一 MFC程序中Hook MessageBox

新建如下的兩個工程；

主對話框代碼：

// HookMessageBookDlg.cpp : implementation file //#include "stdafx.h" #include "HookMessageBook.h" #include "HookMessageBookDlg.h"#ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif/ // CAboutDlg dialog used for App Aboutclass CAboutDlg : public CDialog { public:CAboutDlg();// Dialog Data//{{AFX_DATA(CAboutDlg)enum { IDD = IDD_ABOUTBOX };//}}AFX_DATA// ClassWizard generated virtual function overrides//{{AFX_VIRTUAL(CAboutDlg)protected:virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support//}}AFX_VIRTUAL// Implementation protected://{{AFX_MSG(CAboutDlg)//}}AFX_MSGDECLARE_MESSAGE_MAP() };CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD) {//{{AFX_DATA_INIT(CAboutDlg)//}}AFX_DATA_INIT }void CAboutDlg::DoDataExchange(CDataExchange* pDX) {CDialog::DoDataExchange(pDX);//{{AFX_DATA_MAP(CAboutDlg)//}}AFX_DATA_MAP }BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)//{{AFX_MSG_MAP(CAboutDlg)// No message handlers//}}AFX_MSG_MAP END_MESSAGE_MAP()/ // CHookMessageBookDlg dialogCHookMessageBookDlg::CHookMessageBookDlg(CWnd* pParent /*=NULL*/): CDialog(CHookMessageBookDlg::IDD, pParent) {//{{AFX_DATA_INIT(CHookMessageBookDlg)m_strDllPath = _T("");//}}AFX_DATA_INIT// Note that LoadIcon does not require a subsequent DestroyIcon in Win32m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); }void CHookMessageBookDlg::DoDataExchange(CDataExchange* pDX) {CDialog::DoDataExchange(pDX);//{{AFX_DATA_MAP(CHookMessageBookDlg)DDX_Control(pDX, IDC_BTN_LOAD, m_btnLoad);DDX_Text(pDX, IDC_EDIT_DLL, m_strDllPath);//}}AFX_DATA_MAP }BEGIN_MESSAGE_MAP(CHookMessageBookDlg, CDialog)//{{AFX_MSG_MAP(CHookMessageBookDlg)ON_WM_SYSCOMMAND()ON_WM_PAINT()ON_WM_QUERYDRAGICON()ON_BN_CLICKED(IDC_BTN_LOAD, OnBtnLoad)ON_BN_CLICKED(IDC_BUTTON_OPEN_DLL, OnButtonOpenDll)ON_BN_CLICKED(IDC_BTN_UNLOAD, OnBtnUnload)ON_BN_CLICKED(IDC_BTN_MSG, OnBtnMsg)//}}AFX_MSG_MAP END_MESSAGE_MAP()/ // CHookMessageBookDlg message handlersBOOL CHookMessageBookDlg::OnInitDialog() {CDialog::OnInitDialog();// Add "About..." menu item to system menu.// IDM_ABOUTBOX must be in the system command range.ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);ASSERT(IDM_ABOUTBOX < 0xF000);CMenu* pSysMenu = GetSystemMenu(FALSE);if (pSysMenu != NULL){CString strAboutMenu;strAboutMenu.LoadString(IDS_ABOUTBOX);if (!strAboutMenu.IsEmpty()){pSysMenu->AppendMenu(MF_SEPARATOR);pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);}}// Set the icon for this dialog. The framework does this automatically// when the application's main window is not a dialogSetIcon(m_hIcon, TRUE); // Set big iconSetIcon(m_hIcon, FALSE); // Set small icon// TODO: Add extra initialization hereGetDlgItem(IDC_BTN_LOAD)->EnableWindow(TRUE);GetDlgItem(IDC_BTN_UNLOAD)->EnableWindow(FALSE);return TRUE; // return TRUE unless you set the focus to a control }void CHookMessageBookDlg::OnSysCommand(UINT nID, LPARAM lParam) {if ((nID & 0xFFF0) == IDM_ABOUTBOX){CAboutDlg dlgAbout;dlgAbout.DoModal();}else{CDialog::OnSysCommand(nID, lParam);} }// If you add a minimize button to your dialog, you will need the code below // to draw the icon. For MFC applications using the document/view model, // this is automatically done for you by the framework.void CHookMessageBookDlg::OnPaint() {if (IsIconic()){CPaintDC dc(this); // device context for paintingSendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);// Center icon in client rectangleint cxIcon = GetSystemMetrics(SM_CXICON);int cyIcon = GetSystemMetrics(SM_CYICON);CRect rect;GetClientRect(&rect);int x = (rect.Width() - cxIcon + 1) / 2;int y = (rect.Height() - cyIcon + 1) / 2;// Draw the icondc.DrawIcon(x, y, m_hIcon);}else{CRect rect; CPaintDC dc(this); GetClientRect(rect); dc.FillSolidRect(rect,RGB(0,255,0)); CDialog::OnPaint();} }// The system calls this to obtain the cursor to display while the user drags // the minimized window. HCURSOR CHookMessageBookDlg::OnQueryDragIcon() {return (HCURSOR) m_hIcon; }void CHookMessageBookDlg::OnBtnLoad() {// TODO: Add your control notification handler code herehModule = LoadLibraryA(m_strDllPath);if (hModule == NULL){CString str_err = "";str_err.Format("加載DLL失敗，錯誤號為:%d",GetLastError());MessageBox(str_err);}else{GetDlgItem(IDC_BTN_LOAD)->EnableWindow(FALSE);GetDlgItem(IDC_BTN_UNLOAD)->EnableWindow(TRUE);} }void CHookMessageBookDlg::OnButtonOpenDll() {// TODO: Add your control notification handler code hereUpdateData(TRUE);CString lpzFilter = "Dll(*.dll)|*.dll";CFileDialog dlg(TRUE,NULL,NULL,OFN_HIDEREADONLY|OFN_OVERWRITEPROMPT,lpzFilter);if (dlg.DoModal()==IDOK){m_strDllPath = dlg.GetPathName();UpdateData(FALSE);} }void CHookMessageBookDlg::OnBtnUnload() {// TODO: Add your control notification handler code hereFreeLibrary(hModule);GetDlgItem(IDC_BTN_LOAD)->EnableWindow(TRUE);GetDlgItem(IDC_BTN_UNLOAD)->EnableWindow(FALSE); }void CHookMessageBookDlg::OnBtnMsg() {// TODO: Add your control notification handler code hereMessageBox (m_strDllPath); }
dll代碼：

// HookDll.cpp : Defines the entry point for the DLL application. //#include "stdafx.h" #include <windows.h> #include <detours.h>static int (WINAPI* TrueMessageBox)(HWND hWnd , LPCSTR lpText, LPCSTR lpCaption, UINT uType)=MessageBoxA; int WINAPI NEW_MessageBoxA(HWND hWnd,LPCWSTR lpText,LPCWSTR lpCaption,UINT uType) { //修改輸入?yún)?shù)，調(diào)用原函數(shù) int ret=TrueMessageBox(hWnd,"該函數(shù)已經(jīng)被Hook","[測試]",uType); return ret; } VOID Hook() { DetourRestoreAfterWith(); DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); //這里可以連續(xù)多次調(diào)用DetourAttach，表明HOOK多個函數(shù) DetourAttach(&(PVOID&)TrueMessageBox,NEW_MessageBoxA); DetourTransactionCommit(); OutputDebugString("Hook Success!\n"); } VOID UnHook() { DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); //這里可以連續(xù)多次調(diào)用DetourDetach,表明撤銷多個函數(shù)HOOK DetourDetach(&(PVOID&)TrueMessageBox,NEW_MessageBoxA); DetourTransactionCommit(); OutputDebugString("UnHook Success!\n"); }BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {if (ul_reason_for_call == DLL_PROCESS_ATTACH){OutputDebugString("DLL_PROCESS_ATTACH\n");Hook();}else if (ul_reason_for_call == DLL_PROCESS_DETACH){OutputDebugString("DLL_PROCESS_DETACH\n");UnHook();}return TRUE; }

<pre name="code" class="cpp">DLL_PROCESS_ATTACH 當(dāng)dll映射到進(jìn)程地址空間時hook，當(dāng)dll從進(jìn)程地址空間解除映射時unhook；

庫模塊中加入detour的lib；

運(yùn)行程序并且用dbgview觀察；

代碼中用OutputDebugString輸出的內(nèi)容，可在dbgview中顯示；

需要在dbgview的capture菜單選中如下項(xiàng)；

Detour 參考

http://blog.csdn.net/bcbobo21cn/article/details/51331093

工程和dbgview下載：

http://pan.baidu.com/s/1o7OEMc6

DetourHook.rar

總結(jié)

以上是生活随笔為你收集整理的图解Detours实例的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。