|
|
依然是我!【Miss丿小沫】
------------------------------------------------------------------------
这章来复习一下上章讲的东西,就是附加调试器方法钩取API,算是代码总结吧,具体的就不细讲了(见上一章节),给大家发一个算是模板代码把,大家有不懂得们可以留言。
(OD调试计算器要调试XP的计算器,不知道为什么,WIN7的计算器我调试就崩溃。。。。和notepad一样。。。)
上:https://www.cctry.com/thread-266000-1-1.html
下:https://www.cctry.com/thread-266026-1-1.html
------------------------------------------------------------------------
------------------------------------------------------------------------
(代码复习,具体讲解见上一章讲解)
- void CHookCalcDlg::OnBnClickedButtonHook()
- {
- HANDLE hThread = CreateThread(NULL,0,ThreadProc,(LPVOID)this,0,NULL);
- CloseHandle(hThread);
- }
------------------------------------------------------------------------
- /********************************************
- Name:DebugLoop()
- Description:DebugLoop Attaching Process
- ********************************************/
- void CHookCalcDlg::DebugLoop()
- {
- DEBUG_EVENT DE;
- while(WaitForDebugEvent(&DE,INFINITE))
- {
- switch(DE.dwDebugEventCode)
- {
- case CREATE_PROCESS_DEBUG_EVENT:
- CreateProcessDebugEvent(&DE);
- break;
- case EXCEPTION_DEBUG_EVENT:
- ExceptionProcessDebugEvent(&DE);
- break;
- case EXIT_PROCESS_DEBUG_EVENT:
- return ;
- }
- ContinueDebugEvent(DE.dwProcessId,DE.dwThreadId,DBG_CONTINUE);
- }
- }
------------------------------------------------------------------------
- /********************************************************************************************************
- Name:CreateProcessDebugEvent(LPDEBUG_EVENT lpDE)
- Description:When dwDebugEventCode=CREATE_PROCESS_DEBUG_EVENT(When the Process Starts)
- ********************************************************************************************************/
- void CHookCalcDlg::CreateProcessDebugEvent(LPDEBUG_EVENT lpDE)
- {
- BYTE bInt3 = 0xCC;
- memcpy(&CPDbg_Info,&lpDE->u.CreateProcessInfo,sizeof(CREATE_PROCESS_DEBUG_INFO));
- pSWTAddress = GetProcAddress(GetModuleHandle(_T("user32.dll")),"SetWindowTextW");
- ReadProcessMemory(CPDbg_Info.hProcess,pSWTAddress,&bOriByte,sizeof(BYTE),NULL);
- WriteProcessMemory(CPDbg_Info.hProcess,pSWTAddress,&bInt3,sizeof(BYTE),NULL);
- }
------------------------------------------------------------------------
- /********************************************************************************************************
- Name:ExceptionProcessDebugEvent(LPDEBUG_EVENT lpDE)
- Description:When dwDebugEventCode=EXCEPTION_DEBUG_EVENT(When the Process is abnormal(BreakPoint))
- ********************************************************************************************************/
- void CHookCalcDlg::ExceptionProcessDebugEvent(LPDEBUG_EVENT lpDE)
- {
- LPEXCEPTION_RECORD lpER = &lpDE->u.Exception.ExceptionRecord;
- DWORD dwBufAddress = 0;
- CONTEXT cText;
- PBYTE pBuf;
- BYTE bInt3;
- if(lpER->ExceptionCode == EXCEPTION_BREAKPOINT && lpER->ExceptionAddress == pSWTAddress)
- {
- WriteProcessMemory(CPDbg_Info.hProcess,pSWTAddress,&bOriByte,sizeof(BYTE),NULL);
- cText.ContextFlags = CONTEXT_CONTROL;
- GetThreadContext(CPDbg_Info.hThread,&cText);
- ReadProcessMemory(CPDbg_Info.hProcess,(LPVOID)(cText.Esp + 0x8),&dwBufAddress,sizeof(DWORD),NULL);
- pBuf = (PBYTE)malloc(256);
- memset(pBuf,0,256);
- ReadProcessMemory(CPDbg_Info.hProcess,(LPVOID)dwBufAddress,pBuf,256,NULL);
- //改写
- CString str,strNew;
- str.Format(_T("%s"),pBuf);
- for(int i = 0;i < str.GetLength();i ++)
- {
- switch(str.GetAt(i))
- {
- case '0':
- strNew += _T("零");
- break;
- case '1':
- strNew += _T("一");
- break;
- case '2':
- strNew += _T("二");
- break;
- case '3':
- strNew += _T("三");
- break;
- case '4':
- strNew += _T("四");
- break;
- case '5':
- strNew += _T("五");
- break;
- case '6':
- strNew += _T("六");
- break;
- case '7':
- strNew += _T("七");
- break;
- case '8':
- strNew += _T("八");
- break;
- case '9':
- strNew += _T("九");
- break;
- }
- }
- WriteProcessMemory(CPDbg_Info.hProcess,(LPVOID)dwBufAddress,strNew,256,NULL);
- free(pBuf);
- cText.Eip = (DWORD)pSWTAddress;
- SetThreadContext(CPDbg_Info.hThread,&cText);
- ContinueDebugEvent(lpDE->dwProcessId,lpDE->dwThreadId,DBG_CONTINUE);
- Sleep(0);
- WriteProcessMemory(CPDbg_Info.hProcess,pSWTAddress,&bInt3,sizeof(BYTE),NULL);
- }
- }
------------------------------------------------------------------------
我是【Miss丿小沫】,我喂我袋盐! |
上一篇: VC实现【API钩取】【调试法】附加调试器下一篇: ODBC 存储/读取 图像数据 (VC2008代码)
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
