Home > Back-end >  HOOK the Send function, why cancel HOOK object program will die (stuck)
HOOK the Send function, why cancel HOOK object program will die (stuck)

Time:11-03


Directly closed injection program or cancel HOOK will hang up

Directly on the code that bosses to help me take a look at why
 


//APIHook code
The unit APIHook;

Interface

USES the
SysUtils,
Dialogs,
Cq,
UnitHook,
Windows WinSock;
Const
LogFile='c: \ test. TXT';
My_ws2='ws2_32. DLL';

//-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the function declaration -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

Procedure HookAPI;

Procedure UnHookAPI;

Procedure SaveInfo (var buf); Stdcall;

The function recvout (var Rbuf; RLen: Integer) : Integer;
Procedure writedat (s: a string; Datfile: string=logfile);

Var
Hook: array [0.. 1] of TNtHookClass;
G_IsHook: Boolean;


Implementation
The function Mysenddata (s: TSocket; Var Buf. Len, flags: Integer) : Integer; Stdcall;

Type
TMysenddata=https://bbs.csdn.net/topics/function (s: TSocket; Var Buf. Len, flags: Integer) : Integer; Stdcall;
Var
Id: DWORD;
The begin
Hook [0]. UnHook;
Recvout (Buf, len);//print
Result:=TMysenddata (Hook. [0] BaseAddr) (s, Buf, len, flags);
Hook [0]. Hook;


end;


Procedure SaveInfo (var buf); Stdcall;

Var

F: the file;

FileName: the string;

The begin

{is saved as a file information}

FileName:='c: \ test. TXT';

Assignfile (f, FileName);

Closefile (f);

end;

The function recvout (var Rbuf; RLen: Integer) : Integer;

Var

Buf1: pchar;

I: integer;

Ss, ff, kk: string;

The Begin

Buf1:=@ Rbuf;

For I:=1 to Rlen do

The Begin

Ss:=ss + inttohex (byte (buf1 ^), 2) + ";

Buf1:=buf1 + 1;

The End;


Writedat (' packet content '+' - + - '+' length: '+ inttostr (Rlen) + # $D# $A + ss' c: \ test. TXT);


The End;


{-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -}

{process function: HookAPI

No
{process parameters:
{-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -}

Procedure HookAPI;
The begin
If not G_IsHook then
The begin
G_IsHook:=True;
Hook [0] :=TNtHookClass. Create (my_ws2, 'Send' @ Mysenddata);
end;
end;


{-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -}

{process function: cancel HOOKAPI

No
{process parameters:
{-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -}

Procedure UnHookAPI;
The begin
Hook [0]. UnHook;//what's the problem here??????? Die
end;

Procedure WriteDat (s: a string; Datfile: string=logfile);
Var
H: integer;
The begin
Try
If FileExists (datfile) then
The begin
H:=FileOpen (datfile fmOpenWrite);
Fileseek (h, 0, 2);
//deletefile (datfile);
End
The else exit; ://h=filecreate (datfile);
If h=1 then the exit;
S: # $0=s + d + # $0 a;
FileWrite (h, s [1], the length (s));
FileClose (h);
Except,
end;
end;

End.


-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --


//unitHook code



The unit unitHook;

Interface

USES the
Windows, Messages, Classes, SysUtils;

Type

//NtHook related type
TNtJmpCode=the packed record//8 bytes
MovEax: Byte;
Addr: DWORD;
JmpCode: Word;
DwReserved: Byte;
end;

TNtHookClass=class (TObject)
Private
HProcess: THandle;
NewAddr: TNtJmpCode;
OldAddr: an array of Byte [0.. 7];
ReadOK: Boolean;
Public
BaseAddr: Pointer;
The constructor Create (DllName, FuncName: string; NewFunc: Pointer);
The destructor Destroy; Override.
Procedure Hook;
Procedure UnHook.
end;

Implementation

//==================================================
//NtHOOK classes start
//==================================================
The constructor TNtHookClass. Create (DllName: string; FuncName: string; NewFunc: Pointer);
Var
DllModule: HMODULE;
DwReserved: DWORD;
The begin
//module handles
DllModule:=GetModuleHandle (PChar (DllName));
//if not that is not loaded
If DllModule=0 then
The begin
OutputDebugString (PChar (' to HOOK DLL has not been loaded '));
DllModule:=LoadLibrary (PChar (DllName));
end;

OutputDebugString (PChar (' module DllModule: + IntToHex (DllModule, 8)));


//get the module entry address (b)
BaseAddr:=Pointer (GetProcAddress call (DllModule, PChar (FuncName)));

OutputDebugString (PChar (' module entry address (b) : '+ IntToHex (Integer (@ BaseAddr), 8)));


//get the current process handle
HProcess:=GetCurrentProcess;
//a pointer to the new address
NewAddr. MovEax:=$B8;
NewAddr. Addr:=dwords (NewFunc);
NewAddr. JmpCode:=$E0FF;
//save the original address
ReadOK:=ReadProcessMemory (hProcess, BaseAddr, @ OldAddr, 8, dwReserved);
//intercept
The hooks;
end;

//release object
Destructor TNtHookClass. Destroy;
The begin
UnHook.
The CloseHandle (hProcess);

Inherited;
end;

//intercept
Procedure TNtHookClass. Hook;
Var
DwReserved: DWORD;
The begin
If (ReadOK=False) then
The begin
OutputDebugString (PChar (' Hook ReadOK=False '));
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
  • Related