CnPack Forum


 
Subject: CnInProcessAPIHook修正建议
codemaster
新警察
Rank: 1



UID 361105
Digest Posts 0
Credits 30
Posts 10
点点分 30
Reading Access 10
Registered 2016-11-15
Status Offline
Post at 2020-4-20 23:10  Profile | Blog | P.M. 
CnInProcessAPIHook修正建议

在函数TCnInProcessAPIHook.OnHookProc中,获取API参数指针时,通过ESP+Offset,而Offset在编译时是动态变化的。我修改了一下结构定义和部分代码,应该没啥问题,请作为参考。
1、DynamicCode结构定义修改见[+]


DynamicCode = packed record
    mov: Word;
    EspConst: DWORD; //++++
    Push: Byte;
    Self: DWORD;
    Call: Word;
    CallAddr: Pointer;
    RetCode: Byte;
    RetXX: WORD;
    EventAddr: Pointer;
    ExtraData: Pointer;
    ParamEsp: DWORD;//++++
  end;

2、procedure TCnHookAddress.InitHook修改见[+]

procedure TCnHookAddress.InitHook;
type
  PStr = ^Str;

  Str = array[0..3] of AnsiChar;
var
  FDynamicCode: PDynamicCode;
  Mark: AnsiString;
  Value1, Value2: DWORD;
begin
  //制定类型
  FHooker.Style := HT_SHORT_JMP;

  //分配内存
  FDynamicCode := VirtualAlloc(nil, SizeOf(DynamicCode), MEM_COMMIT, PAGE_EXECUTE_READWRITE);

  //保存地址
  FDynamicCode^.EventAddr := @DoOnHookProc;

  //写入相应语句
  FDynamicCode.mov := $2589; //Mov      ++++++++++++++++++++++++
  FDynamicCode.EspConst := DWORD(@FDynamicCode.ParamEsp); //+++++++++++++++++
  FDynamicCode^.Push := $68;  //PUSH
  FDynamicCode^.Self := DWORD(Self);  //写上 Self
  FDynamicCode^.Call := $15FF;  //CALL
  FDynamicCode^.CallAddr := @FDynamicCode^.EventAddr;  //事件发生
  FDynamicCode^.RetCode := $C2;  //RET
  FDynamicCode^.RetXX := FRetCount * 4;  //RET XX
  FDynamicCode^.ExtraData := FExtraData;  //额外数据
  //写入事件
  FHooker.Event := FDynamicCode;

  //制作 Mark
  Value1 := GetCurrentProcess;
  Value2 := DWORD(Self.InstructionAddr);
  Mark := PStr(@Value1)^ + PStr(@Value2)^;
  CopyMemory(@FHookMark[0], @Mark[1], 8);
end;

3、function TCnInProcessAPIHook.OnHookProc修改见[+]

if Assigned(OBJ.FOnAPIHookProc) then
  begin
//    asm    //不需要了 ----------
//        mov     AESP, ESP
//    end;

    Param := Pointer(Data.ParamEsp+4);//++++++++++++++
//    Param := Pointer(DWORD(AESP) + $60);  //参数开始,此处随编译器变动而变//不需要了 ---------
    SetLength(Params, OBJ.ParamCount);  //设置参数个数

Top
Passion (LiuXiao)
管理员
Rank: 9Rank: 9Rank: 9


UID 359
Digest Posts 19
Credits 6838
Posts 3591
点点分 6838
Reading Access 102
Registered 2004-3-28
Status Offline
Post at 2020-5-20 17:27  Profile | Blog | P.M. 
收到。已根据改动记录合并入最新git代码。

另外,该组件似乎针对Delphi 2009或以上的Unicode版本无效,Hook不到,是否有解决办法?
Top
 




All times are GMT++8, the time now is 2024-12-11 08:13

    本论坛支付平台由支付宝提供
携手打造安全诚信的交易社区 Powered by Discuz! 5.0.0  © 2001-2006 Comsenz Inc.
Processed in 0.009306 second(s), 8 queries , Gzip enabled

Clear Cookies - Contact Us - CnPack Website - Archiver - WAP