我在想如何在不使用像EasyHook这样的C++库或类似的库的情况下用C#或VB.Net挂接API。我喜欢学习这个的目的不是为了恶意,只是为了获得更多的经验,并找到.net的极限。比方说我喜欢挂接MessageBoxA API。我首先通过导入System.Runtime.InterropServices来导入它,然后在user32.dll 中添加MessageBoxA API调用的PInvoke签名
<DllImport("user32.dll", EntryPoint:="MessageBoxW",
SetLastError:=True, Charset:=Charset.Unicode)>
Public Function MessageBox(
hwnd As IntPtr,
<MarshalAs(UnmanagedType.LPTSTR)>ByVal lpText As String,
<MarshalAs(UnmanagedType.LPTSTR)>ByVal lpCaption As String,
<MarshalAs(UnmanagedType.U4)>ByVal uType As MessageBoxOptions
) As <MarshalAs(UnmanagedType.U4)>MessageBoxResult
End Function
我现在基本上喜欢挂起每个进程,它调用MessageBoxA API来获取正常文本,但使用挂起,我喜欢在messageBox文本的末尾附加"已挂起"。一位对.net很有经验的朋友告诉我,很有可能做到这一点,但不幸的是,他正忙于帮助我。步骤是,首先我需要dll(库)中的实际挂钩函数,稍后将其注入进程中,然后我需要确定它是本地进程还是托管进程。如果它是托管进程,那么没有问题,但如果它是本机进程,我需要一个加载器。本机进程没有加载.net,所以我需要先手动加载它,然后注入dll。
然后我需要获取指向.net方法的指针作为指针,这样我就知道钩子应该指向的地址,然后我可以使用GetProcessAdress和LoadLibraryA来获取指向API的指针。我喜欢在API开始时编写的JMP可以通过使用WriteProcessMemory来实现。有人能告诉我如何在上面提到的一个简单例子中实现这一点吗?方法是挂接messageboxapi并在调用它之前向它添加一些文本。
=)
我不确定这是否是您想要的,但这就是我钩住鼠标的方式。也许它可以帮助你找出其他的钩子。
Public Class MouseDetector
Public Event MouseLeftButtonClick(ByVal sender As Object, ByVal e As MouseEventArgs)
Public Event MouseRightButtonClick(ByVal sender As Object, ByVal e As MouseEventArgs)
Private Delegate Function MouseHookCallback(ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As IntPtr) As Integer
Private MouseHookCallbackDelegate As MouseHookCallback
Private MouseHookID As Integer
Public Sub New()
If MouseHookID = 0 Then
MouseHookCallbackDelegate = AddressOf MouseHookProc
MouseHookID = SetWindowsHookEx(CInt(14), MouseHookCallbackDelegate, Marshal.GetHINSTANCE(Assembly.GetExecutingAssembly.GetModules()(0)), 0)
If MouseHookID = 0 Then
'error
End If
End If
End Sub
Public Sub Dispose()
If Not MouseHookID = -1 Then
UnhookWindowsHookEx(MouseHookID)
MouseHookCallbackDelegate = Nothing
End If
MouseHookID = -1
End Sub
Private Enum MouseMessages
WM_LeftButtonDown = 513
WM_LeftButtonUp = 514
WM_LeftDblClick = 515
WM_RightButtonDown = 516
WM_RightButtonUp = 517
WM_RightDblClick = 518
End Enum
<StructLayout(LayoutKind.Sequential)> Private Structure Point
Public x As Integer
Public y As Integer
End Structure
<StructLayout(LayoutKind.Sequential)> Private Structure MouseHookStruct
Public pt As Point
Public hwnd As Integer
Public wHitTestCode As Integer
Public dwExtraInfo As Integer
End Structure
<DllImport("user32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall)> _
Private Shared Function CallNextHookEx(ByVal idHook As Integer, ByVal nCode As Integer, ByVal wParam As IntPtr, ByVal lParam As IntPtr) As Integer
End Function
<DllImport("User32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall, SetLastError:=True)> _
Private Shared Function SetWindowsHookEx(ByVal idHook As Integer, ByVal HookProc As MouseHookCallback, ByVal hInstance As IntPtr, ByVal wParam As Integer) As Integer
End Function
<DllImport("user32.dll", CharSet:=CharSet.Auto, CallingConvention:=CallingConvention.StdCall, SetLastError:=True)> _
Private Shared Function UnhookWindowsHookEx(ByVal idHook As Integer) As Integer
End Function
Private Function MouseHookProc(ByVal nCode As Integer, ByVal wParam As Integer, ByVal lParam As IntPtr) As Integer
If nCode < 0 Then
Return CallNextHookEx(MouseHookID, nCode, wParam, lParam)
End If
Dim MouseData As MouseHookStruct = Marshal.PtrToStructure(lParam, GetType(MouseHookStruct))
Select Case wParam
Case MouseMessages.WM_LeftButtonUp
RaiseEvent MouseLeftButtonClick(Nothing, New MouseEventArgs(MouseButtons.Left, 1, MouseData.pt.x, MouseData.pt.y, 0))
Case MouseMessages.WM_RightButtonUp
RaiseEvent MouseRightButtonClick(Nothing, New MouseEventArgs(MouseButtons.Right, 1, MouseData.pt.x, MouseData.pt.y, 0))
End Select
Return CallNextHookEx(MouseHookID, nCode, wParam, lParam)
End Function
End Class
Private Sub MouseDetector_MouseLeftButtonClick(ByVal sender As Object, ByVal e As System.Windows.Forms.MouseEventArgs) Handles MouseDetector.MouseLeftButtonClick
'MessageBox.Show("left")
End Sub