VC API HOOK问题(JMP)
谢谢同志们,这代码哪里有错呀!我搞了一晚上都没发现错,大家帮我看看,谢谢!BYTENewFunc[8];HMODULEhUser32=GetModuleHandle("u...
谢谢同志们,
这代码哪里有错呀!我搞了一晚上都没发现错,大家帮我看看,谢谢!
BYTE NewFunc[8];
HMODULE hUser32 = GetModuleHandle("user32.dll");
if (hUser32 == NULL)
{
hUser32 = LoadLibrary("user32.dll");
}
FARPROC hookfunc = GetProcAddress(hUser32,"MessageBoxA");
//char *buff={"aaa"};
NewFunc[0] = 0xe9;// JMP
PDWORD pNewFuncAddress;
pNewFuncAddress = (DWORD*)&NewFunc[1]; //指针
*pNewFuncAddress = (DWORD)&MessageBox2 - (DWORD)hookfunc - 5;
HANDLE hProcess = GetCurrentProcess();
DWORD dwOldFlag;
if(VirtualProtect(&hookfunc,5,PAGE_READWRITE,&dwOldFlag))
{
if(WriteProcessMemory(hProcess,&hookfunc,NewFunc,5,0))
{
VirtualProtect(NewFunc,5,dwOldFlag,&dwOldFlag);
//return;
MessageBoxA(NULL,"aaa","bbb",MB_OK);
}
}
这里是MessageBox2的函数
int MessageBox2(
HWND hWnd, // handle to owner window
LPCTSTR lpText, // text in message box
LPCTSTR lpCaption, // message box title
UINT uType // message box style
)
{
printf("aaa");
return 0;
} 展开
这代码哪里有错呀!我搞了一晚上都没发现错,大家帮我看看,谢谢!
BYTE NewFunc[8];
HMODULE hUser32 = GetModuleHandle("user32.dll");
if (hUser32 == NULL)
{
hUser32 = LoadLibrary("user32.dll");
}
FARPROC hookfunc = GetProcAddress(hUser32,"MessageBoxA");
//char *buff={"aaa"};
NewFunc[0] = 0xe9;// JMP
PDWORD pNewFuncAddress;
pNewFuncAddress = (DWORD*)&NewFunc[1]; //指针
*pNewFuncAddress = (DWORD)&MessageBox2 - (DWORD)hookfunc - 5;
HANDLE hProcess = GetCurrentProcess();
DWORD dwOldFlag;
if(VirtualProtect(&hookfunc,5,PAGE_READWRITE,&dwOldFlag))
{
if(WriteProcessMemory(hProcess,&hookfunc,NewFunc,5,0))
{
VirtualProtect(NewFunc,5,dwOldFlag,&dwOldFlag);
//return;
MessageBoxA(NULL,"aaa","bbb",MB_OK);
}
}
这里是MessageBox2的函数
int MessageBox2(
HWND hWnd, // handle to owner window
LPCTSTR lpText, // text in message box
LPCTSTR lpCaption, // message box title
UINT uType // message box style
)
{
printf("aaa");
return 0;
} 展开
1个回答
展开全部
新手么? 还是用MS的detours吧
本回答由提问者推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
