第1页 / 共7页
第2页 / 共7页
第3页 / 共7页
第4页 / 共7页
第5页 / 共7页
第6页 / 共7页
第7页 / 共7页
Easyhook示例教程.doc
EasyHook 的使用教程网上几乎没有,找了好久最后只好自己爬官
网了,本教程包含两部份示例源码,收集来源官方网站。
1-安装本地钩子使用
2 -安装一个远程钩子使用
使用前将 DLL 放入工程目录,包含库文件
#include
#if _WIN64
#pragma comment(lib, "EasyHook64.lib")
#else
#pragma comment(lib, "EasyHook32.lib")
#endif
Easyhook dll 库(非源码)下载地址: http://download.csdn.net/detail/xhz2012/9870265
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
EasyHook -安装本地钩子使用
#include
#include
#include
#include
using namespace std;
BOOL WINAPI myBeepHook(DWORD dwFreq, DWORD dwDuration);
BOOL WINAPI myBeepHook(DWORD dwFreq, DWORD dwDuration)
{
cout << "\n****All your beeps belong to us!\n\n";
return Beep(dwFreq + 800, dwDuration);
}
int _tmain(int argc, _TCHAR* argv[])
{
HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook
cout << "\n";
cout << GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep");
// Install the hook
NTSTATUS result = LhInstallHook(
GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"),
myBeepHook,
NULL,
&hHook);
if (FAILED(result))
{
wstring s(RtlGetLastErrorString());
wcout << "Failed to install hook: ";
wcout << s;
cout << "\n\nPress any key to exit.";
cin.get();
return -1;
}
cout << "Beep after hook installed but not enabled.\n";
Beep(500, 500);
cout << "Activating hook for current thread only.\n";
// If the threadId in the ACL is set to 0,
// then internally EasyHook uses GetCurrentThreadId()
ULONG ACLEntries[1] = { 0 };
LhSetInclusiveACL(ACLEntries, 1, &hHook);
cout << "Beep after hook enabled.\n";
Beep(500, 500);
cout << "Uninstall hook\n";
LhUninstallHook(&hHook);
cout << "Beep after hook uninstalled\n";
Beep(500, 500);
cout << "\n\nRestore ALL entry points of pending removals issued by LhUninstallHook()\n";
LhWaitForPendingRemovals();
cout << "Press any key to exit.";
cin.get();
return 0;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
EasyHook -安装一个远程钩子使用
//目标应用程序代码
#include
#include
#include
int _tmain(int argc, _TCHAR* argv[])
{
std::string value;
while (true)
{
// Output the current process Id
HANDLE currentThread = GetCurrentThread();
std::cout << "Target.exe process id: ";
std::cout << GetProcessIdOfThread(currentThread);
std::cout << "\n";
CloseHandle(currentThread);
std::cout << "Press to Beep (Ctrl-C to exit): ";
std::getline(std::cin, value);
Beep(500, 500);
}
return 0;
}
//注入程序代码
#include
#include
#include
#include
int _tmain(int argc, _TCHAR* argv[])
{
DWORD processId;
std::wcout << "Enter the target process Id: ";
std::cin >> processId;
DWORD freqOffset = 0;
std::cout << "Enter a frequency offset in hertz (e.g. 800): ";
std::cin >> freqOffset;
WCHAR* dllToInject = L"..\\Debug\\BeepHook.dll";
wprintf(L"Attempting to inject: %s\n\n", dllToInject);
// Inject dllToInject into the target process Id, passing
// freqOffset as the pass through data.
NTSTATUS nt = RhInjectLibrary(
// The process to inject into
// ThreadId to wake up upon injection
processId,
0,
EASYHOOK_INJECT_DEFAULT,
dllToInject, // 32-bit
NULL,
&freqOffset, // data to send to injected DLL entry point
sizeof(DWORD)// size of data to send
// 64-bit not provided
);
if (nt != 0)
{
printf("RhInjectLibrary failed with error code = %d\n", nt);
PWCHAR err = RtlGetLastErrorString();
std::wcout << err << "\n";
std::wcout << L"Library injected successfully.\n";
}
else
{
}
std::wcout << "Press Enter to exit";
std::wstring input;
std::getline(std::wcin, input);
std::getline(std::wcin, input);
return 0;
}
//钩子 DLL 代码
新建一个 WIN32 DLL 选项如图:
#include
#include
#include
#include
DWORD gFreqOffset = 0;
BOOL WINAPI myBeepHook(DWORD dwFreq, DWORD dwDuration)
{
std::cout << "\n
return Beep(dwFreq + gFreqOffset, dwDuration);
BeepHook: ****All your beeps belong to us!\n\n";
}
// EasyHook will be looking for this export to support DLL injection. If not found then
// DLL injection will fail.
extern
NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo);
__declspec(dllexport)
void
"C"
__stdcall
void __stdcall NativeInjectionEntryPoint(REMOTE_ENTRY_INFO* inRemoteInfo)
{
std::cout << "\n\nNativeInjectionEntryPointt(REMOTE_ENTRY_INFO* inRemoteInfo)\n\n"
<<
"IIIII
nn nnn
" III
nnn
" III
" III
nn
"IIIII nn
"
nn
nn
nn
tt
cccc tt
tttt
tt
tttt
e cc
cc
ccccc
jjj
eee
jjj ee
jjj eeeee
jjj
eeeee
jjjj
dd !!! \n"
dd !!! \n"
dddddd !!! \n"
dd
dddddd !!! \n"
dd
\n"
eee
ee
e
eeeee
eeeee
\n\n";
std::cout << "Injected by process Id: " << inRemoteInfo->HostPID << "\n";
std::cout << "Passed in data size: " << inRemoteInfo->UserDataSize << "\n";
if (inRemoteInfo->UserDataSize == sizeof(DWORD))
{
gFreqOffset = *reinterpret_cast(inRemoteInfo->UserData);
std::cout << "Adjusting Beep frequency by: " << gFreqOffset << "\n";
}
// Perform hooking
HOOK_TRACE_INFO hHook = { NULL }; // keep track of our hook
std::cout << "\n";
std::cout
<<
"Win32
Beep
found
at
address:
"
<<
GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep") << "\n";
// Install the hook
NTSTATUS result = LhInstallHook(
GetProcAddress(GetModuleHandle(TEXT("kernel32")), "Beep"),
myBeepHook,
NULL,
&hHook);
if (FAILED(result))
{
std::wstring s(RtlGetLastErrorString());
std::wcout << "Failed to install hook: ";
std::wcout << s;
}
else
{
}
std::cout << "Hook 'myBeepHook installed successfully.";
// If the threadId in the ACL is set to 0,
// then internally EasyHook uses GetCurrentThreadId()
ULONG ACLEntries[1] = { 0 };
// Disable the hook for the provided threadIds, enable for all others
LhSetExclusiveACL(ACLEntries, 1, &hHook);
return;
}
运行结果:
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
