Winapi 如何在进程读取我的进程时调用函数';s内存-Win32 API
最近我一直在研究如何连接函数和创建回调函数。虽然我不完全理解整个技术,但似乎我应该能够钩住Windows API的ReadProcessMemory()函数,让我的进程在某个对象读取其内存时调用一个函数。虽然我只是出于好奇才想这么做,但连接windows功能似乎对防止在线游戏中的黑客攻击非常有用 不幸的是,关于这个主题的教程、文章等非常缺乏。我看过很多注入代码,但缺乏理解让我望而却步。我想做的事情可能吗?有人能给我指出正确的方向吗 我要提到的是,这是我第一次自愿跳出OO编程,因此如果这毫无意义,我深表歉意。使用钩子函数:Winapi 如何在进程读取我的进程时调用函数';s内存-Win32 API,winapi,hook,readprocessmemory,Winapi,Hook,Readprocessmemory,最近我一直在研究如何连接函数和创建回调函数。虽然我不完全理解整个技术,但似乎我应该能够钩住Windows API的ReadProcessMemory()函数,让我的进程在某个对象读取其内存时调用一个函数。虽然我只是出于好奇才想这么做,但连接windows功能似乎对防止在线游戏中的黑客攻击非常有用 不幸的是,关于这个主题的教程、文章等非常缺乏。我看过很多注入代码,但缺乏理解让我望而却步。我想做的事情可能吗?有人能给我指出正确的方向吗 我要提到的是,这是我第一次自愿跳出OO编程,因此如果这毫无意义,
BOOL WINAPI hkReadProcessMemory( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{
if (GetCurrentProcess() == hProcess) {
// your process
}
return oReadProcessMemory( hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
}
typedef BOOL (WINAPI* _NtReadProcessMemory)( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
_NtReadProcessMemory oReadProcessMemory = (_NtReadProcessMemory)
GetProcAddress(GetModuleHandle(L"ntdll"), "NtReadProcessMemory");
BOOL WINAPI hkReadProcessMemory( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{
if (GetCurrentProcess() == hProcess) {
// your process
}
return oReadProcessMemory( hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
}
typedef BOOL (WINAPI* _NtReadProcessMemory)( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
_NtReadProcessMemory oReadProcessMemory = (_NtReadProcessMemory)
GetProcAddress(GetModuleHandle(L"ntdll"), "NtReadProcessMemory");
BOOL WINAPI hkReadProcessMemory( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{
if (GetCurrentProcess() == hProcess) {
// your process
}
return oReadProcessMemory( hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead);
}
typedef BOOL (WINAPI* _NtReadProcessMemory)( HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
_NtReadProcessMemory oReadProcessMemory = (_NtReadProcessMemory)
GetProcAddress(GetModuleHandle(L"ntdll"), "NtReadProcessMemory");
BOOL bHook = Mhook_SetHook((PVOID*)&oReadProcessMemory,
hkReadProcessMemory));
Mhook:(迂回库)然后他们会在不调用
ReadProcessMemoryReadProcessMemory