C++封装IATHOOK类实例(3)
复制代码 代码如下: #pragma once #include Windows.h class CAPIHOOK { public: CAPIHOOK(LPTSTR lpszModName, LPSTR pszFuncName, PROC pfnHook, BOOL bExcludeAPIHookMod = TRUE); ~CAPIHOOK(void); priv
复制代码 代码如下:
#pragma once
#include <Windows.h>
class CAPIHOOK
{
public:
CAPIHOOK(LPTSTR lpszModName, LPSTR pszFuncName, PROC pfnHook, BOOL bExcludeAPIHookMod = TRUE);
~CAPIHOOK(void);
private:
static void ReplaceIATEntryInOneMod(LPCTSTR pszExportMod, PROC pfnCurrent, PROC pfnNewFunc, HMODULE hModCaller);
static void ReplaceIATEntryInAllMods(LPCTSTR pszExportMod, PROC pfnCurrent, PROC pfnNewFunc, BOOL bExcludeAPIHookMod);
//防止程序运行期间动态加载模块, 当一个新DLL被加载时调用
static void HookNewlyLoadedModule(HMODULE hModule, DWORD dwFlags);
//跟踪当前进程加载新的DLL
static HMODULE WINAPI LoadLibraryA(LPCTSTR lpFileName);
static HMODULE WINAPI LoadLibraryW(LPCTSTR lpFileName);
static HMODULE WINAPI LoadLibraryExA(LPCTSTR lpFileName, HANDLE hFile, DWORD dwFlags);
static HMODULE WINAPI LoadLibraryExW(LPCTSTR lpFileName, HANDLE hFile, DWORD dwFlags);
//防止程序运行期间动态调用API函数 对于请求已HOOK的API函数,返回用户自定义的函数地址
static FARPROC WINAPI GetProcess(HMODULE hModule, PCSTR pszProcName);
private: //定义成静态的,会自动调用,从而实现自动HOOK
static CAPIHOOK sm_LoadLibraryA;
static CAPIHOOK sm_LoadLibraryW;
static CAPIHOOK sm_LoadLibraryExA;
static CAPIHOOK sm_LoadLibraryExW;
static CAPIHOOK sm_GetProcAddress;
private:
static CAPIHOOK* sm_pHeader; //钩子链表
CAPIHOOK* m_pNext;
//要钩子的函数
PROC m_pfnOrig;
PROC m_pfnHook;
//要钩子的函数所在的dll
LPSTR m_pszModName;
//要钩子的函数名称
LPSTR m_pszFuncName;
};
#include <Windows.h>
class CAPIHOOK
{
public:
CAPIHOOK(LPTSTR lpszModName, LPSTR pszFuncName, PROC pfnHook, BOOL bExcludeAPIHookMod = TRUE);
~CAPIHOOK(void);
private:
static void ReplaceIATEntryInOneMod(LPCTSTR pszExportMod, PROC pfnCurrent, PROC pfnNewFunc, HMODULE hModCaller);
static void ReplaceIATEntryInAllMods(LPCTSTR pszExportMod, PROC pfnCurrent, PROC pfnNewFunc, BOOL bExcludeAPIHookMod);
//防止程序运行期间动态加载模块, 当一个新DLL被加载时调用
static void HookNewlyLoadedModule(HMODULE hModule, DWORD dwFlags);
//跟踪当前进程加载新的DLL
static HMODULE WINAPI LoadLibraryA(LPCTSTR lpFileName);
static HMODULE WINAPI LoadLibraryW(LPCTSTR lpFileName);
static HMODULE WINAPI LoadLibraryExA(LPCTSTR lpFileName, HANDLE hFile, DWORD dwFlags);
static HMODULE WINAPI LoadLibraryExW(LPCTSTR lpFileName, HANDLE hFile, DWORD dwFlags);
//防止程序运行期间动态调用API函数 对于请求已HOOK的API函数,返回用户自定义的函数地址
static FARPROC WINAPI GetProcess(HMODULE hModule, PCSTR pszProcName);
private: //定义成静态的,会自动调用,从而实现自动HOOK
static CAPIHOOK sm_LoadLibraryA;
static CAPIHOOK sm_LoadLibraryW;
static CAPIHOOK sm_LoadLibraryExA;
static CAPIHOOK sm_LoadLibraryExW;
static CAPIHOOK sm_GetProcAddress;
private:
static CAPIHOOK* sm_pHeader; //钩子链表
CAPIHOOK* m_pNext;
//要钩子的函数
PROC m_pfnOrig;
PROC m_pfnHook;
//要钩子的函数所在的dll
LPSTR m_pszModName;
//要钩子的函数名称
LPSTR m_pszFuncName;
};
希望本文所述对大家的C++程序设计有所帮助。
收藏文章
精彩图集
精彩文章
