使用纯托管代码的挂钩API
使用纯托管代码的挂钩API
提问于 2014-03-05 19:40:54
我在想,如何才能在不使用EasyHook或类似库的C++库的情况下,将应用程序接口与C#或VB.Net挂钩。我喜欢学习这篇文章的目的并不是恶意的,只是为了获得更多的经验,并找到.net可能的局限性。假设我喜欢挂接MessageBoxA应用程序接口。我首先通过导入System.Runtime.InterropServices导入它,然后为user32.dll中的MessageBoxA应用程序接口调用添加PInvoke符号
<DllImport("user32.dll", EntryPoint:="MessageBoxW",
SetLastError:=True, Charset:=Charset.Unicode)>
Public Function MessageBox(
hwnd As IntPtr,
<MarshalAs(UnmanagedType.LPTSTR)>ByVal lpText As String,
<MarshalAs(UnmanagedType.LPTSTR)>ByVal lpCaption As String,
<MarshalAs(UnmanagedType.U4)>ByVal uType As MessageBoxOptions
) As <MarshalAs(UnmanagedType.U4)>MessageBoxResult
End Function我现在基本上喜欢挂接每个进程,它调用MessageBoxA API来获取普通文本,但是使用钩子,我喜欢在messageBox文本的末尾附加“钩子”。一位对.net非常有经验的朋友,不幸的是忙着帮我,告诉我绝对可以做到这一点。步骤是,首先我需要dll (库)中的实际挂钩函数,稍后我将把它注入进程中,然后我需要确定它是本机进程还是托管进程。如果它是托管的,那么没有问题,但如果它是本机进程,我需要一个加载器。本机进程没有加载.net,所以我需要先手动加载它,然后再注入dll。
然后,我需要将指向.net方法的指针作为指针获取,以便知道钩子应该指向的地址,然后可以使用GetProcessAdress和LoadLibraryA获取指向该方法的指针。我想在API开头写的JMP可以通过WriteProcessMemory实现。谁能告诉我如何在上面提到的简单示例中实现这一点,方法是挂钩messagebox api,并在调用之前向其追加一些文本。
=)
回答 1
Stack Overflow用户
发布于 2014-03-05 23:41:54
我不确定这是否是你要找的东西,但这就是我连接鼠标的方式。也许它能帮你找出其他的钩子。
Public Class MouseDetector
Public Event MouseLeftButtonClick(ByVal sender As Object, ByVal e As MouseEventArgs)
Public Event MouseRightButtonClick(ByVal sender As Object, ByVal e As MouseEventArgs)
Private Delegate Function MouseHookCallback(ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As IntPtr) As Integer
Private MouseHookCallbackDelegate As MouseHookCallback
Private MouseHookID As Integer
Public Sub New()
If MouseHookID = 0 Then
MouseHookCallbackDelegate = AddressOf MouseHookProc
MouseHookID = SetWindowsHookEx(CInt(14), MouseHookCallbackDelegate, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly.GetModules()(0)), 0)
If MouseHookID = 0 Then
'error
End If
End If
End Sub
Public Sub Dispose()
If Not MouseHookID = -1 Then
UnhookWindowsHookEx(MouseHookID)
MouseHookCallbackDelegate = Nothing
End If
MouseHookID = -1
End Sub
Private Enum MouseMessages
WM_LeftButtonDown = 513
WM_LeftButtonUp = 514
WM_LeftDblClick = 515
WM_RightButtonDown = 516
WM_RightButtonUp = 517
WM_RightDblClick = 518
End Enum
<StructLayout(LayoutKind.Sequential)> Private Structure Point
Public x As Integer
Public y As Integer
End Structure
<StructLayout(LayoutKind.Sequential)> Private Structure MouseHookStruct
Public pt As Point
Public hwnd As Integer
Public wHitTestCode As Integer
Public dwExtraInfo As Integer
End Structure
<DllImport("user32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall)> _
Private Shared Function CallNextHookEx(ByVal idHook As Integer, ByVal nCode As Integer, ByVal wParam As IntPtr, ByVal lParam As IntPtr) As Integer
End Function
<DllImport("User32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall, SetLastError:=True)> _
Private Shared Function SetWindowsHookEx(ByVal idHook As Integer, ByVal HookProc As MouseHookCallback, ByVal hInstance As IntPtr, ByVal wParam As Integer) As Integer
End Function
<DllImport("user32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall, SetLastError:=True)> _
Private Shared Function UnhookWindowsHookEx(ByVal idHook As Integer) As Integer
End Function
Private Function MouseHookProc(ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As IntPtr) As Integer
If nCode < 0 Then
Return CallNextHookEx(MouseHookID, nCode, wParam, lParam)
End If
Dim MouseData As MouseHookStruct = Marshal.PtrToStructure(lParam, GetType(MouseHookStruct))
Select Case wParam
Case MouseMessages.WM_LeftButtonUp
RaiseEvent MouseLeftButtonClick(Nothing, New MouseEventArgs(MouseButtons.Left, 1, MouseData.pt.x, MouseData.pt.y, 0))
Case MouseMessages.WM_RightButtonUp
RaiseEvent MouseRightButtonClick(Nothing, New MouseEventArgs(MouseButtons.Right, 1, MouseData.pt.x, MouseData.pt.y, 0))
End Select
Return CallNextHookEx(MouseHookID, nCode, wParam, lParam)
End Function
End Class
Private Sub MouseDetector_MouseLeftButtonClick(ByVal sender As Object, ByVal e As System.Windows.Forms.MouseEventArgs) Handles MouseDetector.MouseLeftButtonClick
'MessageBox.Show("left")
End Sub页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/22196706
复制相关文章
相似问题
腾讯云开发者
