#include <windows.h> #include <cstdio> #include <tchar.h>
BOOL EATHook(LPCTSTR szDllName, LPCTSTR szFunName, LPVOID NewFun) { DWORD addr = 0, index = 0, dwProtect = 0;
HMODULE DllBase = LoadLibrary(szDllName); if (NULL == DllBase) { return(FALSE); }
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)DllBase; PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew); PIMAGE_OPTIONAL_HEADER pOptHeader = (PIMAGE_OPTIONAL_HEADER)(&pNtHeader->OptionalHeader);
PIMAGE_EXPORT_DIRECTORY pExpDes = (PIMAGE_EXPORT_DIRECTORY) ((PBYTE)DllBase + pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
PULONG pAddressOfFunctions = (PULONG)((PBYTE)DllBase + pExpDes->AddressOfFunctions); PULONG pAddressOfNames = (PULONG)((PBYTE)DllBase + pExpDes->AddressOfNames); PUSHORT pAddressOfNameOrdinals = (PUSHORT)((PBYTE)DllBase + pExpDes->AddressOfNameOrdinals);
for (int i = 0; i < pExpDes->NumberOfNames; ++i) { index = pAddressOfNameOrdinals[i];
LPCTSTR pFuncName = (LPTSTR)((PBYTE)DllBase + pAddressOfNames[i]);
if (!_tcscmp((LPCTSTR)pFuncName, szFunName)) { addr = pAddressOfFunctions[index]; break; } }
VirtualProtect(&pAddressOfFunctions[index], 0x1000, PAGE_READWRITE, &dwProtect);
pAddressOfFunctions[index] = (DWORD)NewFun - (DWORD)DllBase;
WriteProcessMemory(GetCurrentProcess(), &pAddressOfFunctions[index], (LPCVOID)((DWORD)NewFun - (DWORD)DllBase), sizeof(NewFun), &dwProtect); return(TRUE); }
int __stdcall MyMessageBox(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) { printf("hello lyshark \n"); return(0); }
typedef int (WINAPI* LPFNMESSAGEBOX)(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType);
int main(int argc, char *argv[]) { EATHook("USER32.dll", "MessageBoxA", MyMessageBox);
LoadLibrary("USER32.dll"); HMODULE hDll = GetModuleHandle("USER32.dll");
LPFNMESSAGEBOX lpMessageBox = (LPFNMESSAGEBOX)GetProcAddress(hDll, "MessageBoxA"); lpMessageBox(NULL, "Hello, EAT Hook", "Info", MB_OK);
system("pause"); return(0); }
|