|
#2
zklhp2009-10-07 12:09
|
程序代码:;钩子练习
;by onepc 153785587
;参考:百度
; ml /c /coff hook.asm
; Link /subsystem:windows /section:.bss,S /Def:hook.def /Dll hook.obj
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
hDInstance dd ? ;dll模块句柄
.data?
hHook dd ? ;钩子句柄
.code
DLLEntry proc _hInstance,_dwReson,_dwRelease ;_hInstance这个是模块句柄
push _hInstance
pop hDInstance
mov eax,TRUE
ret
DLLEntry endp
_CALLBACKHOOK proc _dwCode,_wParam,_lParam ;钩子过程 这里的参数是随你命名的只要是dword型就OK
.if _dwCode==HC_ACTION ;有键盘消息时处理
.if (_wParam==VK_LWIN) || (_wParam==VK_RWIN) ;屏蔽win键
mov eax,TRUE
ret
.endif
.else
invoke CallNextHookEx,hHook,_dwCode,_wParam,_lParam
.endif
;invoke CallNextHookEx,hHook,_dwCode,_wParam,_lParam
ret
_CALLBACKHOOK endp
_INSTALLHOOK proc ;安装钩子
invoke SetWindowsHookEx,WH_KEYBOARD_LL,addr _CALLBACKHOOK,hDInstance,NULL ;全局钩子
mov hHook,eax ;保存钩子
ret
_INSTALLHOOK endp
_UNINSTALLHOOK proc ;卸载钩子
invoke UnhookWindowsHookEx,hHook ;卸载钩子
ret
_UNINSTALLHOOK endp
End DLLEntry
;by onepc 153785587
;参考:百度
; ml /c /coff hook.asm
; Link /subsystem:windows /section:.bss,S /Def:hook.def /Dll hook.obj
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.data
hDInstance dd ? ;dll模块句柄
.data?
hHook dd ? ;钩子句柄
.code
DLLEntry proc _hInstance,_dwReson,_dwRelease ;_hInstance这个是模块句柄
push _hInstance
pop hDInstance
mov eax,TRUE
ret
DLLEntry endp
_CALLBACKHOOK proc _dwCode,_wParam,_lParam ;钩子过程 这里的参数是随你命名的只要是dword型就OK
.if _dwCode==HC_ACTION ;有键盘消息时处理
.if (_wParam==VK_LWIN) || (_wParam==VK_RWIN) ;屏蔽win键
mov eax,TRUE
ret
.endif
.else
invoke CallNextHookEx,hHook,_dwCode,_wParam,_lParam
.endif
;invoke CallNextHookEx,hHook,_dwCode,_wParam,_lParam
ret
_CALLBACKHOOK endp
_INSTALLHOOK proc ;安装钩子
invoke SetWindowsHookEx,WH_KEYBOARD_LL,addr _CALLBACKHOOK,hDInstance,NULL ;全局钩子
mov hHook,eax ;保存钩子
ret
_INSTALLHOOK endp
_UNINSTALLHOOK proc ;卸载钩子
invoke UnhookWindowsHookEx,hHook ;卸载钩子
ret
_UNINSTALLHOOK endp
End DLLEntry
hook.def
EXPORTS
_INSTALLHOOK
_UNINSTALLHOOK
_INSTALLHOOK
_UNINSTALLHOOK
hook.inc
_INSTALLHOOK proto
_UNINSTALLHOOK proto
_UNINSTALLHOOK proto
主程序
程序代码:.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
include hook.inc
includelib hook.lib
IDD_TOP_DIALOG equ 102
IDR_MAINFRAME equ 128
IDC_BUTTON1 equ 1000
IDC_BUTTON2 equ 1001
.data
hInstance dd ?
hMain dd ? ;对话框句柄
.code
;;对话框回调过程
_DlgProc proc uses esi edi ebx hDlg,uMsg,wParam,lParam
.if uMsg==WM_INITDIALOG ;对话框初始化
push hDlg
pop hMain
;invoke LoadIcon,hInstance,IDR_MAINFRAME
;invoke SendMessage,hDlg,WM_SETICON,ICON_BIG,eax
.elseif uMsg==WM_COMMAND
mov eax,wParam
.if ax==IDC_BUTTON1
invoke _INSTALLHOOK
;invoke EndDialog,hDlg,TRUE
.endif
.if ax==IDC_BUTTON2
invoke _UNINSTALLHOOK
.endif
.elseif uMsg==WM_CLOSE
invoke EndDialog,hDlg,FALSE
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_DlgProc endp
;;对话框回调过程
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_TOP_DIALOG,NULL,addr _DlgProc,NULL
invoke ExitProcess,NULL
end start
资源
程序代码:#include "resource.h"
#define IDD_TOP_DIALOG 102
#define IDR_MAINFRAME 128
#define IDC_BUTTON1 1000
#define IDC_BUTTON2 1001
IDR_MAINFRAME ICON DISCARDABLE "hook.ico"
IDD_TOP_DIALOG DIALOGEX 0, 0, 135, 103
STYLE DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_VISIBLE |
WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_APPWINDOW
CAPTION "ASM + API"
FONT 9, "宋体"
BEGIN
PUSHBUTTON "INSTALL",IDC_BUTTON1,39,33,46,15
PUSHBUTTON "UNINSTALL",IDC_BUTTON2,38,59,48,15
END
