int WINAPI InstallExplorerMsgHook(HWND hAlphaWnd)
{
sg_hAlphaWnd = NULL;
sg_hGetMsgHook = ::SetWindowsHookEx(
WH_GETMESSAGE,
(HOOKPROC)(GetMsgProc),
ModuleFromAddress(GetMsgProc),
0);
if (sg_hGetMsgHook == NULL)
{
return 0;
}
sg_hCallWndProcHook = ::SetWindowsHookEx(
WH_CALLWNDPROC,
(HOOKPROC)(CallWndProc),
ModuleFromAddress(CallWndProc),
0);
if (sg_hCallWndProcHook == NULL)
{
UnhookWindowsHookEx(sg_hGetMsgHook);
return 0;
}
sg_hAlphaWnd = hAlphaWnd;
return 1;
}
//---------------------------------------------------------------------------
//ReplaceIATEntryInAllModules
void WINAPI TAPIHook::ReplaceIATEntryInAllModules(PCSTR DllName,
PROC pfnCurrent,PROC pfnNew,bool IsHookSelfDll)
{
// 是否Hook DLL本身的相应函数。对一些系统函数,如GetProcAddress、LoadLibraryA、
// LoadLibraryW、LoadLibraryEx、LoadLibraryExW这些函数,DLL本身是不能对它们进
// 行Hook的,否则会引起死循环。
HMODULE hThisModule = NULL;
hThisModule = (IsHookSelfDll) ? NULL : ModuleFromAddress(ReplaceIATEntryInAllModules);
/////
HANDLE hSnapshot;
MODULEENTRY32 ModEntry32;
DWORD dwProcessId;
BOOL Result;
dwProcessId = GetCurrentProcessId();
hSnapshot = CreateToolhelp32Snapshot((DWORD)TH32CS_SNAPMODULE,dwProcessId);
ModEntry32.dwSize = sizeof(MODULEENTRY32);
Result = Module32First(hSnapshot,&ModEntry32);
while(Result)
{
if(ModEntry32.hModule != hThisModule)
ReplaceIATEntryInModule(DllName,pfnCurrent,pfnNew,ModEntry32.hModule);
Result = Module32Next(hSnapshot,&ModEntry32);
}
CloseHandle(hSnapshot);
}
void CAPIHook::FixupNewlyLoadedModule(HMODULE hmod, DWORD dwFlags) {
// If a new module is loaded, hook the hooked functions
if ((hmod != NULL) && // Do not hook our own module
(hmod != ModuleFromAddress(FixupNewlyLoadedModule)) &&
((dwFlags & LOAD_LIBRARY_AS_DATAFILE) == 0) &&
((dwFlags & LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE) == 0) &&
((dwFlags & LOAD_LIBRARY_AS_IMAGE_RESOURCE) == 0)
) {
for (CAPIHook* p = sm_pHead; p != NULL; p = p->m_pNext) {
if (p->m_pfnOrig != NULL) {
ReplaceIATEntryInAllMods(p->m_pszCalleeModName,
p->m_pfnOrig, p->m_pfnHook);
} else {
#ifdef _DEBUG
// We should never end up here
wchar_t szPathname[MAX_PATH];
GetModuleFileNameW(NULL, szPathname, _countof(szPathname));
wchar_t sz[1024];
StringCchPrintfW(sz, _countof(sz),
TEXT("[%4u - %s] impossible to find %S\r\n"),
GetCurrentProcessId(), szPathname, p->m_pszCalleeModName);
OutputDebugString(sz);
#endif
}
}
}
}
BOOL WINAPI SetLowMouseHook()
{
g_hLLMouseHook = SetWindowsHookEx(
WH_MOUSE_LL, /* Type of hook */
LLMouseHookProc, /* Hook process */
ModuleFromAddress(LLMouseHookProc),//hInstance, /* Instance */
NULL);
return g_hLLMouseHook != NULL;
}
BOOL WINAPI SetLowKeyboardHook()
{
g_hLLKeyBoardHook = SetWindowsHookEx(
WH_KEYBOARD_LL, /* Type of hook */
LLKeyboardHookProc, /* Hook process */
ModuleFromAddress(LLKeyboardHookProc),//hInstance, /* Instance */
NULL);
return g_hLLKeyBoardHook != NULL;
}
static CString GetIniName()
{
HMODULE hMod = ModuleFromAddress( GetIniName );
TCHAR b[MAX_PATH] = _T("");
GetModuleFileName( hMod, b, MAX_PATH );
CString strIniName = b;
int pos = strIniName.ReverseFind( _T('\\') );
strIniName = strIniName.Left(pos+1);
strIniName += _T("CloseApplicationOnChange.flg");
return strIniName;
}
BOOL CHookedFunction::ReplaceInAllModules(
BOOL bHookOrRestore,
PCSTR pszCalleeModName,
PROC pfnCurrent,
PROC pfnNew
)
{
BOOL bResult = FALSE;
if ((NULL != pfnCurrent) && (NULL != pfnNew))
{
BOOL bReplace = FALSE;
CExeModuleInstance *pProcess = NULL;
CTaskManager taskManager;
CModuleInstance *pModule;
//
// Retrieves information about current process and modules.
// The taskManager dynamically decides whether to use ToolHelp
// library or PSAPI
//
taskManager.PopulateProcess(::GetCurrentProcessId(), TRUE);
pProcess = taskManager.GetProcessById(::GetCurrentProcessId());
if (NULL != pProcess)
{
// Enumerates all modules loaded by (pProcess) process
for (int i = 0; i < pProcess->GetModuleCount(); i++)
{
pModule = pProcess->GetModuleByIndex(i);
bReplace =
(pModule->Get_Module() != ModuleFromAddress(CApiHookMgr::MyLoadLibraryA));
// We don't hook functions in our own modules
if (bReplace)
// Hook this function in this module
bResult = ReplaceInOneModule(
pszCalleeModName,
pfnCurrent,
pfnNew,
pModule->Get_Module()
) || bResult;
} // for
// Hook this function in the executable as well
bResult = ReplaceInOneModule(
pszCalleeModName,
pfnCurrent,
pfnNew,
pProcess->Get_Module()
) || bResult;
} // if
} // if
return bResult;
}
CApiHookMgr::CApiHookMgr(CModuleScope* pModuleScope)
{
sm_pModuleScope = pModuleScope;
//
// Obtain the handle to the DLL which code executes
//
m_hmodThisInstance = ModuleFromAddress(CApiHookMgr::MyGetProcAddress);
//
// No system functions have been hooked up yet
//
m_bSystemFuncsHooked = FALSE;
//
// Create an instance of the map container
//
sm_pHookedFunctions = new CHookedFunctions(this);
}
//---------------------------------------------------------------------------
//当动态装载DLL时,必须Hook那个DLL的相应函数
void WINAPI TAPIHook::FixupNewlyLoadedModule(HMODULE hMod, DWORD dwFlags)
{
HMODULE hThisModule = NULL;
//不能Hook DLL本身的函数
hThisModule = ModuleFromAddress(FixupNewlyLoadedModule);
if(hMod == hThisModule)
return;
// If a new module is loaded, hook the hooked functions
if((hMod != NULL) && ((dwFlags & LOAD_LIBRARY_AS_DATAFILE) == 0))
{
for(TAPIHook* p = pHeadHook; p != NULL; p = p->pNextHook)
{
ReplaceIATEntryInModule(p->FDllName,p->pfnOrig, p->pfnHook, hMod);
}
}
}
BOOL WINAPI SetLowKeyboardHook(BOOL bInstall, DWORD dwThreadId, HWND hWndCaller)
{
BOOL bOk;
g_hWnd = hWndCaller;
if (bInstall)
{
g_hHook = ::SetWindowsHookEx(WH_KEYBOARD_LL, LowKeyboardHookProc, ModuleFromAddress(LowKeyboardHookProc), dwThreadId);
bOk = (g_hHook != NULL);
}
else
{
bOk = ::UnhookWindowsHookEx(g_hHook);
g_hHook = NULL;
}
return bOk;
}
BOOL WINAPI SetWndHook(BOOL bInstall, DWORD dwThreadId, HWND hWndCaller)
{
BOOL bOk;
g_hWndF = hWndCaller;
if (bInstall)
{
g_hHookF = ::SetWindowsHookEx(WH_CBT, SetWndHookProc, ModuleFromAddress(SetWndHookProc), dwThreadId);
bOk = (g_hHookF != NULL);
}
else
{
bOk = ::UnhookWindowsHookEx(g_hHookF);
g_hHookF = NULL;
}
return bOk;
}
void CAPIHook::ReplaceIATEntryInAllMods(PCSTR pszCalleeModName,
PROC pfnCurrent, PROC pfnNew) {
HMODULE hmodThisMod = ExcludeAPIHookMod
? ModuleFromAddress(ReplaceIATEntryInAllMods) : NULL;
// Get the list of modules in this process
CToolhelp th(TH32CS_SNAPMODULE, GetCurrentProcessId());
MODULEENTRY32 me = { sizeof(me) };
for (BOOL bOk = th.ModuleFirst(&me); bOk; bOk = th.ModuleNext(&me)) {
// NOTE: We don't hook functions in our own module
if (me.hModule != hmodThisMod) {
// Hook this function in this module
ReplaceIATEntryInOneMod(
pszCalleeModName, pfnCurrent, pfnNew, me.hModule);
}
}
}
BOOL WINAPI LastMsgBoxInfo_HookAllApps(BOOL bInstall, DWORD dwThreadId) {
BOOL bOk;
if (bInstall) {
chASSERT(g_hhook == NULL); // Illegal to install twice in a row
// Install the Windows' hook
g_hhook = SetWindowsHookEx(WH_GETMESSAGE, GetMsgProc,
ModuleFromAddress(LastMsgBoxInfo_HookAllApps), dwThreadId);
bOk = (g_hhook != NULL);
} else {
chASSERT(g_hhook != NULL); // Can't uninstall if not installed
bOk = UnhookWindowsHookEx(g_hhook);
g_hhook = NULL;
}
return(bOk);
}
