一個簡單的HOOK API的DLL

#include "Windows.h"
#include "process.h"
#include "tlhelp32.h"
#include "stdio.h"

#pragma comment(lib,"th32.lib")

PIMAGE_DOS_HEADER pDOSHeader;
PIMAGE_NT_HEADERS pNTHeaders;
PIMAGE_OPTIONAL_HEADER    pOptHeader;
PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
PIMAGE_THUNK_DATA        pThunkData;
PIMAGE_IMPORT_BY_NAME    pImportByName;
HMODULE hMod;


// 定義MessageBoxA函數原型
typedef int (WINAPI *PFNMESSAGEBOX)(HWND, LPCSTR, LPCSTR, UINT uType);
int WINAPI MessageBoxProxy(IN HWND hWnd, IN LPCSTR lpText, IN LPCSTR lpCaption, IN UINT uType);

int * addr

lass="pun">= (int *)MessageBoxA;     //保存函數的入口地址
int * myaddr = (int *)MessageBoxProxy;


void ThreadProc(void *param);//線程函數

//---------------------------主函數開始

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWord fdwReason,LPVOID lpvReserved)
{
    if(fdwReason==DLL_PROCESS_ATTACH)     
           _beginthread(ThreadProc,0,NULL);     

    return TRUE;
}

//結束進程的函數

void ThreadProc(void *param)
{
    //------------hook api----------------
     hMod = GetModuleHandle(NULL);//當前進程空間的模塊句柄

     pDosHeader = (PIMAGE_DOS_HEADER)hMod;
     pNTHeaders = (PIMAGE_NT_HEADERS)((BYTE *)hMod + pDOSHeader->e_lfanew);
     pOptHeader = (PIMAGE_OPTIONAL_HEADER)&(pNTHeaders->OptionalHeader);
     pImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)((BYTE *)hMod + pOptHeader

>->DataDirectory[1].VirtualAddress);

    while(pImportDescriptor->FirstThunk)
    {
          char * dllname = (char *)((BYTE *)hMod + pImportDescriptor->Name);

           pThunkData = (PIMAGE_THUNK_DATA)((BYTE *)hMod + pImportDescriptor->OriginalFirstThunk);

          int no = 1;
          while(pThunkData->u1.Function)
          {
                char * funname = (char *)((BYTE *)hMod + (DWord)pThunkData->u1.AddressOfData + 2);
                 PDWORD lpAddr = (DWORD *)((BYTE *)hMod + (DWord)pImportDescriptor->FirstThunk) +(no-1);
          
                //修改內存的部分
                if((*lpAddr) == <span class="pun">(int)addr)
                {
                    //修改內存頁的屬性
                     DWord dwOLD;
                     MEMORY_BASIC_INFORMATION mbi;
                    VirtualQuery(lpAddr,&mbi,sizeof(mbi));
                    VirtualProtect(lpAddr,sizeof(DWord),PAGE_READWRITE,&dwOLD);
                    
                    WriteProcessMemory(GetCurrentProcess(),
     &nbsp;                           lpAddr, &myaddr, sizeof(DWord), NULL);
                    //恢復內存頁的屬性
            VirtualProtect(lpAddr,sizeof(DWord),dwOLD,0);
                }
                 no++;
                 pThunkData++;
          }

           pImportDescriptor++;
    }
}

//自己定義的方法
int WINAPI MessageBoxProxy(IN HWND hWnd,

IN LPCSTR lpText, IN LPCSTR lpCaption, IN UINT uType)
{
    return       ((PFNMESSAGEBOX)addr)(NULL, "gxter_test", "gxter_title", 0);
    //可以寫代碼進程其它操作
}