热门标签
热门文章
- 1uniapp打包安卓app,获取app的权限数据,并弹窗提示设置app权限_uniapp 权限提示框上的内容安卓
- 2muduo库base源码分析二 (原子性操作AtomicIntegerT类封装)_#if !defined(ndebug) && !defined(google_protobuf_n
- 3Python对中国电信消费者特征预测:随机森林、朴素贝叶斯、神经网络、最近邻分类、逻辑回归、支持向量回归(SVR)...
- 4Fontawesome字体使用说明及其常用效果语法
- 5常见凭证获取方法_kiwi获取密码
- 6玩转k8s:yaml介绍
- 7什么是AB实验?能解决什么问题?终于有人讲明白了
- 8selenium之qq邮箱登录-发邮件_selenium登录qq邮箱
- 9Leetcode刷题 - task2 - 字符串与字符串匹配(5 天)_任意给定一个模式字符串pattern,和一个字符串str,返回str中被pattern匹配的部分,
- 102023年十篇具有影响力的人工智能研究论文
当前位置: article > 正文
导入表注入(iathook)
作者:算法优化者 | 2024-02-04 00:09:23
赞
踩
导入表注入(iathook)
头文件(hookMain.h)内容
- #pragma once
- #include<Windows.h>
-
- DWORD* g_iatAddr = NULL;
- DWORD* g_unHookAddr = NULL;
-
- BOOL InstallHook(); //安装钩子
- BOOL UninstallHook(); //卸载钩子
- DWORD* GetIatAddr(const char* dllName, const char* dllFuncName);
源文件(iatHookMain.cpp)内容
- #include "hookMain.h"
-
- int WINAPI HookMessageBoxW( //必须指定调用约定,否则注入时会弹错误窗口
- HWND hWnd,
- LPCWSTR lpText,
- LPCWSTR lpCaption,
- UINT uType
- )
- {
- int result = MessageBoxA(0, "51hook", "提示", MB_OK);
- return result;
- }
-
- BOOL InstallHook() //安装钩子
- {
- DWORD dwOldProtect = 0;
- VirtualProtect(g_iatAddr, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
- *g_iatAddr = (DWORD)HookMessageBoxW;
- VirtualProtect(g_iatAddr, 4, dwOldProtect, &dwOldProtect);
- return TRUE;
- }
-
- BOOL UninstallHook() //卸载钩子
- {
- DWORD dwOldProtect = 0;
- VirtualProtect(g_iatAddr, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
- *g_iatAddr = (DWORD)g_unHookAddr;
- VirtualProtect(g_iatAddr, 4, dwOldProtect, &dwOldProtect);
- return TRUE;
- }
-
- DWORD* GetIatAddr(const char* dllName, const char* dllFuncName)
- {
- HMODULE hModule = GetModuleHandleA(0); //获取当前进程exe文件模块句柄
- DWORD dwhModule = (DWORD)hModule;
-
- PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule; //获取dos头
- PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)(pDosHeader->e_lfanew + dwhModule); //获取NT头
- PIMAGE_OPTIONAL_HEADER pOptionHeader = &pNtHeader->OptionalHeader; //获取可选PE头
- IMAGE_DATA_DIRECTORY dataDirectory = pOptionHeader->DataDirectory[1]; //获取数据目录表
- PIMAGE_IMPORT_DESCRIPTOR pImageImportTable = (PIMAGE_IMPORT_DESCRIPTOR)(
- dataDirectory.VirtualAddress + dwhModule); //获取导入表
- while (pImageImportTable->Name) // 遍历导入表获取符合条件的函数
- {
- char* iatDllName = (char*)(pImageImportTable->Name + dwhModule);
- if (_stricmp(iatDllName, dllName) == 0)
- {
- PIMAGE_THUNK_DATA pInt = (PIMAGE_THUNK_DATA)(pImageImportTable->OriginalFirstThunk
- + dwhModule); //获取导入名称表
- PIMAGE_THUNK_DATA pIat = (PIMAGE_THUNK_DATA)(pImageImportTable->FirstThunk
- + dwhModule); //获取导入地址表
-
- while (pInt->u1.Function)
- {
- if ((pInt->u1.Ordinal & 0x8000000) == 0)
- {
- PIMAGE_IMPORT_BY_NAME pImportName = (PIMAGE_IMPORT_BY_NAME)(pInt->u1.Function + dwhModule);
- if (_stricmp(pImportName->Name, dllFuncName) == 0)
- {
- return (DWORD*)pIat;
- }
- }
- ++pInt;
- }
-
- }
-
- ++pImageImportTable;
- }
- return NULL;
- }
-
-
- BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD callReason, LPVOID lpReservered)
- {
- if (callReason == DLL_PROCESS_ATTACH)
- {
- /**
- * 1 获取iat表
- * 2 保存要hook的函数地址
- * 3 安装钩子
- */
- g_iatAddr = GetIatAddr("user32.dll", "MessageBoxW");
- g_unHookAddr = (DWORD*)* g_iatAddr;
- InstallHook();
- }
- else if (callReason == DLL_PROCESS_DETACH)
- {
- UninstallHook();
- }
- return TRUE;
- }
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/article/detail/58472
推荐阅读
相关标签
