|
|
實(shí)現(xiàn)這個(gè)程序的背景很偶然,我原本還在設(shè)計(jì)遠(yuǎn)控的,但因?yàn)橐粋(gè)網(wǎng)友提到黑客論壇的一個(gè)活動(dòng),這個(gè)活動(dòng)的大概就是發(fā)布兩個(gè)原創(chuàng)視頻教程就能獲得該論壇的提供的任意一本技術(shù)書籍。看了那些書籍很想要,而那個(gè)網(wǎng)友因?yàn)橹恢谱髁?個(gè)視頻教程,有一本沒貨只領(lǐng)到兩本書,他就跟我說如果我能已HOOK API 技術(shù)制作一個(gè)視頻教程,那么就送我剩余兩本書。我就在那一晚“瘋狂的”尋找關(guān)于HOOK API 的資料。在那個(gè)晚上終于搞清楚原理和使用方法,準(zhǔn)備制作視頻教程。o(︶︿︶)o 唉 天算不如人算。該論壇的站長(zhǎng)不同意這種方式,就算了... 不過倒也好,因?yàn)檫@個(gè)學(xué)會(huì)了這個(gè)好玩的HOOK API 技術(shù)。對(duì)比遠(yuǎn)控,覺得這個(gè)好玩多了,也實(shí)用多了。就想再熟悉熟悉... 于是這個(gè)作品就誕生了...
這個(gè)程序就是利用了 HOOK API 技術(shù),將關(guān)鍵的API HOOK 了。
這個(gè)只是一個(gè)練習(xí)作品,有很多功能還沒有完善。
例如添加密碼保護(hù)、保護(hù)指定進(jìn)程(適合無窗口進(jìn)程)、保護(hù)配置信息文件、保護(hù)自身、隱藏自身、快捷鍵等...
在設(shè)計(jì)的過程中體會(huì)到,學(xué)習(xí)編程,光看懂代碼沒用,必須要自己根據(jù)理解的原理去實(shí)現(xiàn)一些好玩的功能,這樣才是真正的學(xué)到了,因?yàn)槿绻约翰蝗?shí)際的寫一下代碼,很多技巧、很多細(xì)節(jié)都不會(huì)知道,當(dāng)真正要用到的時(shí)候可能就沒法立即派上用場(chǎng),到時(shí)候遇到未知問題恐怕還要花費(fèi)幾天的時(shí)間去問別人,去找資料...
嘎嘎,第一次發(fā)布界面那么好看的程序....
程序主界面:
窗口守護(hù):所守護(hù)的窗口所屬的進(jìn)程將無法被結(jié)束。
文件守護(hù):被守護(hù)的文件將無法被刪除、復(fù)制、移動(dòng)、修改,但是允許讀取。
USB 守護(hù):所有的數(shù)據(jù)將無法被復(fù)制到非本地磁盤。
被保護(hù)的效果:修改會(huì)提示“句柄無效”無法修改
復(fù)制的時(shí)候會(huì)出現(xiàn)無法復(fù)制
下載地址:http://d.1tpan.com/tp0154848117
發(fā)出源碼,意在交流... ExE是用MFC設(shè)計(jì)的,主要的功能就是寫入 配置文件和控制dll的加載和卸載 就不發(fā)了
核心源代碼(DLL)
===================================================================================
// HOOKAPI.H
// 字符串編碼轉(zhuǎn)換函數(shù)
BOOL WCharToMByte(LPCWSTR lpcwszStr, LPSTR lpszStr, DWORD dwSize)
{
/*
wchar_t wText[10] = {L"函數(shù)示例"};
char sText[20]= {0};
WCharToMByte(wText,sText,sizeof(sText)/sizeof(sText[0]));
MByteToWChar(sText,wText,sizeof(wText)/sizeof(wText[0]));
*/
DWORD dwMinSize;
dwMinSize = WideCharToMultiByte(CP_OEMCP,NULL,lpcwszStr,-1,NULL,0,NULL,FALSE);
if(dwSize < dwMinSize)
{
return FALSE;
}
WideCharToMultiByte(CP_OEMCP,NULL,lpcwszStr,-1,lpszStr,dwSize,NULL,FALSE);
return TRUE;
}
// 讀取配置文件,獲得保護(hù)列表清單
BOOL GetWindowListBool(DWORD ProcessID)
{
char Temp[MAX_PATH] = {0};
DWORD pID;
char ID[30] = {0};
HWND hWnd = NULL;
// 保護(hù)自身
hWnd = FindWindow(NULL, "守護(hù)者 SP1 L、QQ:1007566569");
if(hWnd != NULL)
{
GetWindowThreadProcessId(hWnd, &pID);
if (ProcessID == pID)
return TRUE;
}
for(int i=0; i<=ListMax; i++)
{
sprintf(ID, "%d", i);
GetPrivateProfileString(WindowList, ID, "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Error")!=0)
{
hWnd= FindWindow(NULL, Temp);
if (hWnd != NULL)
{
GetWindowThreadProcessId(hWnd, &pID);
if (ProcessID == pID)
return TRUE;
}
}
}
return FALSE;
}
// 讀取配置文件,獲得保護(hù)列表清單
BOOL GetFileListBool(char FileName[])
{
char Temp[MAX_PATH] = {0};
char ID[30] = {0};
GetPrivateProfileString(ShUsb, "NoWrite", "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Yes") == 0)
{
char Path[3] = {0};
Path[0] = FileName[0];
strcat(Path, ":\\");
// 如果不是固定硬盤則不允許
if( DRIVE_FIXED != GetDriveType(Path))
return TRUE;
}
for(int i=0; i<=ListMax; i++)
{
sprintf(ID, "%d", i);
GetPrivateProfileString(FileList, ID, "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Error")!=0)
{
if (strcmp(Temp, FileName) == 0)
{
return TRUE;
}
}
}
return FALSE;
}
/************************************************************************
* HOOK 進(jìn)程列表
************************************************************************/
// 聲明函數(shù)指針指向原API
HANDLE (WINAPI *SysOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId ) = OpenProcess;
BOOL (WINAPI *SysDeleteFileA)(LPCSTR lpFileName) = DeleteFileA;
BOOL (WINAPI *SysDeleteFileW)(LPCWSTR lpFileName) = DeleteFileW;
BOOL (WINAPI *SysCopyFileA)( __in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName, __in BOOL bFailIfExists ) = CopyFileA;
BOOL (WINAPI *SysCopyFileW)(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists) = CopyFileW;
BOOL (WINAPI *SysMoveFileA)(__in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName) = MoveFileA;
BOOL (WINAPI *SysMoveFileW)(__in LPCWSTR lpExistingFileName, __in LPCWSTR lpNewFileName) = MoveFileW;
HANDLE (WINAPI *SysCreateFileA)(
__in LPCSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
) = CreateFileA;
HANDLE (WINAPI *SysCreateFileW)(
__in LPCWSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
) = CreateFileW;
BOOL (WINAPI *SysReplaceFileA)(
__in LPCSTR lpReplacedFileName,
__in LPCSTR lpReplacementFileName,
__in_opt LPCSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved
) = ReplaceFileA;
BOOL (WINAPI *SysReplaceFileW)(
__in LPCWSTR lpReplacedFileName,
__in LPCWSTR lpReplacementFileName,
__in_opt LPCWSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved
) = ReplaceFileW;
BOOL (WINAPI *SysCopyFileExA)(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags
) = CopyFileExA;
BOOL (WINAPI *SysCopyFileExW)(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags
) = CopyFileExW;
BOOL (WINAPI *SysMoveFileWithProgressA)(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags) = MoveFileWithProgressA;
BOOL (WINAPI *SysMoveFileWithProgressW)(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags
) = MoveFileWithProgressW;
int (WINAPI *SysSHFileOperationA)(LPSHFILEOPSTRUCTA lpFileOp) = SHFileOperationA;
int (WINAPI *SysSHFileOperationW)(LPSHFILEOPSTRUCTW lpFileOp) = SHFileOperationW;
/************************** MyAPI *****************************/
// HOOK 創(chuàng)建進(jìn)程
HANDLE WINAPI MyOpenProcess( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId )
{
if (GetWindowListBool(dwProcessId))
return NULL;
// 必須調(diào)用我們的API指針,如果調(diào)用回原來的,則又會(huì)被我們HOOK 所以會(huì)出現(xiàn)無限循環(huán)...
return SysOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
}
// HOOK 刪除文件
BOOL WINAPI MyDeleteFileA(LPCSTR lpFileName)
{
// MessageBox(0,"MyDeleteFileA", "MyDeleteFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysDeleteFileA(lpFileName);
}
BOOL WINAPI MyDeleteFileW(LPCWSTR lpFileName)
{
// MessageBox(0,"MyDeleteFileW", "MyDeleteFileW", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0,tmp, "MyDeleteFileW", 0);
if (GetFileListBool(tmp))
return FALSE;
return SysDeleteFileW(lpFileName);
}
// HOOK 復(fù)制文件
BOOL WINAPI MyCopyFileA( __in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName, __in BOOL bFailIfExists )
{
// MessageBox(0,"MyCopyFileA", "MyCopyFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysCopyFileA(lpExistingFileName, lpNewFileName, bFailIfExists);
}
BOOL WINAPI MyCopyFileW(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists)
{
// MessageBox(0,"MyCopyFileW", "MyCopyFileW", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysCopyFileW(lpExistingFileName, lpNewFileName, bFailIfExists);
}
// HOOK 移動(dòng)文件
BOOL WINAPI MyMoveFileA(__in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName)
{
// MessageBox(0,"MyMoveFileA", "MyMoveFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileA(lpExistingFileName, lpNewFileName);
}
BOOL WINAPI MyMoveFileW(__in LPCWSTR lpExistingFileName, __in LPCWSTR lpNewFileName)
{
// MessageBox(0,"MyMoveFilew", "MyMoveFilew", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileW(lpExistingFileName, lpNewFileName);
}
// HOOK 創(chuàng)建文件
HANDLE WINAPI MyCreateFileA(
__in LPCSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition, // 打開文件方式
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile)
{
// 如果是 創(chuàng)建新文件 創(chuàng)建文件并改寫文件 不存在則創(chuàng)建
if ( dwCreationDisposition == CREATE_NEW || dwCreationDisposition == CREATE_ALWAYS || dwCreationDisposition == OPEN_ALWAYS )
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpFileName);
if (GetFileListBool(tmp))
return NULL;
}
return SysCreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
HANDLE WINAPI MyCreateFileW(
__in LPCWSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile)
{
// 如果是 創(chuàng)建新文件 創(chuàng)建文件并改寫文件 不存在則創(chuàng)建
if ( dwCreationDisposition == CREATE_NEW || dwCreationDisposition == CREATE_ALWAYS || dwCreationDisposition == OPEN_ALWAYS )
{
char tmp[MAX_PATH] = {0};
WCharToMByte(lpFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return NULL;
}
return SysCreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
BOOL WINAPI MyCopyFileExA(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags)
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
MessageBox(0,tmp, "CopyFileExA", 0);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpNewFileName);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
return SysCopyFileExA(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);
}
BOOL WINAPI MyCopyFileExW(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags)
{
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpNewFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0,tmp, "CopyFileExW 2 ",0);
// MessageBoxW(0, lpExistingFileName, lpNewFileName,0);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
return SysCopyFileExW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);
}
BOOL WINAPI MyReplaceFileA(
__in LPCSTR lpReplacedFileName,
__in LPCSTR lpReplacementFileName,
__in_opt LPCSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved)
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpReplacedFileName);
// MessageBox(0,tmp, "ReplaceFileW",0);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpReplacementFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysReplaceFileA(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
BOOL WINAPI MyReplaceFileW(
__in LPCWSTR lpReplacedFileName,
__in LPCWSTR lpReplacementFileName,
__in_opt LPCWSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved )
{
// MessageBox(0,"ssssssssss", "ReplaceFileW",0);
char tmp[MAX_PATH] = {0};
// MessageBox(0, tmp, "MyReplaceFileW",0);
// MessageBox(0,tmp, "ReplaceFileW",0);
WCharToMByte(lpReplacedFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpReplacementFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysReplaceFileW(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
BOOL WINAPI MyMoveFileWithProgressA(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags)
{
// MessageBox(0,"s", "MoveFileWithProgressA",0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpNewFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileWithProgressA(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, dwFlags);
}
BOOL WINAPI MyMoveFileWithProgressW(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags)
{
// MessageBox(0,"ss", "MoveFileWithProgressW",0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0, tmp, "MoveFileWithProgressW",0);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpNewFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileWithProgressW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, dwFlags);
}
int WINAPI MySHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp)
{
/* char tmp[MAX_PATH*1024] = {0};
strcpy(tmp, lpFileOp->pFrom);
// 如果是多個(gè)文件
if (FOF_MULTIDESTFILES == lpFileOp->fFlags)
{
if (GetFileListBool(1, tmp))
return 1;
}
else
{
if (GetFileListBool(tmp))
return 1;
}
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpFileOp->pTo);
if (GetFileListBool(tmp))
return 1;
*/
return SysSHFileOperationA(lpFileOp);
}
int WINAPI MySHFileOperationW(LPSHFILEOPSTRUCTW lpFileOp)
{/*
// char tmp[MAX_PATH*1024] = {0};
DWORD dwNum;
dwNum= WideCharToMultiByte(CP_OEMCP,NULL,lpFileOp->pFrom,-1,NULL,0,NULL,FALSE);
WCHAR* tmp = new char[dwNum];
wcscpy(tmp, lpFileOp->pFrom);
// MessageBoxA(0, tmp, "SS", 0);
// wcstombs(tmp, lpFileOp->pFrom, sizeof(tmp));
// 如果是多個(gè)文件
if (FOF_MULTIDESTFILES == lpFileOp->fFlags)
{
if (GetFileListBool(1, tmp))
return TRUE;
}
else
{
if (GetFileListBool(0, tmp))
return TRUE;
}
/* memset(tmp, 0, sizeof(tmp));
wcstombs(tmp, lpFileOp->pTo, sizeof(tmp));
if (GetFileListBool(tmp))
return TRUE;
*/
return SysSHFileOperationW(lpFileOp);
}
Core.cpp
========================================================================================
#include "stdafx.h"
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
#pragma comment(linker,"/OPT:NOWIN98")
#include<shellapi.h>
#include <TLHELP32.H>
#include <Psapi.h>
#pragma comment (lib, "Psapi.lib")
char ConfigPath[MAX_PATH] = {0};
#include "..\守護(hù)者\(yùn)Cmd.h"
#include "HookAPI.h"
HINSTANCE g_hInst;
HHOOK HookAPI = NULL;
BOOL AddHOOKAPI()
{
// 在這兩件事做完以后,detour函數(shù)才是真正地附著到目標(biāo)函數(shù)上
DetourTransactionBegin(); // 對(duì)detours進(jìn)行初始化.
DetourUpdateThread(GetCurrentThread()); // 更新進(jìn)行detours的線程
// 參數(shù)原有的API ,接管的API
// 掛鉤API HOOK 列表
// 打開進(jìn)程
DetourAttach(&(PVOID&)SysOpenProcess, MyOpenProcess);
// 刪除文件
DetourAttach(&(PVOID&)SysDeleteFileA, MyDeleteFileA);
DetourAttach(&(PVOID&)SysDeleteFileW, MyDeleteFileW);
// 復(fù)制文件
DetourAttach(&(PVOID&)SysCopyFileA, MyCopyFileA);
DetourAttach(&(PVOID&)SysCopyFileW, MyCopyFileW);
// 移動(dòng)文件
DetourAttach(&(PVOID&)SysMoveFileA, MyMoveFileA);
DetourAttach(&(PVOID&)SysMoveFileW, MyMoveFileW);
// 創(chuàng)建、打開文件
DetourAttach(&(PVOID&)SysCreateFileA, MyCreateFileA);
DetourAttach(&(PVOID&)SysCreateFileW, MyCreateFileW);
// 復(fù)制文件
DetourAttach(&(PVOID&)SysCopyFileExA, MyCopyFileExA);
DetourAttach(&(PVOID&)SysCopyFileExW, MyCopyFileExW);
// 覆蓋文件
DetourAttach(&(PVOID&)SysReplaceFileA, MyReplaceFileA);
DetourAttach(&(PVOID&)SysReplaceFileW, MyReplaceFileW);
// 移動(dòng)文件
DetourAttach(&(PVOID&)SysMoveFileWithProgressA, MyMoveFileWithProgressA);
DetourAttach(&(PVOID&)SysMoveFileWithProgressW, MyMoveFileWithProgressW);
// 復(fù)制、移動(dòng)、刪除文件
// DetourAttach(&(PVOID&)SysSHFileOperationA, MySHFileOperationA);
// DetourAttach(&(PVOID&)SysSHFileOperationW, MySHFileOperationW);
if(DetourTransactionCommit() != NO_ERROR) // 啟用并檢查啟用是否成功
return FALSE;
return TRUE;
}
BOOL DelHOOKAPI()
{
DetourTransactionBegin();
DetourDetach(&(PVOID&)SysOpenProcess, MyOpenProcess);
DetourDetach(&(PVOID&)SysDeleteFileA, MyDeleteFileA);
DetourDetach(&(PVOID&)SysDeleteFileW, MyDeleteFileW);
DetourDetach(&(PVOID&)SysCopyFileA, MyCopyFileA);
DetourDetach(&(PVOID&)SysCopyFileW, MyCopyFileW);
DetourDetach(&(PVOID&)SysMoveFileA, MyMoveFileA);
DetourDetach(&(PVOID&)SysMoveFileW, MyMoveFileW);
DetourDetach(&(PVOID&)SysCreateFileA, MyCreateFileA);
DetourDetach(&(PVOID&)SysCreateFileW, MyCreateFileW);
DetourDetach(&(PVOID&)SysCopyFileExA, MyCopyFileExA);
DetourDetach(&(PVOID&)SysCopyFileExW, MyCopyFileExW);
DetourDetach(&(PVOID&)SysReplaceFileA, MyReplaceFileA);
DetourDetach(&(PVOID&)SysReplaceFileW, MyReplaceFileW);
DetourDetach(&(PVOID&)SysMoveFileWithProgressA, MyMoveFileWithProgressA);
DetourDetach(&(PVOID&)SysMoveFileWithProgressW, MyMoveFileWithProgressW);
// DetourDetach(&(PVOID&)SysSHFileOperationA, MySHFileOperationA);
// DetourDetach(&(PVOID&)SysSHFileOperationW, MySHFileOperationW);
if(DetourTransactionCommit() != NO_ERROR) // 啟用并檢查啟用是否成功
return FALSE;
return TRUE;
}
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, // handle to the DLL module
DWORD fdwReason, // reason for calling function
LPVOID lpvReserved // reserved
)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hInst = hinstDLL;
GetWindowsDirectory(ConfigPath, MAX_PATH);
strcat(ConfigPath, IniFile);
AddHOOKAPI();
break;
case DLL_PROCESS_DETACH:
DelHOOKAPI();
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK GetMsgProc(int nCode, WPARAM wParam, LPARAM lParam)
{
// 不做任何操作 只為讓所有進(jìn)程加載DLL
return CallNextHookEx(HookAPI, nCode, wParam, lParam);
}
BOOL StartHOOKAPI()
{
if (HookAPI == NULL )
{
// 安裝鉤子
HookAPI = SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)GetMsgProc, g_hInst,0 );
}
if (HookAPI == NULL)
{
return FALSE;
}
return TRUE;
}
BOOL TingHOOKAPI()
{
// DelHOOKAPI();
BOOL bResult=FALSE;
if(HookAPI)
{
// 卸載鉤子
bResult= UnhookWindowsHookEx(HookAPI);
if(bResult)
{
HookAPI=NULL;
return TRUE;
}
}
return FALSE;
}
|
|
QQ好友和群
QQ空間
騰訊微博
騰訊朋友
收藏
淘帖
頂
踩
