實現這個程序的背景很偶然,我原本還在設計遠控的,但因為一個網友提到黑客論壇的一個活動,這個活動的大概就是發布兩個原創視頻教程就能獲得該論壇的提供的任意一本技術書籍。看了那些書籍很想要,而那個網友因為只制作了7個視頻教程,有一本沒貨只領到兩本書,他就跟我說如果我能已HOOK API 技術制作一個視頻教程,那么就送我剩余兩本書。我就在那一晚“瘋狂的”尋找關于HOOK API 的資料。在那個晚上終于搞清楚原理和使用方法,準備制作視頻教程。o(︶︿︶)o 唉 天算不如人算。該論壇的站長不同意這種方式,就算了... 不過倒也好,因為這個學會了這個好玩的HOOK API 技術。對比遠控,覺得這個好玩多了,也實用多了。就想再熟悉熟悉... 于是這個作品就誕生了...
這個程序就是利用了 HOOK API 技術,將關鍵的API HOOK 了。
這個只是一個練習作品,有很多功能還沒有完善。
例如添加密碼保護、保護指定進程(適合無窗口進程)、保護配置信息文件、保護自身、隱藏自身、快捷鍵等...
在設計的過程中體會到,學習編程,光看懂代碼沒用,必須要自己根據理解的原理去實現一些好玩的功能,這樣才是真正的學到了,因為如果自己不去實際的寫一下代碼,很多技巧、很多細節都不會知道,當真正要用到的時候可能就沒法立即派上用場,到時候遇到未知問題恐怕還要花費幾天的時間去問別人,去找資料...
嘎嘎,第一次發布界面那么好看的程序....
程序主界面:
窗口守護:所守護的窗口所屬的進程將無法被結束。
文件守護:被守護的文件將無法被刪除、復制、移動、修改,但是允許讀取。
USB 守護:所有的數據將無法被復制到非本地磁盤。
被保護的效果:修改會提示“句柄無效”無法修改
復制的時候會出現無法復制
下載地址:http://d.1tpan.com/tp0154848117
發出源碼,意在交流... ExE是用MFC設計的,主要的功能就是寫入 配置文件和控制dll的加載和卸載 就不發了
核心源代碼(DLL)
===================================================================================
// HOOKAPI.H
// 字符串編碼轉換函數
BOOL WCharToMByte(LPCWSTR lpcwszStr, LPSTR lpszStr, DWORD dwSize)
{
/*
wchar_t wText[10] = {L"函數示例"};
char sText[20]= {0};
WCharToMByte(wText,sText,sizeof(sText)/sizeof(sText[0]));
MByteToWChar(sText,wText,sizeof(wText)/sizeof(wText[0]));
*/
DWORD dwMinSize;
dwMinSize = WideCharToMultiByte(CP_OEMCP,NULL,lpcwszStr,-1,NULL,0,NULL,FALSE);
if(dwSize < dwMinSize)
{
return FALSE;
}
WideCharToMultiByte(CP_OEMCP,NULL,lpcwszStr,-1,lpszStr,dwSize,NULL,FALSE);
return TRUE;
}
// 讀取配置文件,獲得保護列表清單
BOOL GetWindowListBool(DWORD ProcessID)
{
char Temp[MAX_PATH] = {0};
DWORD pID;
char ID[30] = {0};
HWND hWnd = NULL;
// 保護自身
hWnd = FindWindow(NULL, "守護者 SP1 L、QQ:1007566569");
if(hWnd != NULL)
{
GetWindowThreadProcessId(hWnd, &pID);
if (ProcessID == pID)
return TRUE;
}
for(int i=0; i<=ListMax; i++)
{
sprintf(ID, "%d", i);
GetPrivateProfileString(WindowList, ID, "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Error")!=0)
{
hWnd= FindWindow(NULL, Temp);
if (hWnd != NULL)
{
GetWindowThreadProcessId(hWnd, &pID);
if (ProcessID == pID)
return TRUE;
}
}
}
return FALSE;
}
// 讀取配置文件,獲得保護列表清單
BOOL GetFileListBool(char FileName[])
{
char Temp[MAX_PATH] = {0};
char ID[30] = {0};
GetPrivateProfileString(ShUsb, "NoWrite", "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Yes") == 0)
{
char Path[3] = {0};
Path[0] = FileName[0];
strcat(Path, ":\\");
// 如果不是固定硬盤則不允許
if( DRIVE_FIXED != GetDriveType(Path))
return TRUE;
}
for(int i=0; i<=ListMax; i++)
{
sprintf(ID, "%d", i);
GetPrivateProfileString(FileList, ID, "Error", Temp, MAX_PATH, ConfigPath);
if (strcmp(Temp, "Error")!=0)
{
if (strcmp(Temp, FileName) == 0)
{
return TRUE;
}
}
}
return FALSE;
}
/************************************************************************
* HOOK 進程列表
************************************************************************/
// 聲明函數指針指向原API
HANDLE (WINAPI *SysOpenProcess)(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId ) = OpenProcess;
BOOL (WINAPI *SysDeleteFileA)(LPCSTR lpFileName) = DeleteFileA;
BOOL (WINAPI *SysDeleteFileW)(LPCWSTR lpFileName) = DeleteFileW;
BOOL (WINAPI *SysCopyFileA)( __in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName, __in BOOL bFailIfExists ) = CopyFileA;
BOOL (WINAPI *SysCopyFileW)(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists) = CopyFileW;
BOOL (WINAPI *SysMoveFileA)(__in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName) = MoveFileA;
BOOL (WINAPI *SysMoveFileW)(__in LPCWSTR lpExistingFileName, __in LPCWSTR lpNewFileName) = MoveFileW;
HANDLE (WINAPI *SysCreateFileA)(
__in LPCSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
) = CreateFileA;
HANDLE (WINAPI *SysCreateFileW)(
__in LPCWSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile
) = CreateFileW;
BOOL (WINAPI *SysReplaceFileA)(
__in LPCSTR lpReplacedFileName,
__in LPCSTR lpReplacementFileName,
__in_opt LPCSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved
) = ReplaceFileA;
BOOL (WINAPI *SysReplaceFileW)(
__in LPCWSTR lpReplacedFileName,
__in LPCWSTR lpReplacementFileName,
__in_opt LPCWSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved
) = ReplaceFileW;
BOOL (WINAPI *SysCopyFileExA)(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags
) = CopyFileExA;
BOOL (WINAPI *SysCopyFileExW)(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags
) = CopyFileExW;
BOOL (WINAPI *SysMoveFileWithProgressA)(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags) = MoveFileWithProgressA;
BOOL (WINAPI *SysMoveFileWithProgressW)(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags
) = MoveFileWithProgressW;
int (WINAPI *SysSHFileOperationA)(LPSHFILEOPSTRUCTA lpFileOp) = SHFileOperationA;
int (WINAPI *SysSHFileOperationW)(LPSHFILEOPSTRUCTW lpFileOp) = SHFileOperationW;
/************************** MyAPI *****************************/
// HOOK 創建進程
HANDLE WINAPI MyOpenProcess( DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId )
{
if (GetWindowListBool(dwProcessId))
return NULL;
// 必須調用我們的API指針,如果調用回原來的,則又會被我們HOOK 所以會出現無限循環...
return SysOpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId);
}
// HOOK 刪除文件
BOOL WINAPI MyDeleteFileA(LPCSTR lpFileName)
{
// MessageBox(0,"MyDeleteFileA", "MyDeleteFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysDeleteFileA(lpFileName);
}
BOOL WINAPI MyDeleteFileW(LPCWSTR lpFileName)
{
// MessageBox(0,"MyDeleteFileW", "MyDeleteFileW", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0,tmp, "MyDeleteFileW", 0);
if (GetFileListBool(tmp))
return FALSE;
return SysDeleteFileW(lpFileName);
}
// HOOK 復制文件
BOOL WINAPI MyCopyFileA( __in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName, __in BOOL bFailIfExists )
{
// MessageBox(0,"MyCopyFileA", "MyCopyFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysCopyFileA(lpExistingFileName, lpNewFileName, bFailIfExists);
}
BOOL WINAPI MyCopyFileW(LPCWSTR lpExistingFileName, LPCWSTR lpNewFileName, BOOL bFailIfExists)
{
// MessageBox(0,"MyCopyFileW", "MyCopyFileW", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysCopyFileW(lpExistingFileName, lpNewFileName, bFailIfExists);
}
// HOOK 移動文件
BOOL WINAPI MyMoveFileA(__in LPCSTR lpExistingFileName, __in LPCSTR lpNewFileName)
{
// MessageBox(0,"MyMoveFileA", "MyMoveFileA", 0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileA(lpExistingFileName, lpNewFileName);
}
BOOL WINAPI MyMoveFileW(__in LPCWSTR lpExistingFileName, __in LPCWSTR lpNewFileName)
{
// MessageBox(0,"MyMoveFilew", "MyMoveFilew", 0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileW(lpExistingFileName, lpNewFileName);
}
// HOOK 創建文件
HANDLE WINAPI MyCreateFileA(
__in LPCSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition, // 打開文件方式
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile)
{
// 如果是 創建新文件 創建文件并改寫文件 不存在則創建
if ( dwCreationDisposition == CREATE_NEW || dwCreationDisposition == CREATE_ALWAYS || dwCreationDisposition == OPEN_ALWAYS )
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpFileName);
if (GetFileListBool(tmp))
return NULL;
}
return SysCreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
HANDLE WINAPI MyCreateFileW(
__in LPCWSTR lpFileName,
__in DWORD dwDesiredAccess,
__in DWORD dwShareMode,
__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,
__in DWORD dwCreationDisposition,
__in DWORD dwFlagsAndAttributes,
__in_opt HANDLE hTemplateFile)
{
// 如果是 創建新文件 創建文件并改寫文件 不存在則創建
if ( dwCreationDisposition == CREATE_NEW || dwCreationDisposition == CREATE_ALWAYS || dwCreationDisposition == OPEN_ALWAYS )
{
char tmp[MAX_PATH] = {0};
WCharToMByte(lpFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return NULL;
}
return SysCreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
BOOL WINAPI MyCopyFileExA(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags)
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
MessageBox(0,tmp, "CopyFileExA", 0);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpNewFileName);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
return SysCopyFileExA(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);
}
BOOL WINAPI MyCopyFileExW(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in_opt LPBOOL pbCancel,
__in DWORD dwCopyFlags)
{
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpNewFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0,tmp, "CopyFileExW 2 ",0);
// MessageBoxW(0, lpExistingFileName, lpNewFileName,0);
if (GetFileListBool(tmp))
return PROGRESS_CONTINUE;
return SysCopyFileExW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, pbCancel, dwCopyFlags);
}
BOOL WINAPI MyReplaceFileA(
__in LPCSTR lpReplacedFileName,
__in LPCSTR lpReplacementFileName,
__in_opt LPCSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved)
{
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpReplacedFileName);
// MessageBox(0,tmp, "ReplaceFileW",0);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpReplacementFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysReplaceFileA(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
BOOL WINAPI MyReplaceFileW(
__in LPCWSTR lpReplacedFileName,
__in LPCWSTR lpReplacementFileName,
__in_opt LPCWSTR lpBackupFileName,
__in DWORD dwReplaceFlags,
__reserved LPVOID lpExclude,
__reserved LPVOID lpReserved )
{
// MessageBox(0,"ssssssssss", "ReplaceFileW",0);
char tmp[MAX_PATH] = {0};
// MessageBox(0, tmp, "MyReplaceFileW",0);
// MessageBox(0,tmp, "ReplaceFileW",0);
WCharToMByte(lpReplacedFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpReplacementFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysReplaceFileW(lpReplacedFileName, lpReplacementFileName, lpBackupFileName, dwReplaceFlags, lpExclude, lpReserved);
}
BOOL WINAPI MyMoveFileWithProgressA(
__in LPCSTR lpExistingFileName,
__in LPCSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags)
{
// MessageBox(0,"s", "MoveFileWithProgressA",0);
char tmp[MAX_PATH] = {0};
strcpy(tmp, lpExistingFileName);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpNewFileName);
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileWithProgressA(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, dwFlags);
}
BOOL WINAPI MyMoveFileWithProgressW(
__in LPCWSTR lpExistingFileName,
__in LPCWSTR lpNewFileName,
__in_opt LPPROGRESS_ROUTINE lpProgressRoutine,
__in_opt LPVOID lpData,
__in DWORD dwFlags)
{
// MessageBox(0,"ss", "MoveFileWithProgressW",0);
char tmp[MAX_PATH] = {0};
WCharToMByte(lpExistingFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
// MessageBox(0, tmp, "MoveFileWithProgressW",0);
if (GetFileListBool(tmp))
return FALSE;
memset(tmp, 0, sizeof(tmp));
WCharToMByte(lpNewFileName, tmp,sizeof(tmp)/sizeof(tmp[0]));
if (GetFileListBool(tmp))
return FALSE;
return SysMoveFileWithProgressW(lpExistingFileName, lpNewFileName, lpProgressRoutine, lpData, dwFlags);
}
int WINAPI MySHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp)
{
/* char tmp[MAX_PATH*1024] = {0};
strcpy(tmp, lpFileOp->pFrom);
// 如果是多個文件
if (FOF_MULTIDESTFILES == lpFileOp->fFlags)
{
if (GetFileListBool(1, tmp))
return 1;
}
else
{
if (GetFileListBool(tmp))
return 1;
}
memset(tmp, 0, sizeof(tmp));
strcpy(tmp, lpFileOp->pTo);
if (GetFileListBool(tmp))
return 1;
*/
return SysSHFileOperationA(lpFileOp);
}
int WINAPI MySHFileOperationW(LPSHFILEOPSTRUCTW lpFileOp)
{/*
// char tmp[MAX_PATH*1024] = {0};
DWORD dwNum;
dwNum= WideCharToMultiByte(CP_OEMCP,NULL,lpFileOp->pFrom,-1,NULL,0,NULL,FALSE);
WCHAR* tmp = new char[dwNum];
wcscpy(tmp, lpFileOp->pFrom);
// MessageBoxA(0, tmp, "SS", 0);
// wcstombs(tmp, lpFileOp->pFrom, sizeof(tmp));
// 如果是多個文件
if (FOF_MULTIDESTFILES == lpFileOp->fFlags)
{
if (GetFileListBool(1, tmp))
return TRUE;
}
else
{
if (GetFileListBool(0, tmp))
return TRUE;
}
/* memset(tmp, 0, sizeof(tmp));
wcstombs(tmp, lpFileOp->pTo, sizeof(tmp));
if (GetFileListBool(tmp))
return TRUE;
*/
return SysSHFileOperationW(lpFileOp);
}
Core.cpp
========================================================================================
#include "stdafx.h"
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
#pragma comment(linker,"/OPT:NOWIN98")
#include<shellapi.h>
#include <TLHELP32.H>
#include <Psapi.h>
#pragma comment (lib, "Psapi.lib")
char ConfigPath[MAX_PATH] = {0};
#include "..\守護者\Cmd.h"
#include "HookAPI.h"
HINSTANCE g_hInst;
HHOOK HookAPI = NULL;
BOOL AddHOOKAPI()
{
// 在這兩件事做完以后,detour函數才是真正地附著到目標函數上
DetourTransactionBegin(); // 對detours進行初始化.
DetourUpdateThread(GetCurrentThread()); // 更新進行detours的線程
// 參數原有的API ,接管的API
// 掛鉤API HOOK 列表
// 打開進程
DetourAttach(&(PVOID&)SysOpenProcess, MyOpenProcess);
// 刪除文件
DetourAttach(&(PVOID&)SysDeleteFileA, MyDeleteFileA);
DetourAttach(&(PVOID&)SysDeleteFileW, MyDeleteFileW);
// 復制文件
DetourAttach(&(PVOID&)SysCopyFileA, MyCopyFileA);
DetourAttach(&(PVOID&)SysCopyFileW, MyCopyFileW);
// 移動文件
DetourAttach(&(PVOID&)SysMoveFileA, MyMoveFileA);
DetourAttach(&(PVOID&)SysMoveFileW, MyMoveFileW);
// 創建、打開文件
DetourAttach(&(PVOID&)SysCreateFileA, MyCreateFileA);
DetourAttach(&(PVOID&)SysCreateFileW, MyCreateFileW);
// 復制文件
DetourAttach(&(PVOID&)SysCopyFileExA, MyCopyFileExA);
DetourAttach(&(PVOID&)SysCopyFileExW, MyCopyFileExW);
// 覆蓋文件
DetourAttach(&(PVOID&)SysReplaceFileA, MyReplaceFileA);
DetourAttach(&(PVOID&)SysReplaceFileW, MyReplaceFileW);
// 移動文件
DetourAttach(&(PVOID&)SysMoveFileWithProgressA, MyMoveFileWithProgressA);
DetourAttach(&(PVOID&)SysMoveFileWithProgressW, MyMoveFileWithProgressW);
// 復制、移動、刪除文件
// DetourAttach(&(PVOID&)SysSHFileOperationA, MySHFileOperationA);
// DetourAttach(&(PVOID&)SysSHFileOperationW, MySHFileOperationW);
if(DetourTransactionCommit() != NO_ERROR) // 啟用并檢查啟用是否成功
return FALSE;
return TRUE;
}
BOOL DelHOOKAPI()
{
DetourTransactionBegin();
DetourDetach(&(PVOID&)SysOpenProcess, MyOpenProcess);
DetourDetach(&(PVOID&)SysDeleteFileA, MyDeleteFileA);
DetourDetach(&(PVOID&)SysDeleteFileW, MyDeleteFileW);
DetourDetach(&(PVOID&)SysCopyFileA, MyCopyFileA);
DetourDetach(&(PVOID&)SysCopyFileW, MyCopyFileW);
DetourDetach(&(PVOID&)SysMoveFileA, MyMoveFileA);
DetourDetach(&(PVOID&)SysMoveFileW, MyMoveFileW);
DetourDetach(&(PVOID&)SysCreateFileA, MyCreateFileA);
DetourDetach(&(PVOID&)SysCreateFileW, MyCreateFileW);
DetourDetach(&(PVOID&)SysCopyFileExA, MyCopyFileExA);
DetourDetach(&(PVOID&)SysCopyFileExW, MyCopyFileExW);
DetourDetach(&(PVOID&)SysReplaceFileA, MyReplaceFileA);
DetourDetach(&(PVOID&)SysReplaceFileW, MyReplaceFileW);
DetourDetach(&(PVOID&)SysMoveFileWithProgressA, MyMoveFileWithProgressA);
DetourDetach(&(PVOID&)SysMoveFileWithProgressW, MyMoveFileWithProgressW);
// DetourDetach(&(PVOID&)SysSHFileOperationA, MySHFileOperationA);
// DetourDetach(&(PVOID&)SysSHFileOperationW, MySHFileOperationW);
if(DetourTransactionCommit() != NO_ERROR) // 啟用并檢查啟用是否成功
return FALSE;
return TRUE;
}
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, // handle to the DLL module
DWORD fdwReason, // reason for calling function
LPVOID lpvReserved // reserved
)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hInst = hinstDLL;
GetWindowsDirectory(ConfigPath, MAX_PATH);
strcat(ConfigPath, IniFile);
AddHOOKAPI();
break;
case DLL_PROCESS_DETACH:
DelHOOKAPI();
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK GetMsgProc(int nCode, WPARAM wParam, LPARAM lParam)
{
// 不做任何操作 只為讓所有進程加載DLL
return CallNextHookEx(HookAPI, nCode, wParam, lParam);
}
BOOL StartHOOKAPI()
{
if (HookAPI == NULL )
{
// 安裝鉤子
HookAPI = SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)GetMsgProc, g_hInst,0 );
}
if (HookAPI == NULL)
{
return FALSE;
}
return TRUE;
}
BOOL TingHOOKAPI()
{
// DelHOOKAPI();
BOOL bResult=FALSE;
if(HookAPI)
{
// 卸載鉤子
bResult= UnhookWindowsHookEx(HookAPI);
if(bResult)
{
HookAPI=NULL;
return TRUE;
}
}
return FALSE;
}
|
QQ好友和群
QQ空間
騰訊微博
騰訊朋友
收藏
淘帖
頂
踩
