<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< ; FileName: msgbox2.asm ; Function: Demo how to hook MessageBoxA locally ; Author: Purple Endurer ; ; log ;-------------------------------------------------- ; 2006-07-10 Optimized code ; 2006-07-08 Created, success under Windows XP +SP1 ;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< .586p .model flat, stdcall option casemap: none include /masm32/ include/windows.inc include /masm32/ include/kernel32.inc include /masm32/ include/user32.inc includelib /masm32/ lib/kernel32.lib includelib /masm32/ lib/user32.lib m_m2m MACRO d1, d2 push d2 pop d1 ENDM MEMORY_BASIC_INFORMATION_SIZE EQU 28 .data g_szUser32dll DB "user32.dll", 0 g_szMsgBox DB "MessageBoxA", 0 g_szHookedOK db " has been hooked OK!", 0 .data? g_dwOld_protect DD ? g_lpfnMessagBox dword ? g_dbOldCode db 10 dup(?) g_dwReaded dword ? g_hCurProc HANDLE ? .code start: do_hook: invoke GetModuleHandle, ADDR g_szUser32dll invoke GetProcAddress, eax, ADDR g_szMsgBox mov edi, eax ;finally got MessageBoxA address mov g_lpfnMessagBox, eax push 0 push OFFSET g_szMsgBox push OFFSET g_szMsgBox push 0 call g_lpfnMessagBox ;确认得到MessageBoxA的地址 invoke GetCurrentProcess mov g_hCurProc, eax ; BOOL ReadProcessMemory( ; HANDLE hProcess, // handle of the process whose memory is read ; LPCVOID lpBaseAddress, // address to start reading ; LPVOID lpBuffer, // address of buffer to place read data ; DWORD nSize, // number of bytes to read ; LPDWORD lpNumberOfBytesRead // address of number of bytes read ; ); invoke ReadProcessMemory, eax, g_lpfnMessagBox, ADDR g_dbOldCode, 10, ADDR g_dwReaded test eax, eax jz @FinalMsgBox invoke VirtualAlloc, 0, MEMORY_BASIC_INFORMATION_SIZE, MEM_COMMIT, PAGE_READWRITE test eax, eax jz @FinalMsgBox mov esi, eax ;allocation for MBI invoke VirtualQuery, edi, esi, MEMORY_BASIC_INFORMATION_SIZE ;typedef struct _MEMORY_BASIC_INFORMATION { // mbi ; PVOID BaseAddress; // base address of region ; PVOID AllocationBase; // allocation base address ; DWORD AllocationProtect; // initial access protection ; DWORD RegionSize; // size, in bytes, of region ; DWORD State; // committed, reserved, free ; DWORD Protect; // current access protection ; DWORD Type; // type of pages ;} MEMORY_BASIC_INFORMATION; test eax, eax jz @free_mem invoke FlushInstructionCache, g_hCurProc, edi, 5 ;just to be sure lea eax,[ esi+014h] push eax push PAGE_EXECUTE_READWRITE lea eax, [ esi+0Ch] push [ eax] push [ esi] call VirtualProtect ;we will change protection for a moment, so we will be able to write there test eax, eax jz @free_mem mov byte ptr [ edi], 0E9h ;写入jmp跳转指令 mov eax, OFFSET @newMsgBox ;计算跳转地址 sub eax, edi sub eax, 5 inc edi stosd ;传送32位跳转地址 push OFFSET g_dwOld_protect lea eax, [ esi+014h] push [ eax] lea eax, [ esi+0Ch] push [ eax] push [ esi] call VirtualProtect ;return back the protection of page @free_mem: push MEM_RELEASE push 0 push esi call VirtualFree ;free memory @FinalMsgBox: invoke MessageBoxA, 0, ADDR g_szMsgBox, ADDR g_szMsgBox, 0 invoke ExitProcess, 0 @newMsgBox: ;004010CD ;mov [esp+16], MB_ICONINFORMATION ;修改信息ICON m_m2m [ esp+16], MB_ICONINFORMATION ;mov [esp+12], OFFSET g_szHookedOK ;修改标题 mov eax, [ esp+8] ;修改信息内容 invoke lstrcat, eax, ADDR g_szHookedOK ; BOOL WriteProcessMemory( ; HANDLE hProcess, // handle to process whose memory is written to ; LPVOID lpBaseAddress, // address to start writing to ; LPVOID lpBuffer, // pointer to buffer to write data to ; DWORD nSize, // number of bytes to write ; LPDWORD lpNumberOfBytesWritten // actual number of bytes written ; ); invoke WriteProcessMemory, g_hCurProc, g_lpfnMessagBox, ADDR g_dbOldCode, 10, ADDR g_dwReaded jmp g_lpfnMessagBox ;push g_lpfnMessagBox ;ret; 10H end
本地hook API MessageBoxA的masm32源代码[07-10更新]
2024-09-28
32
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《
阿里云开发者社区用户服务协议》和
《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写
侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介:
本地hook API MessageBoxA的masm32源代码[07-10更新]
相关文章
|
测试技术
API
Windows
|
Java
API
|
5月前
|
API
|
5月前
|
Java
Linux
API
|
5月前
|
Java
API
开发工具
|
6月前
|
Java
API
Apache
ZooKeeper【基础 03】Java 客户端 Apache Curator 基础 API 使用举例(含源代码)
【4月更文挑战第11天】ZooKeeper【基础 03】Java 客户端 Apache Curator 基础 API 使用举例(含源代码)
74
11
11
|
API
开发者
币安合约现货策略交易接口API对接开发源代码详情
# 生成签名的函数(示例)
def generate_signature(params, secret):
signature = ''
for key in sorted(params.keys()):
356
0
0
|
6月前
|
存储
前端开发
JavaScript
|
6月前
|
监控
JavaScript
前端开发
|
6月前
|
Java
API
Apache
ZooKeeper【基础 03】Java 客户端 Apache Curator 基础 API 使用举例(含源代码)
ZooKeeper【基础 03】Java 客户端 Apache Curator 基础 API 使用举例(含源代码)
67
0
0
热门文章
最新文章
1
ArcGIS API for Silverlight 地图元素点闪烁,线流动显示的处理方式
2
jQuery EasyUI API 中文文档 - 解析器
3
16.源码阅读(View的绘制-android api-26)
4
关于百度地图api测距显示NaN的解决方案
5
知道这10个让你的API接口突然超时的原因吗?
6
Promise API 简介
7
Elasticsearch Java API(九)--删除文档的field以及field的属性
8
1、Windows API函数归总,网络函数、消息函数、文件处理
9
【ASP.NET Web API教程】2.4 创建Web API的帮助页面
10
linux新的API signalfd、timerfd、eventfd使用说明
1
【JAVA进阶篇教学】第三篇:JDK8中Stream API使用
58
2
电商数据集成:利用API接口实现商品详情自动化获取
111
3
使用Webpack的module.hot API来定义模块的热替换
73
4
微服务架构下的API网关性能优化实践
114
5
【网络编程】理解客户端和服务器并使用Java提供的api实现回显服务器
49
6
JDBC Java标准库提供的一些api(类+方法) 统一各种数据库提供的api
50
7
Vue3有哪些常用的API
63
8
Elasticsearch 8.10 同义词管理新篇章:引入同义词 API
167
9
记录openai官网关于Setup your API key for a single project(为单个项目设置API 可以)的错误(2023/11/24)
145
10
API在电子商务中的应用与优势:深入解析
73