// ---------------------------------------------------------------------------- // hook a window // ---------------------------------------------------------------------------- bool CSkin::Hook(CWnd *pWnd) { // unsubclass any other window if (Hooked()) UnHook(); // this will be our new subclassed window m_hWnd = (HWND)*pWnd; // -------------------------------------------------- // change window style (get rid of the caption bar) // -------------------------------------------------- LONG_PTR dwStyle = GetWindowLongPtr(m_hWnd, GWL_STYLE); m_dOldStyle = dwStyle; dwStyle &= ~(WS_CAPTION|WS_SIZEBOX); SetWindowLongPtr(m_hWnd, GWL_STYLE, dwStyle); RECT r; pWnd->GetWindowRect(&r); m_oldRect = r; pWnd->MoveWindow(r.left, r.top, m_iWidth, m_iHeight, FALSE); pWnd->SetMenu(NULL); if(m_rgnSkin != NULL) // set the skin region to the window pWnd->SetWindowRgn(m_rgnSkin, true); // subclass the window procedure m_OldWndProc = (WNDPROC)SetWindowLongPtr( m_hWnd, GWLP_WNDPROC, (LONG_PTR)SkinWndProc ); // store a pointer to our class instance inside the window procedure. if (!SetProp(m_hWnd, "skin", (void*)this)) { // if we fail to do so, we just can't activate the skin. UnHook(); return false; } // update flag m_bHooked = ( m_OldWndProc ? true : false ); for(int i = 0; i < m_nButtons; i++) { RECT r; m_buttons[i].GetRect(r); m_buttons[i].CreateButton("", WS_VISIBLE, r, pWnd, 0); } // force window repainting RedrawWindow(NULL,NULL,NULL,RDW_INVALIDATE|RDW_ERASE|RDW_ALLCHILDREN); // successful return if we're hooked. return m_bHooked; }
/// main entry point BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ){ switch ( ul_reason_for_call ){ case DLL_PROCESS_ATTACH: { Splash Splash(NULL); if (Splash.Show(NULL, 300) == TRUE) { Sleep(1000); } if (Hook(hModule) != 1) { MessageBox( 0, L"Failed to initialize Insanity successfully.\n\nPlease restart the Patcher and try again.\nIf this happen more than once, please inform the Admins.\nThank you.", L"Insanity - Client Protection", MB_OK | MB_ICONHAND ); exit(1); return FALSE; } } break; case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: UnHook(); break; } log(L"DllMain: returning true!\n"); return TRUE; }
InlineSingleHook::~InlineSingleHook () { // if (Inline_5Bytes!=m_NewBytes_Pbyte) // {//外部的buffer不用管 // // } if (NULL!=m_OrgBytes_Pbyte) { UnHook ( ); delete []m_OrgBytes_Pbyte; m_OrgBytes_Pbyte= NULL; } if (NULL!=m_HookRouter_Pproc) { PInlineX86StackBuffer X86StackBufferAry= *((PInlineX86StackBuffer *)&m_HookRouter_Pproc[X86INLINEROUTERSTACKBUFFEROFF]); while (NULL!=X86StackBufferAry) { PInlineX86StackBuffer temp_Ix86Stackbuf= X86StackBufferAry->next; delete [] X86StackBufferAry; X86StackBufferAry= temp_Ix86Stackbuf; } delete [] m_HookRouter_Pproc; m_HookRouter_Pproc= NULL; } if (NULL!=m_RedirectOrgOpcodes_Pbyte) { delete [] m_RedirectOrgOpcodes_Pbyte; m_RedirectOrgOpcodes_Pbyte= NULL; } }
int CHookKBApp::ExitInstance() { // TODO: Add your specialized code here and/or call the base class UnHook(); //п╤ть╪Эел╧Ёвс return CWinApp::ExitInstance(); }
void SSDTHookUnload(IN PDRIVER_OBJECT DriverObject) { if (is_hook) { UnHook(); } UNICODE_STRING Win32Device; RtlInitUnicodeString(&Win32Device,L"\\DosDevices\\SSDTHook0"); IoDeleteSymbolicLink(&Win32Device); IoDeleteDevice(DriverObject->DeviceObject); }
SingleHook::~SingleHook () { if (NULL!=m_OrgBytes_Pbyte) { UnHook ( ); delete []m_OrgBytes_Pbyte; m_OrgBytes_Pbyte= NULL; } if (NULL!=mallocedBuf) { delete [] mallocedBuf; mallocedBuf= NULL; } }
NTSTATUS SSDTHookDeviceControl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { ULONG info; //得到当前栈指针 KdPrint(("get commond form application")); PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp); ULONG mf=stack->MajorFunction;//区分IRP if (mf == IRP_MJ_DEVICE_CONTROL) { //得到输入缓冲区大小 ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength; //得到输出缓冲区大小 ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength; //得到IOCTL码 ULONG code = stack->Parameters.DeviceIoControl.IoControlCode; switch (code) { case hook_code: { //获取缓冲区数据 a,b int * InputBuffer = (int*)Irp->AssociatedIrp.SystemBuffer; _asm { mov eax,InputBuffer mov ebx,[eax] mov thePid,ebx } KdPrint(("设定被保护进程 MyPID=%d \n",(int)thePid)); int* OutputBuffer = (int*)Irp->AssociatedIrp.SystemBuffer; _asm { mov eax,1 mov ebx,OutputBuffer mov [ebx],eax // } info = 4; Hook(); } break; case unhook_code: { UnHook(); } break; } }
// Unload例程 卸载钩子 VOID Unload(IN PDRIVER_OBJECT DriverObject) { DbgPrint(("Unload ssdt driver.\n")); UnHook((ULONG)ZwSetInformationFile); UnHook((ULONG)ZwOpenProcess); UnHook((ULONG)ZwTerminateProcess); UnHook((ULONG)ZwCreateFile); UnHook((ULONG)ZwQuerySystemInformation); UnHook((ULONG)ZwCreateKey); }
// ---------------------------------------------------------------------------- // destroy skin resources and free allocated resources // ---------------------------------------------------------------------------- void CSkin::Destroy() { if (m_buttons) { delete[] m_buttons; m_buttons = NULL; } // unhook the window UnHook(); // free bitmaps and device context if (m_dcSkin) { SelectObject(m_dcSkin, m_hOldBmp); DeleteDC(m_dcSkin); m_dcSkin = NULL; } if (m_hBmp) { DeleteObject(m_hBmp); m_hBmp = NULL; } // free skin region if (m_rgnSkin) { DeleteObject(m_rgnSkin); m_rgnSkin = NULL; } }
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: g_hInstance = hModule; break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: UnHook(); break; } return TRUE; }
ModifyHook::~ModifyHook () { if ( NULL!=m_OrgBytes_Pbyte) { UnHook ( ); delete []m_OrgBytes_Pbyte; m_OrgBytes_Pbyte= NULL; } if (NULL!=m_RedirectOrgOpcodes_Pbyte) { delete [] m_RedirectOrgOpcodes_Pbyte; } if (NULL!=mallocedBuf) { delete [] mallocedBuf; mallocedBuf= NULL; } }
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch ( ul_reason_for_call ) { case DLL_PROCESS_ATTACH: log( "Shaiya Hook started.." ); Hook(); break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: break; case DLL_PROCESS_DETACH: log( "Shaiya Hook finished.." ); UnHook(); break; } return TRUE; }
VOID DDK_Unload (IN PDRIVER_OBJECT pDriverObject) { PDEVICE_OBJECT pDev;//用来取得要删除设备对象 UNICODE_STRING symLinkName; // UnHook(); if (ishook) {//unhook __asm //去掉页面保护 { cli mov eax,cr0 and eax,not 10000h //and eax,0FFFEFFFFh mov cr0,eax } pcur->E9= oldCode.E9;//1字节 pcur->JMPADDR= oldCode.JMPADDR;//4字节 __asm //恢复页保护 { mov eax,cr0 or eax,10000h //or eax,not 0FFFEFFFFh mov cr0,eax sti } } //end unhook pDev=pDriverObject->DeviceObject; IoDeleteDevice(pDev); //删除设备 //取符号链接名字 RtlInitUnicodeString(&symLinkName,L"\\??\\My_DriverLinkName"); //删除符号链接 IoDeleteSymbolicLink(&symLinkName); KdPrint(("驱动成功被卸载...OK-----------")); //sprintf,printf //取得要删除设备对象 //删掉所有设备 DbgPrint("卸载成功"); }
NTSTATUS ddk_DispatchRoutine_CONTROL(IN PDEVICE_OBJECT pDevobj,IN PIRP pIrp ) { // ULONG info; int *pi=(int*)ExAllocatePool(PagedPool,sizeof(int)); //得到当前栈指针 PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(pIrp); ULONG mf=stack->MajorFunction;//区分IRP switch (mf) { case IRP_MJ_DEVICE_CONTROL: { KdPrint(("Enter myDriver_DeviceIOControl\n")); NTSTATUS status = STATUS_SUCCESS; //得到输入缓冲区大小 ULONG cbin = stack->Parameters.DeviceIoControl.InputBufferLength; //得到输出缓冲区大小 ULONG cbout = stack->Parameters.DeviceIoControl.OutputBufferLength; //得到IOCTL码 ULONG code = stack->Parameters.DeviceIoControl.IoControlCode; switch (code) { case add_code: { int a,b; KdPrint(("add_code 1111111111111111111\n")); //缓冲区方式IOCTL //获取缓冲区数据 a,b int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer; _asm { mov eax,InputBuffer mov ebx,[eax] mov a,ebx mov ebx,[eax+4] mov b,ebx } KdPrint(("a=%d,b=%d \n", a,b)); a=a+b; //C、驱动层返回数据至用户层 //操作输出缓冲区 int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer; _asm { mov eax,a mov ebx,OutputBuffer mov [ebx],eax //bufferet=a+b } KdPrint(("a+b=%d \n",a)); //设置实际操作输出缓冲区长度 info = 4; break; } case hook_code: { //从buffer获取MyPid //获取缓冲区数据 a,b int * InputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer; _asm { mov eax,InputBuffer mov ebx,[eax] mov MyPID,ebx } int* OutputBuffer = (int*)pIrp->AssociatedIrp.SystemBuffer; _asm { mov eax,1 mov ebx,OutputBuffer mov [ebx],eax // } info = 4; Hook(); break; } case unhook_code: { UnHook(); break; } case sub_code: { break; } }//end code switch break; } case IRP_MJ_CREATE: { break; } case IRP_MJ_CLOSE: { break; } case IRP_MJ_READ: { break; } } //对相应的IPR进行处理 pIrp->IoStatus.Information=info;//设置操作的字节数为0,这里无实际意义 pIrp->IoStatus.Status=STATUS_SUCCESS;//返回成功 IoCompleteRequest(pIrp,IO_NO_INCREMENT);//指示完成此IRP KdPrint(("离开派遣函数\n"));//调试信息 return STATUS_SUCCESS; //返回成功 }
CILHook::~CILHook() { // 取消HOOK UnHook(); }
static void Deinitialize( GarrysMod::Lua::ILuaBase *LUA ) { UnHook( AddOrUpdateFile_original ); }
IATHook::~IATHook() { UnHook(); }
CILHook::~CILHook() { UnHook(); }
VOID UnSysenterHook() { UnHook((PUCHAR)"\x2B\xE1\xC1\xE9\x02\x8B\xFC", 7, (PVOID)(ulHookSysenter-5)); }