mini hook connect 함수 차단 (전역 갈고리)

1. NtHookEngine.dll 및 NtHookEngine.lib 프로젝트 위치
2. 코드는 다음과 같습니다. EstdLL.cpp
// TEST_DLL.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include "TEST_DLL.H"
#include <Winsock2.h>
#include "NtHookEngine_Test.h"
#include <windows.h>

#include <tchar.h>
#ifndef ULONG_PTR
#define ULONG_PTR unsigned long* 
#endif
#pragma comment(lib, "Ws2_32.lib") 
#pragma comment(lib,"NtHookEngine.lib")
//#pragma comment(lib, "User32.lib")

#pragma data_seg("MySec")
HANDLE m_hModule=NULL;
HHOOK g_HHOOK=NULL;
HMODULE hHookEngineDll;

// BOOL (__cdecl *HookFunction)(ULONG_PTR OriginalFunction, ULONG_PTR NewFunction);
// VOID (__cdecl *UnhookFunction)(ULONG_PTR Function);
// ULONG_PTR (__cdecl *GetOriginalFunction)(ULONG_PTR Hook);
#pragma data_seg()


int WINAPI MyMessageBoxW(SOCKET s,                          
						 const struct sockaddr FAR *name,  
  int namelen);

LRESULT CALLBACK CBTProc(
						 int nCode,      // hook code
						 WPARAM wParam,  // depends on hook code
						 LPARAM lParam   // depends on hook code
						 ){
	//MessageBox(NULL,"CBTProc","CBTProc",MB_OK);
	return CallNextHookEx(g_HHOOK,nCode,wParam,lParam);
}

VOID gjl_Hook(HWND hwnd){
		g_HHOOK=SetWindowsHookEx(WH_CBT,(HOOKPROC)CBTProc,(HINSTANCE)m_hModule,0);
}
VOID gjl_UnHook(){
	UnhookWindowsHookEx(g_HHOOK);
}

//HMODULE dllModule=LoadLibrary(_T("User32.dll"));
//FARPROC messageboxAddr=GetProcAddress(dllModule,"MessageBoxW");


#include <stdio.h>

extern "C"_declspec(dllimport) BOOL HookFunction(ULONG_PTR OriginalFunction, ULONG_PTR NewFunction);
extern "C"_declspec(dllimport) VOID UnhookFunction(ULONG_PTR Function);
extern "C"_declspec(dllimport) ULONG_PTR GetOriginalFunction(ULONG_PTR Hook);

BOOL APIENTRY DllMain( HANDLE hModule, 
					  DWORD  ul_reason_for_call, 
					  LPVOID lpReserved
					  )
{
    switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:	
		
		m_hModule=hModule;
		//hHookEngineDll= LoadLibrary(_T("C:\\mailchecker\\backup\\TEST_dll_minihook\\TEST_MFC_HOOK\\Debug\\NtHookEngine.dll"));
		//hHookEngineDll= LoadLibrary(_T("C:\\NtHookEngine.dll"));
		CHAR szBuf[80];
	//hHookEngineDll = LoadLibrary(_T("C:\\mailchecker\backup\\TEST_dll_minihook\\TEST_DLL\\Debug\\NtHookEngine.dll"));
		//Hook();	
// 		if (NULL==hHookEngineDll)
// 		{
// 			DWORD dw=GetLastError();
// 			sprintf(szBuf, "failed: GetLastError returned %u
", // dw); // MessageBox(NULL, szBuf, "Error", MB_OK); // MessageBox(NULL,"hHookEngineDll fail ","hHookEngineDll fail ",MB_OK); // //126 // //MessageBox(NULL,(const char *)error,(const char *)error,MB_OK); // } // HookFunction = (BOOL (__cdecl *)(ULONG_PTR, ULONG_PTR)) // GetProcAddress(hHookEngineDll, "HookFunction"); // // // UnhookFunction = (VOID (__cdecl *)(ULONG_PTR)) // GetProcAddress(hHookEngineDll, "UnhookFunction"); // // GetOriginalFunction = (ULONG_PTR (__cdecl *)(ULONG_PTR)) // GetProcAddress(hHookEngineDll, "GetOriginalFunction"); if (HookFunction == NULL || UnhookFunction == NULL || GetOriginalFunction == NULL) { MessageBox(NULL,"MINI hook init fail","MINI hook init fail",MB_OK); return 0; } HookFunction((ULONG_PTR)connect, (ULONG_PTR) &MyMessageBoxW); break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: break; } return TRUE; } int WINAPI MyMessageBoxW(SOCKET s, const struct sockaddr FAR *name, int namelen) { int (WINAPI *pMessageBoxW)(SOCKET s, const struct sockaddr FAR *name, int namelen); pMessageBoxW = (int (WINAPI *)(SOCKET s, const struct sockaddr FAR *name, int namelen)) GetOriginalFunction((ULONG_PTR) MyMessageBoxW); MessageBox(NULL,"success","success",MB_OK); return pMessageBoxW(s, name, namelen); }

3.mydll.def
LIBRARY "TEST_DLL"
EXPORTS
gjl_Hook @1
gjl_UnHook @2
SEGMENTS
MySec read write shared

4.TEST_DLL.h
#ifndef TestDll_H_
#define TestDll_H_
#ifdef MYLIBDLL
#define MYLIBDLL extern "C" _declspec(dllimport) 
#else
#define MYLIBDLL extern "C" _declspec(dllexport) 
#endif
MYLIBDLL void gjl_Hook(HWND hwnd);
MYLIBDLL void gjl_UnHook();
//You can also write like this:
//extern "C" {
//_declspec(dllexport) int Add(int plus1, int plus2);
//};
#endif

5. 필요한 곳에connect 함수를 호출하면 된다

좋은 웹페이지 즐겨찾기