Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

你好.看了你的DelphiHookUtils.我有一些想法希望一起看看 #1

Open
tebox opened this issue Feb 10, 2017 · 0 comments
Open

你好.看了你的DelphiHookUtils.我有一些想法希望一起看看 #1

tebox opened this issue Feb 10, 2017 · 0 comments

Comments

@tebox
Copy link

tebox commented Feb 10, 2017

你好.,我自己写有一个HOOK类.我想在你的HOOK类基础上进行升级.比如改装成一个类.管理多个HOOK点.
通过匹配特征码进行HOOK.对某处JMP并设置回调函数,基于页面异常的HOOK等.我的QQ3570142.
下面是我的HOOK一部分类接口.

Type
THOOK_InLink = Class

Private
{ Private declarations }

Var

/// <summary>
/// 原始函数地址
/// </summary>
FOriFunAddress :Pointer;

/// <summary>
/// 新函数地址
/// </summary>
FNewFunAddress :Pointer;

/// <summary>
/// 原始函数代码
/// </summary>
FOriFunCode :TBytes;

/// <summary>
/// 原始函数ASM
/// </summary>
FOriFunASM :TStringList;

/// <summary>
/// 原始函数带JMP代码(全局中转处)
/// </summary>
FOriFunJMPCode :TBytes;

/// <summary>
/// 原始函数带JMP代码地址
/// </summary>
FOriFunJMPPointer :Pointer;

/// <summary>
/// 保存修改处的JMP汇编代码
/// </summary>
FCheckJMPCode : Array [ 0 .. 4 ] Of Byte;

/// <summary>
/// 保存原始汇编字节的大小
/// </summary>
FOriCodeSize :NativeInt;

/// <summary>
/// 模块名称
/// </summary>
FModuleName :String;

/// <summary>
/// 函数名称
/// </summary>
FFunctionName :String;

/// <summary>
/// 是否挂起其他线程
/// </summary>
FSuspendThread :Boolean;

/// <summary>HOOKCode</summary>
/// <param name="Callback  (Pointer)">回调函数</param>
/// <param name="OriCodeStr  (String)">原始汇编代码</param>
/// <param name="PuddingEncoding  (String)">补丁机器码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_Code ( ) :Boolean; Overload;
Function Hook_Code ( Callback :Pointer; OriCodeStr :String; PuddingEncoding :String ) :Boolean; Overload;

Public
{ Public declarations }
Constructor Create ( ); Overload; // 构造方法
Destructor Destroy; Override; // 析构方法

Property OriFunAddress :Pointer Read FOriFunAddress Write FOriFunAddress;
Property NewFunAddress :Pointer Read FNewFunAddress Write FNewFunAddress;
Property OriFunCode :TBytes Read FOriFunCode Write FOriFunCode;
Property OriFunASM :TStringList Read FOriFunASM Write FOriFunASM;
Property OriFunJMPCode :TBytes Read FOriFunJMPCode Write FOriFunJMPCode;
Property OriFunJMPPointer :Pointer Read FOriFunJMPPointer Write FOriFunJMPPointer;
Property OriCodeSize :NativeInt Read FOriCodeSize Write FOriCodeSize;
Property ModuleName :String Read FModuleName Write FModuleName;
Property FunctionName :String Read FFunctionName Write FFunctionName;
Property SuspendThread :Boolean Read FSuspendThread Write FSuspendThread;

{ -----------------------------------------------------------------------------------------> API HOOK }
/// <summary>HOOK API 头5字节</summary>
/// <param name="Module_Name  (String)">模块名称</param>
/// <param name="Function_Name  (String)">函数名称</param>
/// <param name="New_Function_Address  (Pointer)">新函数地址</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_API ( Module_Name :String; Function_Name :String; New_Function_Address :Pointer ) :Boolean;

{ -----------------------------------------------------------------------------------------> HOOK 指定地址 }
/// <summary>HOOK 指定地址</summary>
/// <param name="Module_Name  (String)">模块名称</param>
/// <param name="Address_Office  (NativeInt)">相对模块的偏移(匹配处)</param>
/// <param name="New_Function_Address  (Pointer)">新函数地址</param>
/// <param name="HOOKOffice  (NativeInt)">匹配处HOOK位置偏移</param>
/// <param name="FeatureStr  (String)">特征码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_Address ( Module_Name :String; Address_Office :NativeInt; New_Function_Address :Pointer; HOOKOffice :NativeInt; FeatureStr :String ) :Boolean;

{ -----------------------------------------------------------------------------------------> 打补丁 指定地址 }
/// <summary>对指定地址打补丁</summary>
/// <param name="Module_Name  (String)">模块名称</param>
/// <param name="Function_Office  (NativeInt)">特征码定位偏移(匹配处)</param>
/// <param name="HOOKOffice  (NativeInt)">匹配处HOOK位置偏移</param>
/// <param name="Callback  (Pointer)">回调函数</param>
/// <param name="PuddingEncoding  (String)">补丁机器码</param>
/// <param name="FeatureStr  (String)">特征码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_JMP ( Module_Name :String; Function_Office :NativeInt; HOOKOffice :NativeInt; Callback :Pointer; PuddingEncoding :String; FeatureStr :String ) :Boolean;

{ -----------------------------------------------------------------------------------------> 打补丁 指定地址 }
/// <summary>对指定地址打补丁</summary>
/// <param name="HOOKAddress  (NativeInt)">HOOK地址</param>
/// <param name="OriCodeStr  (String)">原始汇编代码</param>
/// <param name="Callback  (Pointer)">回调函数</param>
/// <param name="PuddingEncoding  (String)">补丁机器码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_JMPAdd ( HOOKAddress :NativeInt; OriCodeStr :String; Callback :Pointer; PuddingEncoding :String ) :Boolean;

{ -----------------------------------------------------------------------------------------> 卸载 HOOK }
/// <summary>卸载 HOOK</summary>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Unload_Hook ( ) :Boolean;

{ -----------------------------------------------------------------------------------------> 检查 HOOK }
/// <summary>检查 HOOK</summary>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Check_Hook ( ) :Boolean;

End;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tebox