c#使用easyhook库进行API钩取
2024-10-21 03:09:32
目标:使calc程序输入的数自动加1
(当别人使用时,总会得不到正确的结果,哈哈)
编写注入程序
—————————————————————————————————
class Program中的方法,注入dll到目标进程
——————————————————————-——————————
static String ChannelName = null; static void Main(string[] args)
{
Int32.TryParse(args[], out TargetPID) ;
RemoteHooking.IpcCreateServer<FileMonInterface>(ref ChannelName, WellKnownObjectMode.SingleCall);
string injectionLibrary = Path.Combine(Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "Inject.dll");
RemoteHooking.Inject(
TargetPID,
injectionLibrary,
injectionLibrary,
ChannelName);
Console.WriteLine("Injected to process {0}", TargetPID);
Console.WriteLine("<Press any key to exit>");
Console.ReadKey();
}
__________________________________________________
MarshalByRefObject的实现,供dll进行调用,判断是否正常
__________________________________________________
public class FileMonInterface : MarshalByRefObject
{
public void IsInstalled(Int32 InClientPID)
{
Console.WriteLine("FileMon has been installed in target {0}.\r\n", InClientPID);
}
}
编写注入使用的dll程序
—————————————————————————————————
注入成功后,调用Run方法,钩取SetWindowTextW API,修改为DSetWindowText的委托
—————————————————————————————————
public void Run(
RemoteHooking.IContext InContext,
String InChannelName)
{
// install hook...
Hook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "SetWindowTextW"),
new DSetWindowText(SetWindowText_Hooked),
this); Hook.ThreadACL.SetExclusiveACL(new Int32[] { });
Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());
RemoteHooking.WakeUpProcess();while (true)
{
Thread.Sleep();
}
} —————————————————————————————————
委托
—————————————————————————————————
[UnmanagedFunctionPointer(CallingConvention.StdCall,
CharSet = CharSet.Ansi,
SetLastError = true)]
delegate bool DSetWindowText(
IntPtr hWnd, //对于句柄采用IntPtr类型
string text
);
—————————————————————————————————
API
—————————————————————————————————
[DllImport("user32.dll",
CharSet = CharSet.Ansi,
SetLastError = true,
CallingConvention = CallingConvention.StdCall)]
static extern bool SetWindowText(
IntPtr hWnd, string text
);
—————————————————————————————————
傀儡API
—————————————————————————————————
static bool SetWindowText_Hooked(
IntPtr hWnd,
string text)
{
text = (int.Parse(text.Remove(text.Length-))+).ToString();//修改要显示的数据
return SetWindowText( hWnd, text);//调用API
}
效果图
最新文章
- 用hibernate tools生成对应的sql应用代码
- JS 验证数组中是否包含重复元素
- H5手机端关注的问题
- Spring注解学习
- 智能车学习(二十)——浅谈C车硬连接与软连接
- SQL递归查询(with cte as)
- Unity安卓上播放视频的问题,暂时无解记录一下
- Silverlight浮动窗体 floatablewindow 非模态对话框
- centos下安装usb摄像头驱动
- 多屏广告技术调研 & 广告基础介绍
- python进程池剖析(二)
- js函数中this的指向
- Sencha Cmd 6 和 Ext JS 6 指南文档(部分官方文档中文翻译)
- flask-日料网站搭建-数据库操作
- jquery-模仿qq提示消息
- powerdesigner添加mysql的字符集ENGINE和DEFAULT CHARACTER SET
- zabbix添加ceph监控
- 微信小程序之wx.showmodal
- C#使用FFMPEG推流,并且获取流保存在本地,随时取媒体进行播放!
- STM32的SPI2操作Flash