[C++知识库] VEH HOOK MessageBox

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> C++知识库 -> VEH HOOK MessageBox -> 正文阅读

[C++知识库]VEH HOOK MessageBox

#define _CRT_SECURE_NO_WARNINGS
#include <windows.h>
#include <stdio.h>

uintptr_t g_MessageBoxA = 0;
uintptr_t g_MessageBoxW = 0;

LONG NTAPI VEHHandler(struct _EXCEPTION_POINTERS* ExceptionInfo)
{
	if ((uintptr_t)ExceptionInfo->ExceptionRecord->ExceptionAddress == g_MessageBoxA)
	{
		printf("[%s] call MessageBoxA \n", __FUNCSIG__);

		__asm mov edi, edi
		ExceptionInfo->ContextRecord->Eip += 2;
		return EXCEPTION_CONTINUE_EXECUTION;
	}
	else 	if ((uintptr_t)ExceptionInfo->ExceptionRecord->ExceptionAddress == g_MessageBoxW)
	{
		printf("[%s] call MessageBoxW \n", __FUNCSIG__);

		__asm mov edi, edi
		ExceptionInfo->ContextRecord->Eip += 2;
		return EXCEPTION_CONTINUE_EXECUTION;
	}

	return EXCEPTION_CONTINUE_SEARCH;
}

BOOL APIENTRY DllMain(HMODULE m, DWORD t, LPVOID)
{
	if (t == DLL_PROCESS_ATTACH)
	{
		DisableThreadLibraryCalls(m);

		AddVectoredExceptionHandler(1, VEHHandler);

		AllocConsole();
		freopen("CON", "w", stdout);

		g_MessageBoxA = (uintptr_t)GetProcAddress(GetModuleHandleA("user32.dll"), "MessageBoxA");
		printf("[%s] MessageBoxA is 0x%x\n", __FUNCSIG__, g_MessageBoxA);

		g_MessageBoxW = (uintptr_t)GetProcAddress(GetModuleHandleA("user32.dll"), "MessageBoxW");
		printf("[%s] MessageBoxW is 0x%x\n", __FUNCSIG__, g_MessageBoxW);

		HANDLE h = OpenThread(THREAD_ALL_ACCESS, FALSE, 8408);
		printf("[%s] thread handle is 0x%x\n", __FUNCSIG__, (int)h);

		SuspendThread(h);

		CONTEXT ctx{ 0 };
		ctx.ContextFlags = CONTEXT_ALL;
		GetThreadContext(h, &ctx);
		ctx.Dr7 = 0x405;
		ctx.Dr0 = g_MessageBoxA;
		ctx.Dr1 = g_MessageBoxW;
		SetThreadContext(h, &ctx);

		ResumeThread(h);

		CloseHandle(h);
	}

	return TRUE;
}