hi, this code can work,
but have some Question:
example:
when i put "www.csdn.net" in the IE brower
IE will go to the "www.51.com/history.php"
the HOOK is work,
but the page have some problem
"www.51.com/history?page=2" change "www.csdn.net/?page=2"
others is normal.
why?
src code http://u.115.com/file/bh5viw1o#src.rar>
click "电信下载" download it
#include "stdafx.h"
#include "hook.h"
#include <Ws2tcpip.h>
#include <stdio.h>
HINSTANCE g_hMod = NULL;
DWORD dwIsHook = 0;
void __stdcall UnHook();
int nCount = 0;
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved ) {
switch( fdwReason )
{
case DLL_PROCESS_ATTACH:
{
g_hMod = hinstDLL;
HookOn();
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
{
}
break;
}
return TRUE; }
void __stdcall InstallHook()
{
if ( g_hMod != NULL )
{
hHook = SetWindowsHookEx(WH_DEBUG, DebugProc, g_hMod, 0);
}
else
{
MessageBox(NULL,"InstallHook","InstallHook",MB_OK);
}
}
void __stdcall UnHook()
{
UnhookWindowsHookEx(hHook);
}
char *g_szGlo_A = "www.csdn.net";
char *g_Change_A = "www.51.com";
char *g_argc_A = "/history.php";
bool isEqual_A(const char * str1,const char * str2)
{
__asm
{
push [ebp+0x8]
call strlen
add esp,4
mov ebx,eax
push [ebp+0xc]
call strlen
add esp,4
cmp eax,ebx
jne exit2
}
__asm
{
push [ebp+8]
call strlen
add esp,4
mov esi,[ebp+8]
mov edx,esi
mov edi,[ebp+0xc]
imul eax,type char
add edx,eax
beginfor:
cmp esi,edx
jnl endfor
mov bl,byte ptr [esi]
mov cl,byte ptr [edi]
cmp bl,cl
jne exit2
add esi,type char
add edi,type char
jmp beginfor
endfor:
}
__asm
{
exit1:
mov eax,1
jmp exit3
exit2:
mov eax,0
exit3:
}
}
bool isEqual_W(const wchar_t * str1,const wchar_t * str2)
{
__asm
{
push [ebp+0x8]
call wcslen
add esp,4
mov ebx,eax
push [ebp+0xc]
call wcslen
add esp,4
cmp eax,ebx
jne exit2
}
__asm
{
push [ebp+8]
call wcslen
add esp,4
mov esi,[ebp+8]
mov edx,esi
mov edi,[ebp+0xc]
imul eax,type wchar_t
add edx,eax
beginfor:
cmp esi,edx
jnl endfor
mov bl,byte ptr [esi]
mov cl,byte ptr [edi]
cmp bl,cl
jne exit2
add esi,type wchar_t
add edi,type wchar_t
jmp beginfor
endfor:
}
__asm
{
exit1:
mov eax,1
jmp exit3
exit2:
mov eax,0
exit3:
}
}
__declspec(naked) HINTERNET __stdcall my_InternetConnect_A(
HINTERNET hInternet,
LPCTSTR lpszServerName,
INTERNET_PORT nServerPort,
LPCTSTR lpszUsername,
LPCTSTR lpszPassword,
DWORD dwService,
DWORD dwFlags,
DWORD_PTR dwContext
)
{
__asm
{
pushad
push g_szGlo_A
push [esp+44]
call isEqual_A
add esp,8
test eax,eax
jne equal
popad
jmp lpAddr_A
}
equal:
__asm
{
popad
push eax
mov eax,g_Change_A
mov [esp+12],eax
add dwIsHook,1
pop eax
jmp lpAddr_A
}
}
__declspec(naked) HINTERNET my_HttpOpenRequest_A(
HINTERNET hConnect,
LPCTSTR lpszVerb,
LPCTSTR lpszObjectName,
LPCTSTR lpszVersion,
LPCTSTR lpszReferer,
LPCTSTR *lpszAcceptTypes,
DWORD dwFlags,
DWORD_PTR dwContext
)
{
__asm
{
pushad
cmp dwIsHook,1
je one
popad
jmp lpHTTPAddr_A
}
one:
_asm
{
popad
push eax
sub dwIsHook,1
mov eax,g_argc_A
mov [esp+16],eax
pop eax
jmp lpHTTPAddr_A
}
}
void HookOn()
{
char szBuf[MAX_PATH] = {0};
DWORD dwOldProtect = 0;
HMODULE hModule = LoadLibrary("wininet.dll");
char chE9 = (char)0xe9;
if ( !hModule )
{
goto Exit0;
}
my_internetconnectA = (GETADDR_InternetConnectA)GetProcAddress(hModule, "InternetConnectA"); my_HttpOpenRequestA = (GETADDR_HttpOpenRequestA)GetProcAddress(hModule, "HttpOpenRequestA");
if ( !VirtualProtect(my_internetconnectA, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) )
{
goto Exit0;
}
lpAddr_A = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if ( !lpAddr_A )
{
goto Exit0;
}
RtlMoveMemory(lpAddr_A, my_internetconnectA, 5); dwJmpMe_A = (DWORD)my_InternetConnect_A -(DWORD)my_internetconnectA - 5;
dwJmpOther_A = (DWORD)my_internetconnectA - ((DWORD)lpAddr_A+5) - 5;
__asm
{
pushad
mov eax,my_internetconnectA
mov [eax],0xE9
add eax,1
mov ebx,dwJmpMe_A
mov dword ptr[eax],ebx
popad
}
__asm
{
pushad
mov eax,lpAddr_A
add eax,5
mov [eax],0xE9
add eax,1
mov ebx,dwJmpOther_A
add ebx,5
mov dword ptr[eax],ebx
popad
}
VirtualProtect(my_internetconnectA, 5, dwOldProtect, &dwOldProtect);
if ( !VirtualProtect(my_HttpOpenRequestA, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect) )
{
goto Exit0;
}
lpHTTPAddr_A = VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if ( !lpHTTPAddr_A )
{
goto Exit0;
}
RtlMoveMemory(lpHTTPAddr_A, my_HttpOpenRequestA, 5); dwHTTPJmpMe_A = (DWORD)my_HttpOpenRequest_A -(DWORD)my_HttpOpenRequestA - 5;
dwHTTPJmpOther_A = (DWORD)my_HttpOpenRequestA - ((DWORD)lpHTTPAddr_A+5) - 5;
__asm
{
pushad
mov eax,my_HttpOpenRequestA
mov [eax],0xE9
add eax,1
mov ebx,dwHTTPJmpMe_A
mov dword ptr[eax],ebx
popad
}
__asm
{
pushad
mov eax,lpHTTPAddr_A
add eax,5
mov [eax],0xE9
add eax,1
mov ebx,dwHTTPJmpOther_A
add ebx,5
mov dword ptr[eax],ebx
popad
}
VirtualProtect(my_HttpOpenRequestA, 5, dwOldProtect, &dwOldProtect);
Exit0:
return;
}
void HookOf()
{
} i"
|