开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Windows编程 > 钩子与API截获 > 查看源码
Main.cpp
资源名称:HookAPI [点击查看]
上传用户:nbcables
上传日期:2007-01-11
资源大小:1243k
文件大小:4k
源码类别:

钩子与API截获

开发平台:

Visual C++

Main.cpp:源码内容
  1. #include <windows.h>
  2. #include "hookapi.h"
  3. #include "ProcessModule.h"
  4. #include "util.h"
  6. #ifdef WINNT
  7. #include "injlib.h"
  8. #endif
  10. CHookAPI g_hook_api;
  11. extern char g_szDllPath[128];
  13. #ifdef WINNT
  14. BOOL ObtainSeDebugPrivilege();
  15. #endif
  17. #ifdef WINNT
  18. BOOL IfCanHook(DWORD process_id)
  19. {
  20. DWORD cur_pid =GetCurrentProcessId();
  21. if(process_id ==0 || process_id ==cur_pid) return false;
  23. CProcessModule pm;
  25. if(pm.GetProcessModuleHandle(process_id, "smss.exe")
  26. //|| pm.GetProcessModuleHandle(process_id, "csrss.exe")
  27. //|| pm.GetProcessModuleHandle(process_id, "lsass.exe")
  28. )
  29. return false;
  31. return true;
  32. }
  33. #endif
  35. int WINAPI HookOneProcess(DWORD process_id)
  36. {
  37. #ifdef WINNT
  38. char fname[128];
  39. ObtainSeDebugPrivilege();
  40. wsprintf(fname, "%s\HookAPINT.dll", g_szDllPath);
  41. InjectLib(process_id, fname);
  42. #endif
  43. return 0;
  44. }
  46. int WINAPI UnhookOneProcess(DWORD process_id)
  47. {
  48. #ifdef WINNT
  49. ObtainSeDebugPrivilege();
  50. EjectLib(process_id, "HookAPINT.dll");
  51. #endif
  53. return 0;
  54. }
  56. char g_exe_to_hook[256];
  57. int g_f_stop =0;
  58. DWORD g_pid =0;
  59. DWORD WINAPI hook_thread(void *lpvoid)
  60. {
  61. HWND hwndNotify =(HWND)lpvoid;
  63. WriteLog("hook exe:%s", g_exe_to_hook);
  65. #ifdef WINNT
  66. ObtainSeDebugPrivilege();
  67. #endif
  69. CProcessModule pm;
  70. while(!g_f_stop && (g_pid=pm.GetProcessID(g_exe_to_hook)) ==0)
  71. {
  72. Sleep(1000);
  73. }
  74. WriteLog("hook....");
  75. if(!g_f_stop)
  76. {
  77. char fname[128];
  78. wsprintf(fname, "%s\HookAPINT.dll", g_szDllPath);
  80. if(hwndNotify) SendMessage(hwndNotify, WM_APP+2004, g_pid, 0L);
  81. InjectLib(g_pid, fname);
  82. }
  84. return 0;
  85. }
  87. int WINAPI HookOneProcess2(HWND hwndNotify, char *exe_name)
  88. {
  89. #ifdef WINNT
  90. DWORD dw;
  91. strcpy(g_exe_to_hook, exe_name);
  92. HANDLE hThread =CreateThread(NULL, 0, hook_thread, hwndNotify, 0, &dw);
  93. if(hThread ==NULL)
  94. return -1;
  95. #endif
  97. return 0;
  98. }
  100. int WINAPI UnhookOneProcess2(char *exe_name)
  101. {
  102. g_f_stop =1;
  104. #ifdef WINNT
  105. if(g_pid)
  106. EjectLib(g_pid, "HookAPINT.dll");
  107. #endif
  109. return 0;
  110. }
  112. int WINAPI HookAllProcess()
  113. {
  114. #ifdef WINNT
  115. char fname[128];
  116. wsprintf(fname, "%s\HookAPINT.dll", g_szDllPath);
  118. ObtainSeDebugPrivilege();
  119. CProcessModule pm;
  120. pm.EnumProcess();
  121. for(int i =0; i<(int)pm.m_dwProcessCount; i++)
  122. {
  123. if(IfCanHook(pm.m_dwProcessIDs[i]))
  124. InjectLib(pm.m_dwProcessIDs[i], fname);
  125. }
  126. #endif
  128. return 0;
  129. }
  131. int WINAPI UnhookAllProcess()
  132. {
  133. g_f_stop =1;
  134. #ifdef WINNT
  135. CProcessModule pm;
  136. pm.EnumProcess();
  137. for(int i =0; i<(int)pm.m_dwProcessCount; i++)
  138. {
  139. if(IfCanHook(pm.m_dwProcessIDs[i]))
  140. EjectLib(pm.m_dwProcessIDs[i], "HookAPINT.dll");
  141. }
  142. #endif
  144. return 0;
  145. }
  147. #ifdef WINNT
  148. BOOL ObtainSeDebugPrivilege()
  149. {
  150. TOKEN_PRIVILEGES TokenPrivileges;
  151. TOKEN_PRIVILEGES PreviousTokenPrivileges;
  152. LUID luid;
  153. HANDLE hToken;
  154. DWORD dwPreviousTokenPrivilegesSize = sizeof(TOKEN_PRIVILEGES);
  156. if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
  157. {
  158. WriteLog("debug 001");
  159. return false;
  160. }
  162. if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid))
  163. {
  164. WriteLog("debug 002");
  165. return false;
  166. }
  167.   
  168. TokenPrivileges.PrivilegeCount            = 1;
  169. TokenPrivileges.Privileges[0].Luid        = luid;
  170. TokenPrivileges.Privileges[0].Attributes  = 0;
  172. if(!AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES),
  173. &PreviousTokenPrivileges, &dwPreviousTokenPrivilegesSize))
  174. {
  175. WriteLog("debug 003");
  176. return false;
  177. }
  179. PreviousTokenPrivileges.PrivilegeCount             = 1;
  180. PreviousTokenPrivileges.Privileges[0].Luid         = luid;
  181. PreviousTokenPrivileges.Privileges[0].Attributes  |= SE_PRIVILEGE_ENABLED;
  183. if(!AdjustTokenPrivileges(hToken, FALSE, &PreviousTokenPrivileges,
  184. dwPreviousTokenPrivilegesSize, NULL, NULL))
  185. {
  186. WriteLog("debug 004");
  187. return false;
  188. }
  190. //WriteLog("debug ok");
  192. return true;
  193. }
  194. #endif
  196. BOOL WINAPI DllMain(HINSTANCE hInstDLL, DWORD dwReason, PVOID pvReserved)
  197. {
  198. switch (dwReason)
  199. {
  200. case DLL_PROCESS_ATTACH:
  201. break;
  203. case DLL_PROCESS_DETACH:
  204. break;
  205. }
  207. return TRUE;
  208. }