IAT HOOK是指修改IAT中函數地址的值，使它指向我們自己實現的函數，在我們的函數內部調用原函數的技術。

下面演示對MessageBoxA設置IAT HOOK，運行效果如圖：

這里演示了對MessageBoxA的修改，除了改變函數行為，我們還可以監視函數的參數和返回值，此處就不演示了，下面是代碼。

// IATHook.cpp : Defines the entry point for the console application. //#include "stdafx.h" #include <WINDOWS.H> #include <STDIO.H>void SetIATHook(LPVOID pOldFuncAddr, LPVOID pNewFuncAddr); int WINAPI MyMessageBox(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType); void UnsetIATHook(LPVOID pOldFuncAddr, LPVOID pNewFuncAddr);int main(int argc, char* argv[]) {SetIATHook(MessageBoxA, MyMessageBox);MessageBox(0,"文字","標題",MB_OK);return 0; }// 修改IAT表，讓指定的函數指向新的函數 void SetIATHook(LPVOID pOldFuncAddr, LPVOID pNewFuncAddr) {// 遍歷IAT，找到匹配的函數，修改成新的地址LPVOID pImageBuffer = GetModuleHandle(NULL);PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer;PIMAGE_FILE_HEADER pPEHeader = (PIMAGE_FILE_HEADER)(pDosHeader->e_lfanew + (DWORD)pDosHeader + 4);PIMAGE_OPTIONAL_HEADER32 pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader + sizeof(IMAGE_FILE_HEADER));PIMAGE_SECTION_HEADER pSectionHeader = \(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader + pPEHeader->SizeOfOptionalHeader); PIMAGE_IMPORT_DESCRIPTOR pImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)pImageBuffer + \pOptionHeader->DataDirectory[1].VirtualAddress);while (pImportTable->OriginalFirstThunk || pImportTable->FirstThunk){PIMAGE_THUNK_DATA32 pThunkData = (PIMAGE_THUNK_DATA32)((DWORD)pImageBuffer + \pImportTable->FirstThunk);while (*((PDWORD)pThunkData) != 0){if (*(PDWORD)pThunkData == (DWORD)pOldFuncAddr){*(PDWORD)pThunkData = (DWORD)pNewFuncAddr;return;}pThunkData++;}pImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)pImportTable + sizeof(IMAGE_IMPORT_DESCRIPTOR)); } }// 卸載IAT HOOK void UnsetIATHook(LPVOID pOldFuncAddr, LPVOID pNewFuncAddr) {SetIATHook(pNewFuncAddr, pOldFuncAddr); // 反過來而已 }// 動了手腳的MessageBox int WINAPI MyMessageBox(HWND hWnd,LPCTSTR lpText,LPCTSTR lpCaption,UINT uType) {typedef int (WINAPI *PFNMESSAGEBOX)(HWND,LPCTSTR,LPCTSTR,UINT); PFNMESSAGEBOX pFnMessageBox = (PFNMESSAGEBOX)GetProcAddress(LoadLibraryA("user32.dll"), "MessageBoxA");return pFnMessageBox(hWnd,"哈哈，這是被修改的MessageBox","這是被修改的標題",uType); }

總結

以上是生活随笔為你收集整理的IAT HOOK的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。