Created
November 28, 2015 22:39
-
-
Save kumatti1/3534bf78ed67941d7bed to your computer and use it in GitHub Desktop.
APIフック?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define UNICODE | |
#include <stdio.h> | |
#include <windows.h> | |
typedef FARPROC (WINAPI *DelayLoadFailureHook) | |
( _In_ LPCSTR pszDllName, | |
_In_ LPCSTR pszProcName | |
); | |
typedef PVOID (WINAPI *ResolveDelayLoadedAPI) | |
( _In_ PVOID ParentModuleBase, | |
_In_ void* DelayloadDescriptor, | |
_In_opt_ void* FailureDllHook, | |
_In_opt_ void* FailureSystemHook, | |
_Out_ PIMAGE_THUNK_DATA ThunkAddress, | |
_Reserved_ ULONG Flags | |
); | |
int WINAPI Hook_MessageBox( | |
_In_opt_ HWND hWnd, | |
_In_opt_ LPCTSTR lpText, | |
_In_opt_ LPCTSTR lpCaption, | |
_In_ UINT uType | |
) | |
{ | |
return 0; | |
} | |
void hoge() | |
{ | |
HMODULE hDll = GetModuleHandleW(L"user32.dll"); | |
FARPROC proc = GetProcAddress(hDll, "MessageBoxW"); | |
HMODULE hDll2 = LoadLibraryW(L"api-ms-win-core-delayload-l1-1-1.dll"); | |
FARPROC proc2 = GetProcAddress(hDll2, "DelayLoadFailureHook"); | |
FARPROC proc3 = GetProcAddress(hDll2, "ResolveDelayLoadedAPI"); | |
DelayLoadFailureHook p_DelayLoadFailureHook =(DelayLoadFailureHook)proc2; | |
ResolveDelayLoadedAPI p_ResolveDelayLoadedAPI =(ResolveDelayLoadedAPI)proc3; | |
IMAGE_THUNK_DATA st = {0}; | |
st.u1.AddressOfData = (DWORD)proc; | |
void* ptr = p_ResolveDelayLoadedAPI(GetModuleHandleW(nullptr), hDll, 0, p_DelayLoadFailureHook, &st, 0); | |
char Buf[50]; | |
sprintf(Buf,"%x", ptr); | |
MessageBoxA(0,Buf, "", MB_OK); | |
FreeLibrary(hDll2); | |
} | |
int CALLBACK WinMain( | |
_In_ HINSTANCE hInstance, | |
_In_ HINSTANCE hPrevInstance, | |
_In_ LPSTR lpCmdLine, | |
_In_ int nCmdShow | |
) | |
{ | |
hoge(); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment