几何尺寸与公差论坛------致力于产品几何量公差标准GD&T (GDT:ASME)|New GPS(ISO)研究/CAD设计/CAM加工/CMM测量

几何尺寸与公差论坛------致力于产品几何量公差标准GD&T (GDT:ASME)|New GPS(ISO)研究/CAD设计/CAM加工/CMM测量 (http://www.dimcax.com/hust/index.php)
-   云梦泽(娱乐) (http://www.dimcax.com/hust/forumdisplay.php?f=62)
-   -   [☆ 例程] 传奇|| Hook 源码 (http://www.dimcax.com/hust/showthread.php?t=31982)

huangyhg 2010-04-12 11:33 AM
[☆ 例程] 传奇|| Hook 源码
 
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#define WIN32_LEAN_AND_MEAN
#define LOGFILE "C:\\hookwsock.log"
#include "stdio.h"
#include
#include
/*// IEXPLORE Droiyan Online "IEFrame"
#define NameClass "IEFrame"
#define TitleClass NULL
*/

/*
// 传奇 II
#define NameClass NULL
#define TitleClass "legend of mir2"
*/
int _stdcall ws2_32_recv(SOCKET s, char FAR *buf, int len, int flags);
int _stdcall ws2_32_send(SOCKET s, const char FAR *buf, int len, int flags);
DWORD pws2_32Send = 0;
DWORD pws2_32Recv = 0;
DWORD dwCurrentPID = 0;
DWORD hProcId;
HHOOK hHook;
BYTE btNewBytes[8] = { 0x0B8, 0x0, 0x0, 0x40, 0x0, 0x0FF, 0x0E0, 0 };
DWORD dwOldBytes[2];
HANDLE hGame = INVALID_HANDLE_value;
HANDLE hDebug = INVALID_HANDLE_value;
HWND GamehWnd;
HMODULE hLib;

LRESULT CALLBACK Call9XWndProc(int nCode, WPARAM wParam, LPARAM lParam )
{
DWORD dwSize;
if (dwCurrentPID == 0)
{
dwCurrentPID = GetCurrentProcessId();
if (GamehWnd = FindWindow(NameClass, TitleClass))
{
GetWindowThreadProcessId(GamehWnd, &hProcId);
hGame = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE, TRUE, hProcId);
//打开进程并得到读与权限
hLib = LoadLibrary("WS2_32.DLL");

pws2_32Send = (DWORD)GetProcAddress(hLib, "send");
pws2_32Recv = (DWORD)GetProcAddress(hLib, "recv");
ReadProcessMemory(hGame, (void *)pws2_32Send, (void *)dwOldBytes[0], sizeof(DWORD)*2, &dwSize);
*(DWORD *)( btNewBytes + 1) = (DWORD)ws2_32_send;
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize);
ReadProcessMemory(hGame, (void *)pws2_32Recv, (void *)dwOldBytes[1], sizeof(DWORD)*2, &dwSize);
*(DWORD *)( btNewBytes + 1 ) = (DWORD)ws2_32_recv;
WriteProcessMemory(hGame, (void *)pws2_32Recv, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize);

}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
LRESULT CALLBACK CallNTWndProc( int nCode, WPARAM wParam, LPARAM lParam )
{
DWORD dwSize;
HMODULE hLib;
if (dwCurrentPID == 0)
{
dwCurrentPID = GetCurrentProcessId();
if (GamehWnd = FindWindow(NameClass, TitleClass))
{
GetWindowThreadProcessId(GamehWnd, &hProcId);
if( dwCurrentPID == hProcId )
{
hLib = LoadLibrary( "WS2_32.DLL" );
pws2_32Send = (DWORD)GetProcAddress( hLib, "send" );
pws2_32Recv = (DWORD)GetProcAddress( hLib, "recv" );
ReadProcessMemory(hGame, (void *)pws2_32Send, (void *)dwOldBytes[0], sizeof(DWORD)*2, &dwSize );
*(DWORD *)( btNewBytes + 1 ) = (DWORD)ws2_32_send;
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize );

ReadProcessMemory(hGame, (void *)pws2_32Recv, (void *)dwOldBytes[1], sizeof(DWORD)*2, &dwSize );
*(DWORD *)( btNewBytes + 1 ) = (DWORD)ws2_32_recv;
WriteProcessMemory(hGame, (void *)pws2_32Recv, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize );
MessageBox(NULL,"监测到程序","信息",0);
#ifdef _LOG
hDebug = CreateFile( LOGFILE, GENERIC_WRITE, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0 );
#endif

}
}
}
return CallNextHookEx(hHook, nCode, wParam, lParam);
}
// 发送网络数据包拦截
int __stdcall ws2_32_send(SOCKET s, const char FAR *buf, int len, int flags)
{
DWORD dwSize;
char szTemp[1024];
char szTemp1[1024];
int r = 0;
// restore it at first
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)dwOldBytes[0], sizeof(DWORD)*2, &dwSize );
// execute it
_asm
{
push esp
push flags
push len
push buf
push s
call pws2_32Send
pop esp
mov r, eax
}

// hook it again
*(DWORD *)( btNewBytes + 1) = (DWORD)ws2_32_send;
WriteProcessMemory(hGame, (void *)pws2_32Send, (void *)btNewBytes, sizeof(DWORD)*2, &dwSize );
#ifdef _LOG
//Watch here before it’s executed.
sprintf( szTemp, "发送信息 SOCKET %d, 长度 %d, flags %d\r\nContent: \r\n", s, len, flags );
for( int i=0; i 4) ||
((osvi.dwMajorVersion == 4) && (osvi.dwMinorVersion > 0)))
{
return 1;
}
else return 1;
break;
case VER_PLATFORM_WIN32s:
return 2;
break;
}
return 3;
}
bool InstallHook(HMODULE hLib)
{
// Windows NT/2000/XP
if (GetSystemVersion() == 0) {
hHook = SetWindowsHookEx(WH_CALLWNDPROC, (HOOKPROC)CallNTWndProc, hLib, 0);
return true; }
// Windows 95/98
if (GetSystemVersion() == 1) {
hHook = SetWindowsHookEx(WH_CALLWNDPROC, (HOOKPROC)Call9XWndProc, hLib, 0);
return true; }
return false;
}
bool UninstallHook()
{
// 卸载钩子
UnhookWindowsHookEx(hHook);
// 卸载动态连接库
FreeLibrary(hLib);
return true;
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
return TRUE;
}


所有的时间均为北京时间。 现在的时间是 03:21 PM.