调用MinHook.dll实现hook代码的学习

By admin at 2018-12-11 • 0人收藏 • 504人看过

另类的hook学习:

这个dll来自https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra

import win.ui;
/*DSG{{*/
mainForm = win.form(text="aardio工程29";right=959;bottom=591)
mainForm.add()
/*}}*/

import console
console.open()

var dll = ..raw.loadDll("\res\MinHook.x86.dll","MinHook.x86.dll");
MH_Initialize = dll.api("MH_Initialize","int()" )
MH_Uninitialize = dll.api("MH_Uninitialize","int()" )
MH_CreateHook = dll.api("MH_CreateHook","int(pointer pTarget, pointer pDetour, pointer& ppOriginal)" )
MH_CreateHookApi = dll.api("MH_CreateHookApi","int(ustring pszModule, string pszProcName, pointer pDetour, pointer& ppOriginal)" )
MH_CreateHookApiEx = dll.api("MH_CreateHookApiEx","int(ustring pszModule, string pszProcName, pointer pDetour, pointer& ppOriginal, pointer& ppTarget)" )
MH_RemoveHook = dll.api("MH_RemoveHook","int(pointer pTarget)" )
MH_EnableHook = dll.api("MH_EnableHook","int(pointer pTarget)" )
MH_DisableHook = dll.api("MH_DisableHook","int(pointer pTarget)" )
MH_QueueEnableHook = dll.api("MH_QueueEnableHook","int(pointer pTarget)" )
MH_QueueDisableHook = dll.api("MH_QueueDisableHook","int(pointer pTarget)") 
MH_ApplyQueued = dll.api("MH_ApplyQueued","int()" )
MH_StatusToString = dll.api("MH_StatusToString","str(int status)" )

var ret = MH_Initialize();
console.log( ret )

MessageBoxW = ::User32.api("MessageBoxW","int(int,ustring,ustring,int" )

fpMessageBoxW =function(){
	MH_EnableHook(MessageBoxW)
}

DetourMessageBoxW = function (hWnd, lpText, lpCaption, uType)
{
    MH_DisableHook(MessageBoxW);
    MessageBoxW(hWnd, "hook"++lpText, lpCaption, uType);
    MH_EnableHook(MessageBoxW)
}

//转换为函数指针
DetourMessageBoxW_c = raw.tostdcall(DetourMessageBoxW,"int(int,ustring,ustring,int)" )
fpMessageBoxW_c = raw.tostdcall(fpMessageBoxW,"void()" )

if(ret == 0){
	console.log("初始化成功")
	console.pause()
	console.log( MH_CreateHook(MessageBoxW,DetourMessageBoxW_c,fpMessageBoxW_c) )

	console.pause()
	console.log( MH_EnableHook(MessageBoxW) );
	console.pause()
	MessageBoxW(0,"提示信息1","test",0)
	console.pause()
	MessageBoxW(0,"提示信息2","测试",0)
	
}else {
	console.log("初始化失败")
}

mainForm.onClose = function(hwnd,message,wParam,lParam){
   console.log( MH_DisableHook() )
   console.log( MH_Uninitialize() )
}

mainForm.show();
return win.loopMessage();

image.png

2 个回复 | 最后更新于 2018-12-11
2018-12-11   #1

第二种调用防多次触发:

import win.ui;
/*DSG{{*/
mainForm = win.form(text="aardio工程29";right=959;bottom=591)
mainForm.add()
/*}}*/

import console
console.open()

var dll = ..raw.loadDll("\res\MinHook.x86.dll","MinHook.x86.dll");
MH_Initialize = dll.api("MH_Initialize","int()" )
MH_Uninitialize = dll.api("MH_Uninitialize","int()" )
MH_CreateHook = dll.api("MH_CreateHook","int(pointer pTarget, pointer pDetour, pointer& ppOriginal)" )
MH_CreateHookApi = dll.api("MH_CreateHookApi","int(ustring pszModule, string pszProcName, pointer pDetour, pointer& ppOriginal)" )
MH_CreateHookApiEx = dll.api("MH_CreateHookApiEx","int(ustring pszModule, string pszProcName, pointer pDetour, pointer& ppOriginal, pointer& ppTarget)" )
MH_RemoveHook = dll.api("MH_RemoveHook","int(pointer pTarget)" )
MH_EnableHook = dll.api("MH_EnableHook","int(pointer pTarget)" )
MH_DisableHook = dll.api("MH_DisableHook","int(pointer pTarget)" )
MH_QueueEnableHook = dll.api("MH_QueueEnableHook","int(pointer pTarget)" )
MH_QueueDisableHook = dll.api("MH_QueueDisableHook","int(pointer pTarget)") 
MH_ApplyQueued = dll.api("MH_ApplyQueued","int()" )
MH_StatusToString = dll.api("MH_StatusToString","str(int status)" )

var ret = MH_Initialize();
console.log( ret )

MessageBoxW = ::User32.api("MessageBoxW","int(int,ustring,ustring,int" )
var func_api;


DetourMessageBoxW = function (hWnd, lpText, lpCaption, uType)
{
	console.log("hook le ")
    return func_api(hWnd, "hook"++lpText, lpCaption, uType);
}

//转换为函数指针
DetourMessageBoxW_c = raw.tostdcall(DetourMessageBoxW,"int(int,ustring,ustring,int)" )


if(ret == 0){
	console.log("初始化成功")
	console.pause()

	var ret,FunA = MH_CreateHook(MessageBoxW,DetourMessageBoxW_c,null)
        //下面这三句可以省略为一句
	//struct = {pointer ptr = FunA } 
	//ptr = raw.convert( struct,struct ).ptr
	//funcAddr = tonumber(ptr)
	funcAddr = tonumber(FunA)
	exe = raw.loadDll();
	func_api = exe.api( funcAddr ,"int(int,ustring,ustring,int)" )

	console.pause()
	console.log( MH_EnableHook(MessageBoxW) );
	MessageBoxW(0,"提示信息1","test",0)
	console.pause()
	console.log( MH_DisableHook(MessageBoxW) );
	MessageBoxW(0,"提示信息2","测试",0)
		console.pause()
	console.log( MH_EnableHook(MessageBoxW) );
	MessageBoxW(0,"提示信息3","test",0)
	console.pause()
	console.log( MH_DisableHook(MessageBoxW) );
	MessageBoxW(0,"提示信息4","测试",0)
}else {
	console.log("初始化失败")
}

mainForm.onClose = function(hwnd,message,wParam,lParam){
   console.log( MH_DisableHook() )
   console.log( MH_Uninitialize() )
}

mainForm.show();
return win.loopMessage();


2018-12-11   #2

Hook了串口通信的读取和写入, hook它的pcomm.dll

import win.ui;
/*DSG{{*/
var winform = win.form(text="aardio form";right=759;bottom=469)
winform.add(
button={cls="button";text="打开串口";left=46;top=51;right=239;bottom=132;z=1};
button2={cls="button";text="写入";left=49;top=151;right=305;bottom=264;z=2};
button3={cls="button";text="读取";left=322;top=149;right=591;bottom=262;z=3};
button4={cls="button";text="定时读取";left=322;top=281;right=591;bottom=394;z=4};
button5={cls="button";text="先运行弹窗那个hook,再随便弹一弹2";left=48;top=400;right=305;bottom=465;z=5}
)
/*}}*/

import sio;
import console
console.open()
 
var dll = ..raw.loadDll("\res\MinHook.x86.dll","MinHook.x86.dll");
MH_Initialize = dll.api("MH_Initialize","int()" )
MH_Uninitialize = dll.api("MH_Uninitialize","int()" )
MH_CreateHook = dll.api("MH_CreateHook","int(pointer pTarget, pointer pDetour, pointer& ppOriginal)" )
MH_CreateHookApi = dll.api("MH_CreateHookApi","int(ustring pszModule, string pszProcName, pointer pDetour, pointer& ppOriginal)" )
MH_CreateHookApiEx = dll.api("MH_CreateHookApiEx","int(ustring pszModule, string pszProcName, pointer pDetour, pointer& ppOriginal, pointer& ppTarget)" )
MH_RemoveHook = dll.api("MH_RemoveHook","int(pointer pTarget)" )
MH_EnableHook = dll.api("MH_EnableHook","int(pointer pTarget)" )
MH_DisableHook = dll.api("MH_DisableHook","int(pointer pTarget)" )
MH_QueueEnableHook = dll.api("MH_QueueEnableHook","int(pointer pTarget)" )
MH_QueueDisableHook = dll.api("MH_QueueDisableHook","int(pointer pTarget)") 
MH_ApplyQueued = dll.api("MH_ApplyQueued","int()" )
MH_StatusToString = dll.api("MH_StatusToString","str(int status)" )
 
var ret = MH_Initialize();
console.log("Hook初始化", ret )
 
var func_api;
 
Detoursio_read = function (port,buf,len)
{
    var ret =  func_api(port,buf,len);
    console.log("Hook收到数据如下:",port,raw.tostring(buf),len)
    return ret;
}
 
//函数转换为函数指针
Detoursio_read_c = raw.tostdcall(Detoursio_read,"int(int,pointer,int)" )
//定义需要Hook的函数
sio_write = ::Pcomm.api("sio_write","int(int port,pointer buf, int len)" )
sio_read = ::Pcomm.api("sio_read","int(int port,pointer buf, int len)" )
//创建Hook钩子
var ret,FunA = MH_CreateHook(sio_read,Detoursio_read_c,null)
console.log("创建tHook",ret,FunA)
//转换指针为函数,供钩子回调原来的函数用
//struct = {pointer ptr = FunA } 
//ptr = raw.convert( struct,struct ).ptr
funcAddr = tonumber(FunA)
exe = raw.loadDll();
func_api = exe.api( funcAddr ,"int(int,pointer,int)" )
 
//console.pause()
 
console.log("使能Hook:", MH_EnableHook(sio_read) );
 
winform.onClose = function(hwnd,message,wParam,lParam){
   //关闭并释放hook,参数为Null则取消所有的hook
   console.log( MH_DisableHook() )
   console.log( MH_Uninitialize() )
}
 
winform.button.oncommand = function(id,event){
    //设置串口, 打开串口
    sport = sio.port("COM1");
    sport.ioctl(9600,8,1,"even");
/*
    //测试发现不能用中断读取方式, 收到多次数据会崩溃
    sport.termCntIrqThread(1,function(port){
        import sio;
        var sport = sio.port(port);
         
        sport.read(); //或sport.readHex()
    } )
*/
}
var ff = 1;
winform.button2.oncommand = function(id,event){
    sport.write("test"++ff);
    ff++;
}
 
winform.button3.oncommand = function(id,event){
    sport.read()
}

var tmid;
winform.button4.oncommand = function(id,event){
    if(tmid){
    	winform.killtimer(tmid)
    	return;
    }
	tmid = winform.addtimer(
	100/*毫秒*/,
	function(hwnd,msg,id,tick){//定时执行代码
		sport.read()
	}
);
}

winform.button5.oncommand = function(id,event){
	winform.msgbox("随便弹一弹2")
}

winform.show();
win.loopMessage();
return winform;


image.png

登录后方可回帖

登 录
信息栏
本站永久域名:HtmLayout.Cn
纯私人站,当笔记本用的,学到哪写到哪,目前正在学aardio+halcon机器视觉.
本 站 主 站:Stm32cube中文网
Aardio 官方站:Aardio官方
Aardio最新功能:Aardio官方更新日志
aardio在线手册Aardio在线手册
黑猫Aar教程网:简码编程
C大Aardio论坛:Aar爱好者论坛
AARDIO语言QQ群:70517368
赞助商:才仁机械
下载站:非凡软件站
Loading...