标签:挂接 MessageBox int LPCSTR API pbModule PIMAGE PVOID
// hook.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
PVOID HookAPI(LPBYTE pbModule,PCSTR pszName,PVOID pvOrg,PVOID pvNew)
{
PIMAGE_THUNK_DATA r;
PIMAGE_NT_HEADERS p;
PIMAGE_IMPORT_DESCRIPTOR q;
p=(PIMAGE_NT_HEADERS)(pbModule+(((IMAGE_DOS_HEADER*)(pbModule))->e_lfanew));
q=(PIMAGE_IMPORT_DESCRIPTOR)(pbModule+p->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
for (;q->Name;q++)
{
if (lstrcmpi(pszName,(LPCSTR)(pbModule+q->Name))==0)
{
for (r=(PIMAGE_THUNK_DATA)(pbModule+q->FirstThunk);r->u1.Function;++r)
{
if ((PVOID)r->u1.Function==pvOrg)
{
WriteProcessMemory(GetCurrentProcess(),&r->u1.Function,&pvNew,sizeof(PVOID),NULL);
return pvOrg;
}
}
}
}
return NULL;
}
typedef int (WINAPI *PFMessageBox)(HWND,LPCSTR,LPCSTR,UINT);
PFMessageBox g_addr=MessageBox;
int WINAPI MyMessageBox(HWND hwnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
{
return g_addr(hwnd,"123","",uType);
}
int main(int argc, char* argv[])
{
MessageBox(0,0,0,0);
HookAPI((LPBYTE)GetModuleHandle(NULL),"user32.dll",MessageBox,MyMessageBox);
MessageBox(0,0,0,0);
return 0;
}
标签:挂接,
MessageBox,
int,
LPCSTR,
API,
pbModule,
PIMAGE,
PVOID
From: https://blog.51cto.com/u_15487030/7522600