Добавил:
Kaz
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Предмет:
Файл:Лаба 1-6 Системное программирование для ОС Windows [Вариант отсутствует, общий] / Лаба 5 / Spy / DLL / HookDll
.cpp#include "CmnHdr.h"
#include <tchar.h>
#include "APIHook.h"
#include <windows.h>
#include <stdio.h>
typedef HANDLE (WINAPI *PCREATEFILEW) (
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
);
typedef BOOL (WINAPI *PWRITEFILE)(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
);
typedef BOOL (WINAPI *PCLOSEHANDLE)(
HANDLE hObject
);
typedef BOOL (WINAPI *PREADFILE)(
HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped
);
typedef LONG (WINAPI *PREGCREATEKEYEXW)(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD Reserved,
LPTSTR lpClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
PHKEY phkResult,
LPDWORD lpdwDisposition
);
typedef LONG (WINAPI *PREGOPENKEYEXW)(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult
);
typedef LONG (WINAPI* PREGCLOSEKEY)(
HKEY hKey
);
typedef LONG (WINAPI* PREGDELETEKEYW)(
HKEY hKey,
LPCTSTR lpSubKey
);
typedef LONG (WINAPI* PREGDELETETREEW)(
HKEY hKey,
LPCTSTR lpSubKey
);
typedef LONG (WINAPI* PREGDELETEVALUEW)(
HKEY hKey,
LPCTSTR lpValueName
);
typedef LONG (WINAPI* PREGDELETEKEYVALUEW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName
);
typedef LONG (WINAPI* PREGREPLACEKEYW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpNewFile,
LPCTSTR lpOldFile
);
typedef LONG (WINAPI* PREGRESTOREKEYW)(
HKEY hKey,
LPCTSTR lpFile,
DWORD dwFlags
);
typedef LONG (WINAPI* PREGSAVEKEYW)(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes
);
typedef LONG (WINAPI* PREGSAVEKEYEXW)(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD Flags
);
typedef LONG (WINAPI* PREGGETVALUEW)(
HKEY hkey,
LPCTSTR lpSubKey,
LPCTSTR lpValue,
DWORD dwFlags,
LPDWORD pdwType,
PVOID pvData,
LPDWORD pcbData
);
typedef LONG (WINAPI* PREGLOADKEYW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpFile
);
typedef LONG (WINAPI* PREGSETKEYVALUEW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName,
DWORD dwType,
LPCVOID lpData,
DWORD cbData
);
typedef LONG (WINAPI* PREGSETVALUEEXW)(
HKEY hKey,
LPCTSTR lpValueName,
DWORD Reserved,
DWORD dwType,
const BYTE* lpData,
DWORD cbData
);
typedef LONG (WINAPI* PREGCOPYTREEW)(
HKEY hKeySrc,
LPCTSTR lpSubKey,
HKEY hKeyDest
);
HANDLE file;
DWORD t;
CRITICAL_SECTION cs;
extern APIHook HookedCreateFileW;
extern APIHook HookedWriteFile;
extern APIHook HookedReadFile;
extern APIHook HookedRegCreateKeyExW;
extern APIHook HookedRegOpenKeyExW;
extern APIHook HookedRegCloseKey;
extern APIHook HookedRegDeleteKeyW;
extern APIHook HookedRegDeleteTreeW;
extern APIHook HookedRegDeleteValueW;
extern APIHook HookedRegDeleteKeyValueW;
extern APIHook HookedRegReplaceKeyW;
extern APIHook HookedRegRestoreKeyW;
extern APIHook HookedRegSaveKeyW;
extern APIHook HookedRegSaveKeyExW;
extern APIHook HookedRegGetValueW;
extern APIHook HookedRegLoadKeyW;
extern APIHook HookedRegSetKeyValueW;
extern APIHook HookedRegSetValueExW;
extern APIHook HookedRegCopyTreeW;
void write(LPCWSTR func, LPCWSTR param)
{
EnterCriticalSection(&cs);
WCHAR res[300] = L"";
wcscat(res, func);
wcscat(res, L" ");
wcscat(res, param);
wcscat(res, L"\n");
((PWRITEFILE)HookedWriteFile.OriginalFunc)(file, res, (_tcslen(res) * sizeof(WCHAR)), &t, NULL);
LeaveCriticalSection(&cs);
}
HANDLE WINAPI Hook_CreateFileW(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
{
HANDLE result = ((PCREATEFILEW)HookedCreateFileW.OriginalFunc)(
lpFileName,
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
write(L"CreateFileW", lpFileName);
return result;
};
BOOL WINAPI Hook_WriteFile(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped)
{
BOOL result = ((PWRITEFILE)HookedWriteFile.OriginalFunc)(
hFile,
lpBuffer,
nNumberOfBytesToWrite,
lpNumberOfBytesWritten,
lpOverlapped);
WCHAR tmp[20];
_itow(*lpNumberOfBytesWritten, tmp, 10);
wcscat(tmp, L" bytes");
write(L"WriteFile", tmp);
return result;
}
BOOL WINAPI Hook_ReadFile(
HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped)
{
BOOL result = ((PREADFILE)HookedReadFile.OriginalFunc)(
hFile,
lpBuffer,
nNumberOfBytesToRead,
lpNumberOfBytesRead,
lpOverlapped);
WCHAR tmp[20];
_itow(*lpNumberOfBytesRead, tmp, 10);
wcscat(tmp, L" bytes");
write(L"ReadFile", tmp);
return result;
}
LONG WINAPI Hook_RegCreateKeyExW(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD Reserved,
LPTSTR lpClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
PHKEY phkResult,
LPDWORD lpdwDisposition)
{
LONG result = ((PREGCREATEKEYEXW)HookedRegCreateKeyExW.OriginalFunc)(
hKey,
lpSubKey,
Reserved,
lpClass,
dwOptions,
samDesired,
lpSecurityAttributes,
phkResult,
lpdwDisposition);
write(L"RegCreateKeyExW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegOpenKeyExW(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult)
{
LONG result = ((PREGOPENKEYEXW)HookedRegOpenKeyExW.OriginalFunc)(
hKey,
lpSubKey,
ulOptions,
samDesired,
phkResult);
write(L"RegOpenKeyExW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegCloseKey(
HKEY hKey)
{
LONG result = ((PREGCLOSEKEY)HookedRegCloseKey.OriginalFunc)(hKey);
write(L"RegCloseKey", L"");
return result;
}
LONG WINAPI Hook_RegDeleteKeyW(
HKEY hKey,
LPCTSTR lpSubKey)
{
LONG result = ((PREGDELETEKEYW)HookedRegDeleteKeyW.OriginalFunc)(hKey, lpSubKey);
write(L"RegDeleteKeyW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegDeleteTreeW(
HKEY hKey,
LPCTSTR lpSubKey)
{
LONG result = ((PREGDELETETREEW)HookedRegDeleteTreeW.OriginalFunc)(hKey, lpSubKey);
write(L"RegDeleteTreeW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegDeleteValueW(
HKEY hKey,
LPCTSTR lpValueName)
{
LONG result = ((PREGDELETEVALUEW)HookedRegDeleteValueW.OriginalFunc)(hKey, lpValueName);
write(L"RegDeleteValueW", lpValueName);
return result;
}
LONG WINAPI Hook_RegDeleteKeyValueW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName)
{
LONG result = ((PREGDELETEKEYVALUEW)HookedRegDeleteKeyValueW.OriginalFunc)(hKey,
lpSubKey, lpValueName);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpValueName);
write(L"RegDeleteKeyValueW", res);
return result;
}
LONG WINAPI Hook_RegReplaceKeyW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpNewFile,
LPCTSTR lpOldFile)
{
LONG result = ((PREGREPLACEKEYW)HookedRegReplaceKeyW.OriginalFunc)(hKey,
lpSubKey,
lpNewFile,
lpOldFile);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpNewFile);
wcscat(res, L" ");
wcscat(res, lpOldFile);
write(L"RegReplaceKeyW", res);
return result;
}
LONG WINAPI Hook_RegRestoreKeyW(
HKEY hKey,
LPCTSTR lpFile,
DWORD dwFlags)
{
LONG result = ((PREGRESTOREKEYW)HookedRegRestoreKeyW.OriginalFunc)(
hKey,
lpFile,
dwFlags);
write(L"RegRestoreKeyW", lpFile);
return result;
}
LONG WINAPI Hook_RegSaveKeyW(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes)
{
LONG result = ((PREGSAVEKEYW)HookedRegSaveKeyW.OriginalFunc)(
hKey,
lpFile,
lpSecurityAttributes);
write(L"RegSaveKeyW", lpFile);
return result;
}
LONG WINAPI Hook_RegSaveKeyExW(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD Flags)
{
LONG result = ((PREGSAVEKEYEXW)HookedRegSaveKeyExW.OriginalFunc)(
hKey,
lpFile,
lpSecurityAttributes, Flags);
write(L"RegSaveKeyExW", lpFile);
return result;
}
LONG WINAPI Hook_RegGetValueW(
HKEY hkey,
LPCTSTR lpSubKey,
LPCTSTR lpValue,
DWORD dwFlags,
LPDWORD pdwType,
PVOID pvData,
LPDWORD pcbData)
{
LONG result = ((PREGGETVALUEW)HookedRegGetValueW.OriginalFunc)(
hkey,
lpSubKey,
lpValue,
dwFlags,
pdwType,
pvData,
pcbData);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpValue);
write(L"RegGetValueW", res);
return result;
}
LONG WINAPI Hook_RegLoadKeyW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpFile)
{
LONG result = ((PREGLOADKEYW)HookedRegLoadKeyW.OriginalFunc)(
hKey,
lpSubKey,
lpFile);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpFile);
write(L"RegLoadKeyW", res);
return result;
}
LONG WINAPI Hook_RegSetKeyValueW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName,
DWORD dwType,
LPCVOID lpData,
DWORD cbData)
{
LONG result = ((PREGSETKEYVALUEW)HookedRegSetKeyValueW.OriginalFunc)(
hKey,
lpSubKey,
lpValueName,
dwType,
lpData,
cbData);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpValueName);
write(L"RegSetKeyValueW", res);
return result;
}
LONG WINAPI Hook_RegSetValueExW(
HKEY hKey,
LPCTSTR lpValueName,
DWORD Reserved,
DWORD dwType,
const BYTE* lpData,
DWORD cbData)
{
LONG result = ((PREGSETVALUEEXW)HookedRegSetValueExW.OriginalFunc)(
hKey,
lpValueName,
Reserved,
dwType,
lpData,
cbData);
write(L"RegSetValueExW", lpValueName);
return result;
}
LONG WINAPI Hook_RegCopyTreeW(
HKEY hKeySrc,
LPCTSTR lpSubKey,
HKEY hKeyDest)
{
LONG result = ((PREGCOPYTREEW)HookedRegCopyTreeW.OriginalFunc)(
hKeySrc,
lpSubKey,
hKeyDest);
write(L"RegCopyTreeW", lpSubKey);
return result;
}
APIHook HookedCreateFileW("Kernel32.dll", "CreateFileW",(PROC)Hook_CreateFileW);
APIHook HookedWriteFile("Kernel32.dll", "WriteFile", (PROC)Hook_WriteFile);
APIHook HookedReadFile("Kernel32.dll", "ReadFile", (PROC)Hook_ReadFile);
APIHook HookedRegCreateKeyExW("Advapi32.dll", "RegCreateKeyExW", (PROC)Hook_RegCreateKeyExW);
APIHook HookedRegOpenKeyExW("Advapi32.dll", "RegOpenKeyExW", (PROC)Hook_RegOpenKeyExW);
APIHook HookedRegCloseKey("Advapi32.dll", "RegCloseKey", (PROC)Hook_RegCloseKey);
APIHook HookedRegDeleteKeyW("Advapi32.dll", "RegDeleteKeyW", (PROC)Hook_RegDeleteKeyW);
APIHook HookedRegDeleteTreeW("Advapi32.dll", "RegDeleteTreeW", (PROC)Hook_RegDeleteTreeW);
APIHook HookedRegDeleteValueW("Advapi32.dll", "RegDeleteValueW", (PROC)Hook_RegDeleteValueW);
APIHook HookedRegDeleteKeyValueW("Advapi32.dll", "RegDeleteKeyValueW", (PROC)Hook_RegDeleteKeyValueW);
APIHook HookedRegReplaceKeyW("Advapi32.dll", "RegReplaceKeyW", (PROC)Hook_RegReplaceKeyW);
APIHook HookedRegRestoreKeyW("Advapi32.dll", "RegRestoreKeyW", (PROC)Hook_RegRestoreKeyW);
APIHook HookedRegSaveKeyW("Advapi32.dll", "RegSaveKeyW", (PROC)Hook_RegSaveKeyW);
APIHook HookedRegSaveKeyExW("Advapi32.dll", "RegSaveKeyExW", (PROC)Hook_RegSaveKeyExW);
APIHook HookedRegGetValueW("Advapi32.dll", "RegGetValueW", (PROC)Hook_RegGetValueW);
APIHook HookedRegLoadKeyW("Advapi32.dll", "RegLoadKeyW", (PROC)Hook_RegLoadKeyW);
APIHook HookedRegSetKeyValueW("Advapi32.dll", "RegSetKeyValueW", (PROC)Hook_RegSetKeyValueW);
APIHook HookedRegSetValueExW("Advapi32.dll", "RegSetValueExW", (PROC)Hook_RegSetValueExW);
APIHook HookedRegCopyTreeW("Advapi32.dll", "RegCopyTreeW", (PROC)Hook_RegCopyTreeW);
BOOL WINAPI DllMain(HINSTANCE hInstDll, DWORD fdwReason, PVOID fImpLoad) {
if (fdwReason == DLL_PROCESS_ATTACH) {
InitializeCriticalSection(&cs);
file = ((PCREATEFILEW)HookedCreateFileW.OriginalFunc)(L"E:\\results.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, NULL, NULL);
}
return(TRUE);
}
Соседние файлы в папке DLL