www.gusucode.com > HookAPI开发包(Win32 API函数截拦)源码程序 > HookAPI开发包(Win32 API函数截拦)源码程序/谷速代码-code/HookAPI1.7/hookshell/mydll.cpp
// ------------------------------------- // // 您如果要使用本文件,请不要删除本说明 // // ------------------------------------- // // HOOKAPI 开发例子 // // Copyright 2002 编程沙龙 Paladin // // www.ProgramSalon.com // // ------------------------------------- // #include "stdafx.h" #include <stdio.h> #include <shellapi.h> #include "mydll.h" #ifdef WIN95 #pragma code_seg("_INIT") #pragma comment(linker,"/SECTION:.bss,RWS /SECTION:.data,RWS /SECTION:.rdata,RWS /SECTION:.text,RWS /SECTION:_INIT,RWS ") #pragma comment(linker,"/BASE:0xBFF70000") #endif BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { return TRUE; } void WriteLog(char *fmt, ...) { va_list args; char modname[200]; char temp[5000]; HANDLE hFile; GetModuleFileName(NULL, modname, sizeof(modname)); if((hFile = CreateFile("c:\\hookapi.log", GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) <0) { return; } _llseek((HFILE)hFile, 0, SEEK_END); wsprintf(temp, "mydll.dll:%s:", modname); DWORD dw; WriteFile(hFile, temp, strlen(temp), &dw, NULL); va_start(args,fmt); vsprintf(temp, fmt, args); va_end(args); WriteFile(hFile, temp, strlen(temp), &dw, NULL); wsprintf(temp, "\r\n"); WriteFile(hFile, temp, strlen(temp), &dw, NULL); _lclose((HFILE)hFile); } BOOL GetCurProcessBaseName(char *pBaseName, int BufSize) { BOOL bRet = FALSE; char szCurProcessPathName[MAX_PATH]; memset(szCurProcessPathName, 0, MAX_PATH); memset(pBaseName, 0, BufSize); ::GetModuleFileName(NULL, szCurProcessPathName, MAX_PATH); char *p = strrchr(szCurProcessPathName, '\\'); if(p) { strcpy(pBaseName, p + 1); bRet = TRUE; } return bRet; } FARPROC WINAPI MyGetProcAddress(HMODULE hModule, LPCSTR lpProcName) { /* char szCurProcessBaseName[MAX_PATH]; if(GetCurProcessBaseName(szCurProcessBaseName, MAX_PATH)) { if(stricmp(szCurProcessBaseName, "explorer.exe") == 0) { WriteLog("You Use GetProcAddress, Func Name: %s", lpProcName); } } */ return GetProcAddress(hModule, lpProcName); } HMODULE WINAPI MyLoadLibraryA(LPCSTR lpLibFileName) { /* char szCurProcessBaseName[MAX_PATH]; if(GetCurProcessBaseName(szCurProcessBaseName, MAX_PATH)) { if(stricmp(szCurProcessBaseName, "explorer.exe") == 0) { WriteLog("You Use LoadLibraryA, Dll Name: %s", lpLibFileName); } } */ return LoadLibraryA(lpLibFileName); } HMODULE WINAPI MyLoadLibraryW(LPCWSTR lpLibFileName) { /* char fname[MAX_PATH]; memset(fname, 0, MAX_PATH); ::WideCharToMultiByte( CP_ACP, 0, lpLibFileName, -1, fname, MAX_PATH, NULL, NULL); char szCurProcessBaseName[MAX_PATH]; if(GetCurProcessBaseName(szCurProcessBaseName, MAX_PATH)) { if(stricmp(szCurProcessBaseName, "explorer.exe") == 0) { // WriteLog("You Use LoadLibraryW, Dll Name: %s", fname); } } */ return LoadLibraryW(lpLibFileName); } int WINAPI MySHFileOperation(LPSHFILEOPSTRUCTA lpFileOp) { //WriteLog("You Use SHFileOperation"); // if(strstr(lpFileOp->pFrom, "Test.txt") != NULL) // return 0; // else return SHFileOperation(lpFileOp); } int WINAPI MySHFileOperationA(LPSHFILEOPSTRUCTA lpFileOp) { WriteLog("You Use SHFileOperationA"); if(lpFileOp ==NULL) return 0; if(strstr(lpFileOp->pFrom, "Test.txt") != NULL) return 0; else return SHFileOperationA(lpFileOp); } int WINAPI MySHFileOperationW(LPSHFILEOPSTRUCTW lpFileOp) { WriteLog("You Use SHFileOperationW"); if(lpFileOp ==NULL) return 0; char fname[MAX_PATH]; memset(fname, 0, MAX_PATH); ::WideCharToMultiByte( CP_ACP, 0, lpFileOp->pFrom, -1, fname, MAX_PATH, NULL, NULL); if(strstr(fname, "Test.txt") != NULL) return 0; else return SHFileOperationW(lpFileOp); return 0; } MYAPIINFO myapi_info[] = { // {"KERNEL32.DLL", "GetProcAddress", 2, "MyGetProcAddress"}, // {"KERNEL32.DLL", "LoadLibraryA", 1, "MyLoadLibraryA"},LoadLibraryA // {"KERNEL32.DLL", "LoadLibraryW", 1, "MyLoadLibraryW"}, {"Shell32.DLL", "SHFileOperation", 1, "MySHFileOperation"}, {"Shell32.DLL", "SHFileOperationA", 1, "MySHFileOperationA"}, {"Shell32.DLL", "SHFileOperationW", 1, "MySHFileOperationW"}, {NULL,NULL,NULL} }; MYAPIINFO *GetMyAPIInfo() { return &myapi_info[0]; }