下面的代码,同时安装勾子会出错,现在的代码只能勾一个函数
private void Form1_Load(object sender, EventArgs e)
{
send_Hook.Install("ws2_32.dll", "send", Marshal.GetFunctionPointerForDelegate(new sendCallback(sendProc)));
send_Hook.Install("ws2_32.dll", "recv", Marshal.GetFunctionPointerForDelegate(new recvCallback(toProc)));
}
怎么才能即可接截Send,也可Recv
这里是完整代码
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Collections;
using System.Runtime.InteropServices;
using api_hook;
namespace api_hook_封包学习
{
public partial class Form1 : Form
{
[DllImport("ws2_32.dll")]
static extern int send(int s, byte[] buf, int len, int flag);
[DllImport("ws2_32.dll")]
static extern int recv(int s, byte[] buf, int len, int flag);
APIHOOK send_Hook = new APIHOOK();
delegate int sendCallback(int s, IntPtr buf, int len, int flag);
delegate int recvCallback(int s, IntPtr buf, int len, int flag);
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
send_Hook.Install("ws2_32.dll", "send", Marshal.GetFunctionPointerForDelegate(new sendCallback(sendProc)));
send_Hook.Install("ws2_32.dll", "recv", Marshal.GetFunctionPointerForDelegate(new recvCallback(toProc)));
}
int sendProc(int s, IntPtr buf, int len, int flag)
{
byte[] buffer = new byte[len];
Marshal.Copy(buf, buffer, 0, len); //读封包数据,读取后可进行条件修改,拦截,转发等,记得处理后调用发送
send_Hook.Suspend(); //暂停拦截,转交系统调用
int ret = send(s, buffer, len, flag); //发送数据,此处可进行拦截
send_Hook.Continue(); //恢复HOOK
return ret;
}
int toProc(int s, IntPtr buf, int len, int flag)
{
byte[] buffer = new byte[len];
Marshal.Copy(buf, buffer, 0, len); //读封包数据
send_Hook.Suspend(); //暂停拦截,转交系统调用
int ret = recv(s, buffer, len, flag); //发送数据,此处可对包进行处理操作
send_Hook.Continue(); //恢复HOOK
return ret;
}
private void button1_Click(object sender, EventArgs e)//按下时加载网页进行测试数据
{
webBrowser1.Navigate("http://baidu.com");
}
}
//APIHOOK关键代码类
public class APIHOOK
{
#region Api声明
[DllImport("Kernel32.dll", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi)]
static extern IntPtr GetModuleHandle(
string lpModuleName
);
[DllImport("Kernel32.dll")]
static extern bool VirtualProtect(
IntPtr lpAddress,
int dwSize,
int flNewProtect,
ref int lpflOldProtect
);
[DllImport("Kernel32.dll", EntryPoint = "lstrcpynA", CharSet = CharSet.Ansi)]
static extern IntPtr lstrcpyn(
byte[] lpString1,
byte[] lpString2,
int iMaxLength
);
[DllImport("Kernel32.dll")]
static extern IntPtr GetProcAddress(
IntPtr hModule,
string lpProcName
);
[DllImport("Kernel32.dll")]
static extern bool FreeLibrary(
IntPtr hModule
);
#endregion
#region 常量定义表
const int PAGE_EXECUTE_READWRITE = 0x40;
#endregion
#region 变量表
IntPtr ProcAddress;
int lpflOldProtect = 0;
byte[] OldEntry = new byte[5];
byte[] NewEntry = new byte[5];
IntPtr OldAddress;
#endregion
public APIHOOK() { }
public APIHOOK(string ModuleName, string ProcName, IntPtr lpAddress)
{
Install(ModuleName, ProcName, lpAddress);
}
public bool Install(string ModuleName, string ProcName, IntPtr lpAddress)
{
IntPtr hModule = GetModuleHandle(ModuleName); //取模块句柄
if (hModule == IntPtr.Zero) return false;
ProcAddress = GetProcAddress(hModule, ProcName); //取入口地址
if (ProcAddress == IntPtr.Zero) return false;
if (!VirtualProtect(ProcAddress, 5, PAGE_EXECUTE_READWRITE, ref lpflOldProtect)) return false; //修改内存属性
Marshal.Copy(ProcAddress, OldEntry, 0, 5); //读取前5字节
NewEntry = AddBytes(new byte[1] { 233 }, BitConverter.GetBytes((Int32)((Int32)lpAddress - (Int32)ProcAddress - 5))); //计算新入口跳转
Marshal.Copy(NewEntry, 0, ProcAddress, 5); //写入前5字节
OldEntry = AddBytes(OldEntry, new byte[5] { 233, 0, 0, 0, 0 });
OldAddress = lstrcpyn(OldEntry, OldEntry, 0); //取变量指针
Marshal.Copy(BitConverter.GetBytes((double)((Int32)ProcAddress - (Int32)OldAddress - 5)), 0, (IntPtr)(OldAddress.ToInt32() + 6), 4); //保存JMP
FreeLibrary(hModule); //释放模块句柄
return true;
}
public void Suspend()
{
Marshal.Copy(OldEntry, 0, ProcAddress, 5);
}
public void Continue()
{
Marshal.Copy(NewEntry, 0, ProcAddress, 5);
}
public bool Uninstall()
{
if (ProcAddress == IntPtr.Zero) return false;
Marshal.Copy(OldEntry, 0, ProcAddress, 5);
ProcAddress = IntPtr.Zero;
return true;
}
static byte[] AddBytes(byte[] a, byte[] b)
{
ArrayList retArray = new ArrayList();
for (int i = 0; i < a.Length; i++)
{
retArray.Add(a[i]);
}
for (int i = 0; i < b.Length; i++)
{
retArray.Add(b[i]);
}
return (byte[])retArray.ToArray(typeof(byte));
}
}
}