]几何尺寸与公差标准[/url]
|
2010-04-12, 11:33 AM
平板模式
