mhook v2.4

016890

Mhook是个免费的hook库与微软的Detours差不多不多不过免费的Detours仅支持x86,而mhook支持x86和x64,而且使用更简单,看示例代码

//=========================================================================
#include “stdafx.h”
#include “mhook.h”

//=========================================================================
// Define _NtOpenProcess so we can dynamically bind to the function
//
typedefULONG (WINAPI* _NtOpenProcess)(OUT PHANDLE ProcessHandle,
IN ACCESS_MASK AccessMask, IN PVOID ObjectAttributes,
IN PCLIENT_ID ClientId );

//=========================================================================
// Get the current (original) address to the function to be hooked
//
_NtOpenProcess TrueNtOpenProcess = (_NtOpenProcess)
GetProcAddress(GetModuleHandle(L“ntdll”), “NtOpenProcess”);

//=========================================================================
// This is the function that will replace NtOpenProcess once the hook
// is in place
//
ULONG  WINAPI MyNtOpenProcess(OUT PHANDLE ProcessHandle,
IN ACCESS_MASK AccessMask,
IN PVOID ObjectAttributes,
IN PCLIENT_ID ClientId )

{
// do any processing here if needed
// …
// punt the call to the the OS in the end
returnTrueNtOpenProcess(ProcessHandle, AccessMask,
ObjectAttributes, ClientId);

}

//=========================================================================
// This is how you go about putting the hook in place. When you’re done,
// any calls to NtOpenProcess will be redirected to MyNtOpenProcess.

// If you need to access the original, unmodified API, call
// TrueNtOpenProcess from your code, just like the hook function above does.
//
BOOL WINAPI SetHooksAndDoWork () {

BOOL bHook = Mhook_SetHook((PVOID*)&TrueNtOpenProcess,
MyNtOpenProcess));

// Minimalist error handling
if(!bHook)returnFALSE;

// … any calls to NtOpenProcess within this process are now

// rerouted to MyNtOpenProcess.

// For example, this call will end up in our hook function since
// kernel32!OpenProcess just calls ntdll!NtOpenProcess internally
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE,

GetCurrentProcessId());

// …

// This call will bypass the hook:
// (parameter initialization omitted for brevity)
TrueNtOpenProcess(&hProc, &accessMask, &objAttrs, &clientId);

// …

// Remove the hook when we’re done.
returnMhook_Unhook((PVOID*)&TrueNtOpenProcess);

}

//=========================================================================

下载地址:https://AllRes.ctfile.com/dir/4028457-28708812-c396ba/

© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
源码
# C++# lib# 库# apihook# hook# mhook
喜欢就支持一下吧
点赞0 分享
admin的头像-乐在此
WinRAR 6.0.2 简体中文特别版(x86&x64)-乐在此
WinRAR 6.0.2 简体中文特别版(x86&x64)
WinRAR 6.0.2 简体中文特别版(x86&x64)
4年前 2300
乐在此–菜鸟破解教程(第二课)-乐在此
乐在此–菜鸟破解教程(第二课)
乐在此–菜鸟破解教程(第二课)
9年前 1873
CCleaner Professional v5.75.8238 绿色版-乐在此
CCleaner Professional v5.75.8238 绿色版
CCleaner Professional v5.75.8238 绿色版
5年前 1743
minhook v1.33-乐在此
minhook v1.33
minhook v1.33
8年前 1452
民调局异闻录全集txt下载-乐在此
民调局异闻录全集txt下载
民调局异闻录全集txt下载
10年前 909
RakNet 免费高性能的UDP网络通讯库-乐在此
RakNet 免费高性能的UDP网络通讯库
RakNet 免费高性能的UDP网络通讯库
9年前 630
相关推荐
C#代理网络通信控件支持SOCKS4/5 — ProxyClient for .NET-乐在此
C#代理网络通信控件支持SOCKS4/5 — ProxyClient for .NET
C#代理网络通信控件支持SOCKS4/5 — ProxyClient for .NET
7年前 2197
Detours v4.01 微软hook框架-乐在此
Detours v4.01 微软hook框架
Detours v4.01 微软hook框架
7年前 1975
mhook v2.4-乐在此
mhook v2.4
mhook v2.4
7年前 1689
minhook v1.33-乐在此
minhook v1.33
minhook v1.33
8年前 1452
winpcap for delphi-乐在此
winpcap for delphi
winpcap for delphi
8年前 733
RakNet 免费高性能的UDP网络通讯库-乐在此
RakNet 免费高性能的UDP网络通讯库
RakNet 免费高性能的UDP网络通讯库
9年前 630
评论 抢沙发

请登录后发表评论

    暂无评论内容