The delphihookutils's discuss from delphilite

纠正一处HOOK GetTickCount64在X64下有问题的用法

http://bbs.2ccc.com/topic.asp?topicid=617767

X64之所以有问题是因为代码写法有问题，HOOK的导入表的跳转代理函数

你把
HookProc(@Winapi.Windows.GetTickCount64, @GetTickCount64CallBack, @GetTickCount64Next);
改成
HookProc('kernel32.dll','GetTickCount64', @GetTickCount64CallBack, @GetTickCount64Next);
就可以了。

第一种写法如果函数是Delphi实现的没问题，但是你这个是钩的导入表的跳转函数。
第二种写法是钩的kernel32.dll中函数的本体

你好.看了你的DelphiHookUtils.我有一些想法希望一起看看

你好.,我自己写有一个HOOK类.我想在你的HOOK类基础上进行升级.比如改装成一个类.管理多个HOOK点.
通过匹配特征码进行HOOK.对某处JMP并设置回调函数,基于页面异常的HOOK等.我的QQ3570142.
下面是我的HOOK一部分类接口.

Type
THOOK_InLink = Class

Private
{ Private declarations }

Var

/// <summary>
/// 原始函数地址
/// </summary>
FOriFunAddress :Pointer;

/// <summary>
/// 新函数地址
/// </summary>
FNewFunAddress :Pointer;

/// <summary>
/// 原始函数代码
/// </summary>
FOriFunCode :TBytes;

/// <summary>
/// 原始函数ASM
/// </summary>
FOriFunASM :TStringList;

/// <summary>
/// 原始函数带JMP代码(全局中转处)
/// </summary>
FOriFunJMPCode :TBytes;

/// <summary>
/// 原始函数带JMP代码地址
/// </summary>
FOriFunJMPPointer :Pointer;

/// <summary>
/// 保存修改处的JMP汇编代码
/// </summary>
FCheckJMPCode : Array [ 0 .. 4 ] Of Byte;

/// <summary>
/// 保存原始汇编字节的大小
/// </summary>
FOriCodeSize :NativeInt;

/// <summary>
/// 模块名称
/// </summary>
FModuleName :String;

/// <summary>
/// 函数名称
/// </summary>
FFunctionName :String;

/// <summary>
/// 是否挂起其他线程
/// </summary>
FSuspendThread :Boolean;

/// <summary>HOOKCode</summary>
/// <param name="Callback  (Pointer)">回调函数</param>
/// <param name="OriCodeStr  (String)">原始汇编代码</param>
/// <param name="PuddingEncoding  (String)">补丁机器码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_Code ( ) :Boolean; Overload;
Function Hook_Code ( Callback :Pointer; OriCodeStr :String; PuddingEncoding :String ) :Boolean; Overload;

Public
{ Public declarations }
Constructor Create ( ); Overload; // 构造方法
Destructor Destroy; Override; // 析构方法

Property OriFunAddress :Pointer Read FOriFunAddress Write FOriFunAddress;
Property NewFunAddress :Pointer Read FNewFunAddress Write FNewFunAddress;
Property OriFunCode :TBytes Read FOriFunCode Write FOriFunCode;
Property OriFunASM :TStringList Read FOriFunASM Write FOriFunASM;
Property OriFunJMPCode :TBytes Read FOriFunJMPCode Write FOriFunJMPCode;
Property OriFunJMPPointer :Pointer Read FOriFunJMPPointer Write FOriFunJMPPointer;
Property OriCodeSize :NativeInt Read FOriCodeSize Write FOriCodeSize;
Property ModuleName :String Read FModuleName Write FModuleName;
Property FunctionName :String Read FFunctionName Write FFunctionName;
Property SuspendThread :Boolean Read FSuspendThread Write FSuspendThread;

{ -----------------------------------------------------------------------------------------> API HOOK }
/// <summary>HOOK API 头5字节</summary>
/// <param name="Module_Name  (String)">模块名称</param>
/// <param name="Function_Name  (String)">函数名称</param>
/// <param name="New_Function_Address  (Pointer)">新函数地址</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_API ( Module_Name :String; Function_Name :String; New_Function_Address :Pointer ) :Boolean;

{ -----------------------------------------------------------------------------------------> HOOK 指定地址 }
/// <summary>HOOK 指定地址</summary>
/// <param name="Module_Name  (String)">模块名称</param>
/// <param name="Address_Office  (NativeInt)">相对模块的偏移(匹配处)</param>
/// <param name="New_Function_Address  (Pointer)">新函数地址</param>
/// <param name="HOOKOffice  (NativeInt)">匹配处HOOK位置偏移</param>
/// <param name="FeatureStr  (String)">特征码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_Address ( Module_Name :String; Address_Office :NativeInt; New_Function_Address :Pointer; HOOKOffice :NativeInt; FeatureStr :String ) :Boolean;

{ -----------------------------------------------------------------------------------------> 打补丁 指定地址 }
/// <summary>对指定地址打补丁</summary>
/// <param name="Module_Name  (String)">模块名称</param>
/// <param name="Function_Office  (NativeInt)">特征码定位偏移(匹配处)</param>
/// <param name="HOOKOffice  (NativeInt)">匹配处HOOK位置偏移</param>
/// <param name="Callback  (Pointer)">回调函数</param>
/// <param name="PuddingEncoding  (String)">补丁机器码</param>
/// <param name="FeatureStr  (String)">特征码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_JMP ( Module_Name :String; Function_Office :NativeInt; HOOKOffice :NativeInt; Callback :Pointer; PuddingEncoding :String; FeatureStr :String ) :Boolean;

{ -----------------------------------------------------------------------------------------> 打补丁 指定地址 }
/// <summary>对指定地址打补丁</summary>
/// <param name="HOOKAddress  (NativeInt)">HOOK地址</param>
/// <param name="OriCodeStr  (String)">原始汇编代码</param>
/// <param name="Callback  (Pointer)">回调函数</param>
/// <param name="PuddingEncoding  (String)">补丁机器码</param>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Hook_JMPAdd ( HOOKAddress :NativeInt; OriCodeStr :String; Callback :Pointer; PuddingEncoding :String ) :Boolean;

{ -----------------------------------------------------------------------------------------> 卸载 HOOK }
/// <summary>卸载 HOOK</summary>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Unload_Hook ( ) :Boolean;

{ -----------------------------------------------------------------------------------------> 检查 HOOK }
/// <summary>检查 HOOK</summary>
/// <returns>返回值:成功=TRUE 失败=FALSE</returns>
Function Check_Hook ( ) :Boolean;

End;

Implement a sample to Hooking TerminateProcess Windows API.

I would like to suggest an implementation example for a TerminateProcess hook

如何才能更方便获取某一接口方法的地址呢？

以下方法为获取某一接口方法的地址，如何修改才能通过传入字符串“SetFileName”来获取IFileDialog.SetFileName的地址呢？期望哪位大神告知，谢谢！[email protected]
function GetMethodPointer(const IntRef{IFileDialog}: IInterface): Pointer; assembler;
{$IFDEF Win64}
asm
mov rax, [IntRef]
add rax, vmtoffset IFileDialog.SetFileName
mov rax, [rax]
end;
{$ELSE}
asm
mov eax, [IntRef]
add eax, vmtoffset IFileDialog.SetFileName
mov eax, [eax]
end;
{$ENDIF}

delphilite / delphihookutils Goto Github PK

delphihookutils's Issues

纠正一处HOOK GetTickCount64在X64下有问题的用法

你好.看了你的DelphiHookUtils.我有一些想法希望一起看看

Implement a sample to Hooking TerminateProcess Windows API.

如何才能更方便获取某一接口方法的地址呢？

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent