实现这个程序的背景很偶然,我原本还在设计远控的,但因为一个网友提到黑客论坛的一个活动,这个活动的大概就是发布两个原创视频教程就能获得该论坛的提供的任意一本技术书籍。看了那些书籍很想要,而那个网友因为只制作了7个视频教程,有一本没货只领到两本书,他就跟我说如果我能已HOOK API 技术制作一个视频教程,那么就送我剩余两本书。我就在那一晚“疯狂的”寻找关于HOOK API 的资料。在那个晚上终于搞清楚原理和使用方法,准备制作视频教程。o(︶︿︶)o 唉 天算不如人算。该论坛的站长不同意这种方式,就算了... 不过倒也好,因为这个学会了这个好玩的HOOK API 技术。对比远控,觉得这个好玩多了,也实用多了。就想再熟悉熟悉... 于是这个作品就诞生了...
这个程序就是利用了 HOOK API 技术,将关键的API HOOK 了。
这个只是一个练习作品,有很多功能还没有完善。
例如添加密码保护、保护指定进程(适合无窗口进程)、保护配置信息文件、保护自身、隐藏自身、快捷键等...
在设计的过程中体会到,学习编程,光看懂代码没用,必须要自己根据理解的原理去实现一些好玩的功能,这样才是真正的学到了,因为如果自己不去实际的写一下代码,很多技巧、很多细节都不会知道,当真正要用到的时候可能就没法立即派上用场,到时候遇到未知问题恐怕还要花费几天的时间去问别人,去找资料...
嘎嘎,第一次发布界面那么好看的程序....
程序主界面:
窗口守护:所守护的窗口所属的进程将无法被结束。
文件守护:被守护的文件将无法被删除、复制、移动、修改,但是允许读取。
USB 守护:所有的数据将无法被复制到非本地磁盘。
被保护的效果:修改会提示“句柄无效”无法修改
复制的时候会出现无法复制
下载地址:http://d.1tpan.com/tp0154848117
发出源码,意在交流... ExE是用MFC设计的,主要的功能就是写入 配置文件和控制dll的加载和卸载 就不发了
核心源代码(DLL)
===================================================================================
// HOOKAPI.H
// 字符串编码转换函数
BOOL WCharToMByte(LPCWSTR lpcwszStr, LPSTR lpszStr, DWORD dwSize)
{
/*
wchar_t wText[10] = {L"函数示例"};
char sText[20]= {0};
WCharToMByte(wText,sText,sizeof(sText)/sizeof(sText[0]));
MByteToWChar(sText,wText,sizeof(wText)/sizeof(wText[0]));
*/
DWORD dwMinSize;
dwMinSize = WideCharToMultiByte(CP_OEMCP,NULL,lpcwszStr,-1,NULL,0,NULL,FALSE);
if(dwSize < dwMinSize)
{
return FALSE;
}
WideCharToMultiByte(CP_OEMCP,NULL,lpcwszStr,-1,lpszStr,dwSize,NULL,FALSE);
return TRUE;
}
// 读取配置文件,获得保护列表清单
BOOL GetWindowListBool(DWORD ProcessID)
{
char Temp[MAX_PATH] = {0};
DWORD pID;
char ID[30] = {0};
HWND hWnd = NULL;
// 保护自身
hWnd = FindWindow(NULL, "守护者 SP1 L、QQ:1007566569");
if(hWnd != NULL)
{
GetWindowThreadProcessId(hWnd, &pID);
if (ProcessID == pID)
return TRUE;
}
for(int i=0; i<=ListMax; i++)
{
sprintf(ID, "%d", i);
GetPrivateProfileString(WindowList, ID, "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Error")!=0)
{
hWnd= FindWindow(NULL, Temp);
if (hWnd != NULL)
{
GetWindowThreadProcessId(hWnd, &pID);
if (ProcessID == pID)
return TRUE;
}
}
}
return FALSE;
}
// 读取配置文件,获得保护列表清单
BOOL GetFileListBool(char FileName[])
{
char Temp[MAX_PATH] = {0};
char ID[30] = {0};
GetPrivateProfileString(ShUsb, "NoWrite", "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Yes") == 0)
{
char Path[3] = {0};
Path[0] = FileName[0];
strcat(Path, ":\\");
// 如果不是固定硬盘则不允许
if( DRIVE_FIXED != GetDriveType(Path))
return TRUE;
}
for(int i=0; i<=ListMax; i++)
{
sprintf(ID, "%d", i);
GetPrivateProfileString(FileList, ID, "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Error")!=0)
{
if (strcmp(Temp, FileName) == 0)
{
return TRUE;
}
}
}
return FALSE;
}
/************************************************************************
* HOOK 进程列表
************************************************************************/
// 声明函数指针指向原API
HANDLE (WINAPI *SysOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId ) = OpenProcess;
BOOL (WINAPI *SysDeleteFileA)(LPCSTR lpFileName) = DeleteFileA;
BOOL (WINAPI *SysDeleteFileW)(LPCWSTR lpFileName) = DeleteFileW;
BOOL (WINAPI *SysCopyFileA)( __in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName, __in BOOL bFailIfExists ) = CopyFileA;
BOOL (WINAPI *SysCopyFileW)(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists) = CopyFileW;
BOOL (WINAPI *SysMoveFileA)(__in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName) = MoveFileA;
BOOL (WINAPI *SysMoveFileW)(__in LPCWSTR lpExistingFileName, __in LPCWSTR lpNewFileName) = MoveFileW;
HANDLE (WINAPI *SysCreateFileA)(
__in LPCSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
) = CreateFileA;
HANDLE (WINAPI *SysCreateFileW)(
__in LPCWSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
) = CreateFileW;
BOOL (WINAPI *SysReplaceFileA)(
__in LPCSTR lpReplacedFileName,
__in LPCSTR lpReplacementFileName,
__in_opt LPCSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved
) = ReplaceFileA;
BOOL (WINAPI *SysReplaceFileW)(
__in LPCWSTR lpReplacedFileName,
__in LPCWSTR lpReplacementFileName,
__in_opt LPCWSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved
) = ReplaceFileW;
BOOL (WINAPI *SysCopyFileExA)(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags
) = CopyFileExA;
BOOL (WINAPI *SysCopyFileExW)(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags
) = CopyFileExW;
BOOL (WINAPI *SysMoveFileWithProgressA)(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags) = MoveFileWithProgressA;
BOOL (WINAPI *SysMoveFileWithProgressW)(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags
) = MoveFileWithProgressW;
int (WINAPI *SysSHFileOperationA)(LPSHFILEOPSTRUCTA lpFileOp) = SHFileOperationA;
int (WINAPI *SysSHFileOperationW)(LPSHFILEOPSTRUCTW lpFileOp) = SHFileOperationW;
/************************** MyAPI *****************************/
// HOOK 创建进程
HANDLE WINAPI MyOpenProcess( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId )
{
if (GetWindowListBool(dwProcessId))
return NULL;
// 必须调用我们的API指针,如果调用回原来的,则又会被我们HOOK 所以会出现无限循环...
return SysOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
}
// HOOK 删除文件
BOOL WINAPI MyDeleteFileA(LPCSTR lpFileName)
{
// MessageBox(0,"MyDeleteFileA", "MyDeleteFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysDeleteFileA(lpFileName);
}
BOOL WINAPI MyDeleteFileW(LPCWSTR lpFileName)
{
// MessageBox(0,"MyDeleteFileW", "MyDeleteFileW", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0,tmp, "MyDeleteFileW", 0);
if (GetFileListBool(tmp))
return FALSE;
return SysDeleteFileW(lpFileName);
}
// HOOK 复制文件
BOOL WINAPI MyCopyFileA( __in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName, __in BOOL bFailIfExists )
{
// MessageBox(0,"MyCopyFileA", "MyCopyFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysCopyFileA(lpExistingFileName, lpNewFileName, bFailIfExists);
}
BOOL WINAPI MyCopyFileW(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists)
{
// MessageBox(0,"MyCopyFileW", "MyCopyFileW", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysCopyFileW(lpExistingFileName, lpNewFileName, bFailIfExists);
}
// HOOK 移动文件
BOOL WINAPI MyMoveFileA(__in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName)
{
// MessageBox(0,"MyMoveFileA", "MyMoveFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileA(lpExistingFileName, lpNewFileName);
}
BOOL WINAPI MyMoveFileW(__in LPCWSTR lpExistingFileName, __in LPCWSTR lpNewFileName)
{
// MessageBox(0,"MyMoveFilew", "MyMoveFilew", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileW(lpExistingFileName, lpNewFileName);
}
// HOOK 创建文件
HANDLE WINAPI MyCreateFileA(
__in LPCSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition, // 打开文件方式
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile)
{
// 如果是 创建新文件 创建文件并改写文件 不存在则创建
if ( dwCreationDisposition == CREATE_NEW || dwCreationDisposition == CREATE_ALWAYS || dwCreationDisposition == OPEN_ALWAYS )
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpFileName);
if (GetFileListBool(tmp))
return NULL;
}
return SysCreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
HANDLE WINAPI MyCreateFileW(
__in LPCWSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile)
{
// 如果是 创建新文件 创建文件并改写文件 不存在则创建
if ( dwCreationDisposition == CREATE_NEW || dwCreationDisposition == CREATE_ALWAYS || dwCreationDisposition == OPEN_ALWAYS )
{
char tmp[MAX_PATH] = {0};
WCharToMByte(lpFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return NULL;
}
return SysCreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
BOOL WINAPI MyCopyFileExA(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags)
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
MessageBox(0,tmp, "CopyFileExA", 0);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpNewFileName);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
return SysCopyFileExA(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);
}
BOOL WINAPI MyCopyFileExW(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags)
{
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpNewFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0,tmp, "CopyFileExW 2 ",0);
// MessageBoxW(0, lpExistingFileName, lpNewFileName,0);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
return SysCopyFileExW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);
}
BOOL WINAPI MyReplaceFileA(
__in LPCSTR lpReplacedFileName,
__in LPCSTR lpReplacementFileName,
__in_opt LPCSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved)
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpReplacedFileName);
// MessageBox(0,tmp, "ReplaceFileW",0);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpReplacementFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysReplaceFileA(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
BOOL WINAPI MyReplaceFileW(
__in LPCWSTR lpReplacedFileName,
__in LPCWSTR lpReplacementFileName,
__in_opt LPCWSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved )
{
// MessageBox(0,"ssssssssss", "ReplaceFileW",0);
char tmp[MAX_PATH] = {0};
// MessageBox(0, tmp, "MyReplaceFileW",0);
// MessageBox(0,tmp, "ReplaceFileW",0);
WCharToMByte(lpReplacedFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpReplacementFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysReplaceFileW(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
BOOL WINAPI MyMoveFileWithProgressA(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags)
{
// MessageBox(0,"s", "MoveFileWithProgressA",0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpNewFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileWithProgressA(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, dwFlags);
}
BOOL WINAPI MyMoveFileWithProgressW(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags)
{
// MessageBox(0,"ss", "MoveFileWithProgressW",0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0, tmp, "MoveFileWithProgressW",0);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpNewFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileWithProgressW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, dwFlags);
}
int WINAPI MySHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp)
{
/* char tmp[MAX_PATH*1024] = {0};
strcpy(tmp, lpFileOp->pFrom);
// 如果是多个文件
if (FOF_MULTIDESTFILES == lpFileOp->fFlags)
{
if (GetFileListBool(1, tmp))
return 1;
}
else
{
if (GetFileListBool(tmp))
return 1;
}
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpFileOp->pTo);
if (GetFileListBool(tmp))
return 1;
*/
return SysSHFileOperationA(lpFileOp);
}
int WINAPI MySHFileOperationW(LPSHFILEOPSTRUCTW lpFileOp)
{/*
// char tmp[MAX_PATH*1024] = {0};
DWORD dwNum;
dwNum= WideCharToMultiByte(CP_OEMCP,NULL,lpFileOp->pFrom,-1,NULL,0,NULL,FALSE);
WCHAR* tmp = new char[dwNum];
wcscpy(tmp, lpFileOp->pFrom);
// MessageBoxA(0, tmp, "SS", 0);
// wcstombs(tmp, lpFileOp->pFrom, sizeof(tmp));
// 如果是多个文件
if (FOF_MULTIDESTFILES == lpFileOp->fFlags)
{
if (GetFileListBool(1, tmp))
return TRUE;
}
else
{
if (GetFileListBool(0, tmp))
return TRUE;
}
/* memset(tmp, 0, sizeof(tmp));
wcstombs(tmp, lpFileOp->pTo, sizeof(tmp));
if (GetFileListBool(tmp))
return TRUE;
*/
return SysSHFileOperationW(lpFileOp);
}
Core.cpp
========================================================================================
#include "stdafx.h"
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
#pragma comment(linker,"/OPT:NOWIN98")
#include<shellapi.h>
#include <TLHELP32.H>
#include <Psapi.h>
#pragma comment (lib, "Psapi.lib")
char ConfigPath[MAX_PATH] = {0};
#include "..\守护者\Cmd.h"
#include "HookAPI.h"
HINSTANCE g_hInst;
HHOOK HookAPI = NULL;
BOOL AddHOOKAPI()
{
// 在这两件事做完以后,detour函数才是真正地附着到目标函数上
DetourTransactionBegin(); // 对detours进行初始化.
DetourUpdateThread(GetCurrentThread()); // 更新进行detours的线程
// 参数原有的API ,接管的API
// 挂钩API HOOK 列表
// 打开进程
DetourAttach(&(PVOID&)SysOpenProcess, MyOpenProcess);
// 删除文件
DetourAttach(&(PVOID&)SysDeleteFileA, MyDeleteFileA);
DetourAttach(&(PVOID&)SysDeleteFileW, MyDeleteFileW);
// 复制文件
DetourAttach(&(PVOID&)SysCopyFileA, MyCopyFileA);
DetourAttach(&(PVOID&)SysCopyFileW, MyCopyFileW);
// 移动文件
DetourAttach(&(PVOID&)SysMoveFileA, MyMoveFileA);
DetourAttach(&(PVOID&)SysMoveFileW, MyMoveFileW);
// 创建、打开文件
DetourAttach(&(PVOID&)SysCreateFileA, MyCreateFileA);
DetourAttach(&(PVOID&)SysCreateFileW, MyCreateFileW);
// 复制文件
DetourAttach(&(PVOID&)SysCopyFileExA, MyCopyFileExA);
DetourAttach(&(PVOID&)SysCopyFileExW, MyCopyFileExW);
// 覆盖文件
DetourAttach(&(PVOID&)SysReplaceFileA, MyReplaceFileA);
DetourAttach(&(PVOID&)SysReplaceFileW, MyReplaceFileW);
// 移动文件
DetourAttach(&(PVOID&)SysMoveFileWithProgressA, MyMoveFileWithProgressA);
DetourAttach(&(PVOID&)SysMoveFileWithProgressW, MyMoveFileWithProgressW);
// 复制、移动、删除文件
// DetourAttach(&(PVOID&)SysSHFileOperationA, MySHFileOperationA);
// DetourAttach(&(PVOID&)SysSHFileOperationW, MySHFileOperationW);
if(DetourTransactionCommit() != NO_ERROR) // 启用并检查启用是否成功
return FALSE;
return TRUE;
}
BOOL DelHOOKAPI()
{
DetourTransactionBegin();
DetourDetach(&(PVOID&)SysOpenProcess, MyOpenProcess);
DetourDetach(&(PVOID&)SysDeleteFileA, MyDeleteFileA);
DetourDetach(&(PVOID&)SysDeleteFileW, MyDeleteFileW);
DetourDetach(&(PVOID&)SysCopyFileA, MyCopyFileA);
DetourDetach(&(PVOID&)SysCopyFileW, MyCopyFileW);
DetourDetach(&(PVOID&)SysMoveFileA, MyMoveFileA);
DetourDetach(&(PVOID&)SysMoveFileW, MyMoveFileW);
DetourDetach(&(PVOID&)SysCreateFileA, MyCreateFileA);
DetourDetach(&(PVOID&)SysCreateFileW, MyCreateFileW);
DetourDetach(&(PVOID&)SysCopyFileExA, MyCopyFileExA);
DetourDetach(&(PVOID&)SysCopyFileExW, MyCopyFileExW);
DetourDetach(&(PVOID&)SysReplaceFileA, MyReplaceFileA);
DetourDetach(&(PVOID&)SysReplaceFileW, MyReplaceFileW);
DetourDetach(&(PVOID&)SysMoveFileWithProgressA, MyMoveFileWithProgressA);
DetourDetach(&(PVOID&)SysMoveFileWithProgressW, MyMoveFileWithProgressW);
// DetourDetach(&(PVOID&)SysSHFileOperationA, MySHFileOperationA);
// DetourDetach(&(PVOID&)SysSHFileOperationW, MySHFileOperationW);
if(DetourTransactionCommit() != NO_ERROR) // 启用并检查启用是否成功
return FALSE;
return TRUE;
}
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, // handle to the DLL module
DWORD fdwReason, // reason for calling function
LPVOID lpvReserved // reserved
)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hInst = hinstDLL;
GetWindowsDirectory(ConfigPath, MAX_PATH);
strcat(ConfigPath, IniFile);
AddHOOKAPI();
break;
case DLL_PROCESS_DETACH:
DelHOOKAPI();
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK GetMsgProc(int nCode, WPARAM wParam, LPARAM lParam)
{
// 不做任何操作 只为让所有进程加载DLL
return CallNextHookEx(HookAPI, nCode, wParam, lParam);
}
BOOL StartHOOKAPI()
{
if (HookAPI == NULL )
{
// 安装钩子
HookAPI = SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)GetMsgProc, g_hInst,0 );
}
if (HookAPI == NULL)
{
return FALSE;
}
return TRUE;
}
BOOL TingHOOKAPI()
{
// DelHOOKAPI();
BOOL bResult=FALSE;
if(HookAPI)
{
// 卸载钩子
bResult= UnhookWindowsHookEx(HookAPI);
if(bResult)
{
HookAPI=NULL;
return TRUE;
}
}
return FALSE;
}
|
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
淘帖
顶
踩
