Добавил:
Kaz
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Предмет:
Файл:Лаба 1-6 Системное программирование для ОС Windows [Вариант отсутствует, общий] / Лаба 5 / Spy / DLL / Debug / HookDll
.cpp#include "CmnHdr.h"
#include <tchar.h>
#include "APIHook.h"
#include <windows.h>
#include <stdio.h>
typedef HANDLE (WINAPI *PCREATEFILEW) (
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
);
typedef BOOL (WINAPI *PWRITEFILE)(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
);
typedef BOOL (WINAPI *PCLOSEHANDLE)(
HANDLE hObject
);
typedef BOOL (WINAPI *PREADFILE)(
HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped
);
typedef LONG (WINAPI *PREGCREATEKEYEXW)(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD Reserved,
LPTSTR lpClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
PHKEY phkResult,
LPDWORD lpdwDisposition
);
typedef LONG (WINAPI *PREGOPENKEYEXW)(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult
);
typedef LONG (WINAPI* PREGCLOSEKEY)(
HKEY hKey
);
typedef LONG (WINAPI* PREGDELETEKEYW)(
HKEY hKey,
LPCTSTR lpSubKey
);
typedef LONG (WINAPI* PREGDELETETREEW)(
HKEY hKey,
LPCTSTR lpSubKey
);
typedef LONG (WINAPI* PREGDELETEVALUEW)(
HKEY hKey,
LPCTSTR lpValueName
);
typedef LONG (WINAPI* PREGDELETEKEYVALUEW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName
);
typedef LONG (WINAPI* PREGREPLACEKEYW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpNewFile,
LPCTSTR lpOldFile
);
typedef LONG (WINAPI* PREGRESTOREKEYW)(
HKEY hKey,
LPCTSTR lpFile,
DWORD dwFlags
);
typedef LONG (WINAPI* PREGSAVEKEYW)(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes
);
typedef LONG (WINAPI* PREGSAVEKEYEXW)(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD Flags
);
typedef LONG (WINAPI* PREGGETVALUEW)(
HKEY hkey,
LPCTSTR lpSubKey,
LPCTSTR lpValue,
DWORD dwFlags,
LPDWORD pdwType,
PVOID pvData,
LPDWORD pcbData
);
typedef LONG (WINAPI* PREGLOADKEYW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpFile
);
typedef LONG (WINAPI* PREGSETKEYVALUEW)(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName,
DWORD dwType,
LPCVOID lpData,
DWORD cbData
);
typedef LONG (WINAPI* PREGSETVALUEEXW)(
HKEY hKey,
LPCTSTR lpValueName,
DWORD Reserved,
DWORD dwType,
const BYTE* lpData,
DWORD cbData
);
typedef LONG (WINAPI* PREGCOPYTREEW)(
HKEY hKeySrc,
LPCTSTR lpSubKey,
HKEY hKeyDest
);
HANDLE file;
DWORD t;
extern CAPIHook g_CreateFileW;
extern CAPIHook g_WriteFile;
extern CAPIHook g_CloseHandle;
extern CAPIHook g_ReadFile;
extern CAPIHook g_RegCreateKeyExW;
extern CAPIHook g_RegOpenKeyExW;
extern CAPIHook g_RegCloseKey;
extern CAPIHook g_RegDeleteKeyW;
extern CAPIHook g_RegDeleteTreeW;
extern CAPIHook g_RegDeleteValueW;
extern CAPIHook g_RegDeleteKeyValueW;
extern CAPIHook g_RegReplaceKeyW;
extern CAPIHook g_RegRestoreKeyW;
extern CAPIHook g_RegSaveKeyW;
extern CAPIHook g_RegSaveKeyExW;
extern CAPIHook g_RegGetValueW;
extern CAPIHook g_RegLoadKeyW;
extern CAPIHook g_RegSetKeyValueW;
extern CAPIHook g_RegSetValueExW;
extern CAPIHook g_RegCopyTreeW;
void write(LPCWSTR func, LPCWSTR param)
{
CAPIHook::EnterCS();
WCHAR res[300] = L"";
wcscat(res, func);
wcscat(res, L" ");
wcscat(res, param);
wcscat(res, L"\n");
((PWRITEFILE)g_WriteFile.m_pfnOrig)(file, res, (_tcslen(res) * sizeof(WCHAR)), &t, NULL);
CAPIHook::LeaveCS();
}
HANDLE WINAPI Hook_CreateFileW(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
)
{
write(L"CreateFileW", lpFileName);
HANDLE result = ((PCREATEFILEW)g_CreateFileW.m_pfnOrig)(
lpFileName,
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
return result;
};
BOOL WINAPI Hook_WriteFile(
HANDLE hFile,
LPCVOID lpBuffer,
DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,
LPOVERLAPPED lpOverlapped
)
{
BOOL result = ((PWRITEFILE)g_WriteFile.m_pfnOrig)(
hFile,
lpBuffer,
nNumberOfBytesToWrite,
lpNumberOfBytesWritten,
lpOverlapped
);
WCHAR tmp[20];
_itow(*lpNumberOfBytesWritten, tmp, 10);
wcscat(tmp, L" bytes");
write(L"WriteFile", tmp);
return result;
}
BOOL WINAPI Hook_CloseHandle(
HANDLE hObject
)
{
BOOL result = ((PCLOSEHANDLE)g_CloseHandle.m_pfnOrig)(
hObject
);
write(L"CloseHandle", L"");
return result;
}
BOOL WINAPI Hook_ReadFile(
HANDLE hFile,
LPVOID lpBuffer,
DWORD nNumberOfBytesToRead,
LPDWORD lpNumberOfBytesRead,
LPOVERLAPPED lpOverlapped
)
{
BOOL result = ((PREADFILE)g_ReadFile.m_pfnOrig)(
hFile,
lpBuffer,
nNumberOfBytesToRead,
lpNumberOfBytesRead,
lpOverlapped
);
WCHAR tmp[20];
_itow(*lpNumberOfBytesRead, tmp, 10);
wcscat(tmp, L" bytes");
write(L"ReadFile", tmp);
return result;
}
LONG WINAPI Hook_RegCreateKeyExW(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD Reserved,
LPTSTR lpClass,
DWORD dwOptions,
REGSAM samDesired,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
PHKEY phkResult,
LPDWORD lpdwDisposition
)
{
LONG result = ((PREGCREATEKEYEXW)g_RegCreateKeyExW.m_pfnOrig)(
hKey,
lpSubKey,
Reserved,
lpClass,
dwOptions,
samDesired,
lpSecurityAttributes,
phkResult,
lpdwDisposition );
write(L"RegCreateKeyExW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegOpenKeyExW(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult
)
{
LONG result = ((PREGOPENKEYEXW)g_RegOpenKeyExW.m_pfnOrig)(
hKey,
lpSubKey,
ulOptions,
samDesired,
phkResult);
write(L"RegOpenKeyExW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegCloseKey(
HKEY hKey
)
{
LONG result = ((PREGCLOSEKEY)g_RegCloseKey.m_pfnOrig)(hKey);
write(L"RegCloseKey", L"");
return result;
}
LONG WINAPI Hook_RegDeleteKeyW(
HKEY hKey,
LPCTSTR lpSubKey
)
{
LONG result = ((PREGDELETEKEYW)g_RegDeleteKeyW.m_pfnOrig)(hKey, lpSubKey);
write(L"RegDeleteKeyW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegDeleteTreeW(
HKEY hKey,
LPCTSTR lpSubKey
)
{
LONG result = ((PREGDELETETREEW)g_RegDeleteTreeW.m_pfnOrig)(hKey, lpSubKey);
write(L"RegDeleteTreeW", lpSubKey);
return result;
}
LONG WINAPI Hook_RegDeleteValueW(
HKEY hKey,
LPCTSTR lpValueName
)
{
LONG result = ((PREGDELETEVALUEW)g_RegDeleteValueW.m_pfnOrig)(hKey, lpValueName);
write(L"RegDeleteValueW", lpValueName);
return result;
}
LONG WINAPI Hook_RegDeleteKeyValueW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName
)
{
LONG result = ((PREGDELETEKEYVALUEW)g_RegDeleteKeyValueW.m_pfnOrig)(hKey,
lpSubKey, lpValueName);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpValueName);
write(L"RegDeleteKeyValueW", res);
return result;
}
LONG WINAPI Hook_RegReplaceKeyW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpNewFile,
LPCTSTR lpOldFile
)
{
LONG result = ((PREGREPLACEKEYW)g_RegReplaceKeyW.m_pfnOrig)(hKey,
lpSubKey,
lpNewFile,
lpOldFile);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpNewFile);
wcscat(res, L" ");
wcscat(res, lpOldFile);
write(L"RegReplaceKeyW", res);
return result;
}
LONG WINAPI Hook_RegRestoreKeyW(
HKEY hKey,
LPCTSTR lpFile,
DWORD dwFlags
)
{
LONG result = ((PREGRESTOREKEYW)g_RegRestoreKeyW.m_pfnOrig)(
hKey,
lpFile,
dwFlags);
write(L"RegRestoreKeyW", lpFile);
return result;
}
LONG WINAPI Hook_RegSaveKeyW(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes
)
{
LONG result = ((PREGSAVEKEYW)g_RegSaveKeyW.m_pfnOrig)(
hKey,
lpFile,
lpSecurityAttributes);
write(L"RegSaveKeyW", lpFile);
return result;
}
LONG WINAPI Hook_RegSaveKeyExW(
HKEY hKey,
LPCTSTR lpFile,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD Flags
)
{
LONG result = ((PREGSAVEKEYEXW)g_RegSaveKeyExW.m_pfnOrig)(
hKey,
lpFile,
lpSecurityAttributes, Flags);
write(L"RegSaveKeyExW", lpFile);
return result;
}
LONG WINAPI Hook_RegGetValueW(
HKEY hkey,
LPCTSTR lpSubKey,
LPCTSTR lpValue,
DWORD dwFlags,
LPDWORD pdwType,
PVOID pvData,
LPDWORD pcbData
)
{
LONG result = ((PREGGETVALUEW)g_RegGetValueW.m_pfnOrig)(
hkey,
lpSubKey,
lpValue,
dwFlags,
pdwType,
pvData,
pcbData);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpValue);
write(L"RegGetValueW", res);
return result;
}
LONG WINAPI Hook_RegLoadKeyW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpFile
)
{
LONG result = ((PREGLOADKEYW)g_RegLoadKeyW.m_pfnOrig)(
hKey,
lpSubKey,
lpFile);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpFile);
write(L"RegLoadKeyW", res);
return result;
}
LONG WINAPI Hook_RegSetKeyValueW(
HKEY hKey,
LPCTSTR lpSubKey,
LPCTSTR lpValueName,
DWORD dwType,
LPCVOID lpData,
DWORD cbData
)
{
LONG result = ((PREGSETKEYVALUEW)g_RegSetKeyValueW.m_pfnOrig)(
hKey,
lpSubKey,
lpValueName,
dwType,
lpData,
cbData);
WCHAR res[300] = L"";
wcscat(res, lpSubKey);
wcscat(res, L" ");
wcscat(res, lpValueName);
write(L"RegSetKeyValueW", res);
return result;
}
LONG WINAPI Hook_RegSetValueExW(
HKEY hKey,
LPCTSTR lpValueName,
DWORD Reserved,
DWORD dwType,
const BYTE* lpData,
DWORD cbData
)
{
LONG result = ((PREGSETVALUEEXW)g_RegSetValueExW.m_pfnOrig)(
hKey,
lpValueName,
Reserved,
dwType,
lpData,
cbData);
write(L"RegSetValueExW", lpValueName);
return result;
}
LONG WINAPI Hook_RegCopyTreeW(
HKEY hKeySrc,
LPCTSTR lpSubKey,
HKEY hKeyDest
)
{
LONG result = ((PREGCOPYTREEW)g_RegCopyTreeW.m_pfnOrig)(
hKeySrc,
lpSubKey,
hKeyDest);
write(L"RegCopyTreeW", lpSubKey);
return result;
}
CAPIHook g_CreateFileW("Kernel32.dll", "CreateFileW",(PROC) Hook_CreateFileW);
CAPIHook g_WriteFile("Kernel32.dll", "WriteFile", (PROC) Hook_WriteFile);
CAPIHook g_CloseHandle("Kernel32.dll", "CloseHandle", (PROC)Hook_CloseHandle);
CAPIHook g_ReadFile("Kernel32.dll", "ReadFile", (PROC)Hook_ReadFile);
CAPIHook g_RegCreateKeyExW("Advapi32.dll", "RegCreateKeyExW", (PROC)Hook_RegCreateKeyExW);
CAPIHook g_RegOpenKeyExW("Advapi32.dll", "RegOpenKeyExW", (PROC)Hook_RegOpenKeyExW);
CAPIHook g_RegCloseKey("Advapi32.dll", "RegCloseKey", (PROC)Hook_RegCloseKey);
CAPIHook g_RegDeleteKeyW("Advapi32.dll", "RegDeleteKeyW", (PROC)Hook_RegDeleteKeyW);
CAPIHook g_RegDeleteTreeW("Advapi32.dll", "RegDeleteTreeW", (PROC)Hook_RegDeleteTreeW);
CAPIHook g_RegDeleteValueW("Advapi32.dll", "RegDeleteValueW", (PROC)Hook_RegDeleteValueW);
CAPIHook g_RegDeleteKeyValueW("Advapi32.dll", "RegDeleteKeyValueW", (PROC)Hook_RegDeleteKeyValueW);
CAPIHook g_RegReplaceKeyW("Advapi32.dll", "RegReplaceKeyW", (PROC)Hook_RegReplaceKeyW);
CAPIHook g_RegRestoreKeyW("Advapi32.dll", "RegRestoreKeyW", (PROC)Hook_RegRestoreKeyW);
CAPIHook g_RegSaveKeyW("Advapi32.dll", "RegSaveKeyW", (PROC)Hook_RegSaveKeyW);
CAPIHook g_RegSaveKeyExW("Advapi32.dll", "RegSaveKeyExW", (PROC)Hook_RegSaveKeyExW);
CAPIHook g_RegGetValueW("Advapi32.dll", "RegGetValueW", (PROC)Hook_RegGetValueW);
CAPIHook g_RegLoadKeyW("Advapi32.dll", "RegLoadKeyW", (PROC)Hook_RegLoadKeyW);
CAPIHook g_RegSetKeyValueW("Advapi32.dll", "RegSetKeyValueW", (PROC)Hook_RegSetKeyValueW);
CAPIHook g_RegSetValueExW("Advapi32.dll", "RegSetValueExW", (PROC)Hook_RegSetValueExW);
CAPIHook g_RegCopyTreeW("Advapi32.dll", "RegCopyTreeW", (PROC)Hook_RegCopyTreeW);
BOOL WINAPI DllMain(HINSTANCE hInstDll, DWORD fdwReason, PVOID fImpLoad) {
if (fdwReason == DLL_PROCESS_ATTACH) {
CAPIHook::InitCS();
file = ((PCREATEFILEW)g_CreateFileW.m_pfnOrig)(L"D:\\results.txt", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, NULL, NULL);
}
return(TRUE);
}
Соседние файлы в папке Debug