部分代码截选,全部代码单元已经打包
function SetOnBefore(const DllName: string; const ApiName: string;
HookProc: Pointer): Boolean;
var
ApiEntry: Pointer;
DllHandle: THandle;
ReplaceCodeSize: Integer;
OpCode: array [0..15] of byte;
StubPtr: Pointer;
Addr: LongWord;
RetSize: LongWord;
begin
Result := False;
DllHandle := GetModuleHandle(PChar(DllName));
if DllHandle = 0 then
begin
DllHandle := LoadLibrary(PChar(DllName));
if DllHandle = 0 then Exit;
end;
ApiEntry := GetProcAddress(DllHandle, PChar(ApiName));
if ApiEntry = nil then Exit;
ReplaceCodeSize := GetOpCodeSize(ApiEntry, MaskTable);
while ReplaceCodeSize < 5 do
begin
ReplaceCodeSize := ReplaceCodeSize +
GetOpCodeSize(Pointer(LongWord(ApiEntry) + ReplaceCodeSize), MaskTable);
end;
if ReplaceCodeSize > 16 then Exit;
if VirtualProtect(ApiEntry, ReplaceCodeSize, PAGE_READWRITE, nil) then
Exit;
CopyMemory(@OpCode, ApiEntry, ReplaceCodeSize);
StubPtr := VirtualAlloc(nil, SizeOf(BeforeStub), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if StubPtr = nil then Exit;
CopyMemory(StubPtr, @BeforeStub, SizeOf(BeforeStub));
// 求HookProc的地址
Addr := LongWord(HookProc) - LongWord(StubPtr) - 35 - 5;
// 写入HookProc的地址
PDWORD(LongWord(StubPtr) + 36)^ := Addr;
// 求HookedApi的地址
Addr := LongWord(ApiEntry) + ReplaceCodeSize - LongWord(StubPtr) - 89 - 5;
// 写入HookedApi的地址
PDWORD(LongWord(StubPtr) + 90)^ := Addr;
// 写入被Hook掉的OpCode
CopyMemory(Pointer(LongWord(StubPtr) + 73), @OpCode, ReplaceCodeSize);
// 改写Api入口地址
Addr := LongWord(StubPtr) - LongWord(ApiEntry) - 5;
PDWORD(LongWord(@JMPGate) + 1)^ := Addr;
WriteProcessMemory(GetCurrentProcess, ApiEntry, @JMPGate, SizeOf(JMPGate), RetSize);
// CopyMemory(ApiEntry, @JMPGate, SizeOf(JMPGate));
Result := True;
end;
迅雷专用高速下载
