Skip to content

Instantly share code, notes, and snippets.

@kumatti1

kumatti1/hoge.cpp

Created November 28, 2015 22:39
Show Gist options
  • Save kumatti1/3534bf78ed67941d7bed to your computer and use it in GitHub Desktop.
Save kumatti1/3534bf78ed67941d7bed to your computer and use it in GitHub Desktop.
Download ZIP
APIフック?
Raw
hoge.cpp
#define UNICODE
#include <stdio.h>
#include <windows.h>
typedef FARPROC (WINAPI *DelayLoadFailureHook)
( _In_ LPCSTR pszDllName,
_In_ LPCSTR pszProcName
);
typedef PVOID (WINAPI *ResolveDelayLoadedAPI)
( _In_ PVOID ParentModuleBase,
_In_ void* DelayloadDescriptor,
_In_opt_ void* FailureDllHook,
_In_opt_ void* FailureSystemHook,
_Out_ PIMAGE_THUNK_DATA ThunkAddress,
_Reserved_ ULONG Flags
);
int WINAPI Hook_MessageBox(
_In_opt_ HWND hWnd,
_In_opt_ LPCTSTR lpText,
_In_opt_ LPCTSTR lpCaption,
_In_ UINT uType
)
{
return 0;
}
void hoge()
{
HMODULE hDll = GetModuleHandleW(L"user32.dll");
FARPROC proc = GetProcAddress(hDll, "MessageBoxW");
HMODULE hDll2 = LoadLibraryW(L"api-ms-win-core-delayload-l1-1-1.dll");
FARPROC proc2 = GetProcAddress(hDll2, "DelayLoadFailureHook");
FARPROC proc3 = GetProcAddress(hDll2, "ResolveDelayLoadedAPI");
DelayLoadFailureHook p_DelayLoadFailureHook =(DelayLoadFailureHook)proc2;
ResolveDelayLoadedAPI p_ResolveDelayLoadedAPI =(ResolveDelayLoadedAPI)proc3;
IMAGE_THUNK_DATA st = {0};
st.u1.AddressOfData = (DWORD)proc;
void* ptr = p_ResolveDelayLoadedAPI(GetModuleHandleW(nullptr), hDll, 0, p_DelayLoadFailureHook, &st, 0);
char Buf[50];
sprintf(Buf,"%x", ptr);
MessageBoxA(0,Buf, "", MB_OK);
FreeLibrary(hDll2);
}
int CALLBACK WinMain(
_In_ HINSTANCE hInstance,
_In_ HINSTANCE hPrevInstance,
_In_ LPSTR lpCmdLine,
_In_ int nCmdShow
)
{
hoge();
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment