如何检测自己程序的API被HOOK了.docx
- 文档编号:8392664
- 上传时间:2023-01-31
- 格式:DOCX
- 页数:24
- 大小:19.12KB
如何检测自己程序的API被HOOK了.docx
《如何检测自己程序的API被HOOK了.docx》由会员分享,可在线阅读,更多相关《如何检测自己程序的API被HOOK了.docx(24页珍藏版)》请在冰豆网上搜索。
如何检测自己程序的API被HOOK了
如何检测自己程序的API被HOOK了
如何检测自己程序的API被HOOK了
//*******************************************************************************************************
//ApiHookCheck.cpp:
Definestheentrypointfortheconsoleapplication.
//
//Version1.01
//Copyright(c)2004ChewKeongTAN
//Allrightsreserved.
//
//Permissionisherebygranted,freeofcharge,toanypersonobtaininga
//copyofthissoftwareandassociateddocumentationfiles(the
//"Software"),todealintheSoftwarewithoutrestriction,including
//withoutlimitationtherightstouse,copy,modify,merge,publish,
//distribute,and/orsellcopiesoftheSoftware,andtopermitpersons
//towhomtheSoftwareisfurnishedtodoso,providedthattheabove
//copyrightnotice(s)andthispermissionnoticeappearinallcopiesof
//theSoftwareandthatboththeabovecopyrightnotice(s)andthis
//permissionnoticeappearinsupportingdocumentation.
//
//THESOFTWAREISPROVIDED"ASIS",WITHOUTWARRANTYOFANYKIND,EXPRESS
//ORIMPLIED,INCLUDINGBUTNOTLIMITEDTOTHEWARRANTIESOF
//MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENT
//OFTHIRDPARTYRIGHTS.INNOEVENTSHALLTHECOPYRIGHTHOLDEROR
//HOLDERSINCLUDEDINTHISNOTICEBELIABLEFORANYCLAIM,ORANYSPECIAL
//INDIRECTORCONSEQUENTIALDAMAGES,ORANYDAMAGESWHATSOEVERRESULTING
//FROMLOSSOFUSE,DATAORPROFITS,WHETHERINANACTIONOFCONTRACT,
//NEGLIGENCEOROTHERTORTIOUSACTION,ARISINGOUTOFORINCONNECTION
//WITHTHEUSEORPERFORMANCEOFTHISSOFTWARE.
//
//Usage:
//ApiHookCheck>results.html
//
//Thiswillsavetheoutputresultstoresults.html
//
//Note:
Thisprogramwillnotworkproperlyifyoucompressitusingpackingtools
//likeUPX.
//
//ChangeLog
//----------
//Version1.01
//FixedbugincheckExportsfunction
//
//*******************************************************************************************************
#define_WIN32_WINNT0x0501
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#pragmacomment(lib,"psapi.lib")
#pragmacomment(lib,"iphlpapi.lib")
#pragmacomment(lib,"snmpapi.lib")
#pragmacomment(lib,"netapi32.lib")
#defineHEADINGCOLOR"#E0E000"
#defineBGCOLOR1"#E0E0E0"
#defineBGCOLOR2"#F0F0F0"
//*******************************************************************************************************
//AllthesestuffmakesthecompilerimportthesesymbolsfromtherespectiveDLLs
//
//*******************************************************************************************************
DWORDkernel32Array[]={
(DWORD)AddAtomA,
(DWORD)AddAtomW,
(DWORD)AddConsoleAliasA,
(DWORD)AddConsoleAliasW,
(DWORD)AllocConsole,
(DWORD)AllocateUserPhysicalPages,
(DWORD)AreFileApisANSI,
(DWORD)AssignProcessToJobObject,
(DWORD)BackupRead,
(DWORD)BackupSeek,
(DWORD)BackupWrite,
//(DWORD)BaseAttachCompleteThunk,
(DWORD)Beep,
(DWORD)BeginUpdateResourceA,
(DWORD)BeginUpdateResourceW,
(DWORD)BindIoCompletionCallback,
(DWORD)BuildCommDCBA,
(DWORD)BuildCommDCBAndTimeoutsA,
(DWORD)BuildCommDCBAndTimeoutsW,
(DWORD)BuildCommDCBW,
(DWORD)CallNamedPipeA,
(DWORD)CallNamedPipeW,
(DWORD)CancelDeviceWakeupRequest,
(DWORD)CancelIo,
(DWORD)CancelTimerQueueTimer,
(DWORD)CancelWaitableTimer,
(DWORD)ChangeTimerQueueTimer,
(DWORD)ClearCommBreak,
(DWORD)ClearCommError,
//(DWORD)CloseConsoleHandle,
(DWORD)CloseHandle,
//(DWORD)CloseProfileUserMapping,
//(DWORD)CmdBatNotification,
(DWORD)CommConfigDialogA,
(DWORD)CommConfigDialogW,
(DWORD)CompareFileTime,
(DWORD)CompareStringA,
(DWORD)CompareStringW,
(DWORD)ConnectNamedPipe,
//(DWORD)ConsoleMenuControl,
(DWORD)ContinueDebugEvent,
(DWORD)ConvertDefaultLocale,
(DWORD)ConvertThreadToFiber,
(DWORD)CopyFileA,
(DWORD)CopyFileExA,
(DWORD)CopyFileExW,
(DWORD)CopyFileW,
(DWORD)CreateConsoleScreenBuffer,
(DWORD)CreateDirectoryA,
(DWORD)CreateDirectoryExA,
(DWORD)CreateDirectoryExW,
(DWORD)CreateDirectoryW,
(DWORD)CreateEventA,
(DWORD)CreateEventW,
(DWORD)CreateFiber,
(DWORD)CreateFileA,
(DWORD)CreateFileMappingA,
(DWORD)CreateFileMappingW,
(DWORD)CreateFileW,
(DWORD)CreateHardLinkA,
(DWORD)CreateHardLinkW,
(DWORD)CreateIoCompletionPort,
(DWORD)CreateJobObjectA,
(DWORD)CreateJobObjectW,
(DWORD)CreateMailslotA,
(DWORD)CreateMailslotW,
(DWORD)CreateMutexA,
(DWORD)CreateMutexW,
(DWORD)CreateNamedPipeA,
(DWORD)CreateNamedPipeW,
(DWORD)CreatePipe,
(DWORD)CreateProcessA,
(DWORD)CreateProcessW,
(DWORD)CreateRemoteThread,
(DWORD)CreateSemaphoreA,
(DWORD)CreateSemaphoreW,
(DWORD)CreateTapePartition,
(DWORD)CreateThread,
(DWORD)CreateTimerQueue,
(DWORD)CreateTimerQueueTimer,
(DWORD)CreateToolhelp32Snapshot,
//(DWORD)CreateVirtualBuffer,
(DWORD)CreateWaitableTimerA,
(DWORD)CreateWaitableTimerW,
(DWORD)DebugActiveProcess,
(DWORD)DebugBreak,
(DWORD)DefineDosDeviceA,
(DWORD)DefineDosDeviceW,
//(DWORD)DelayLoadFailureHook,
(DWORD)DeleteAtom,
(DWORD)DeleteCriticalSection,
(DWORD)DeleteFiber,
(DWORD)DeleteFileA,
(DWORD)DeleteFileW,
(DWORD)DeleteTimerQueue,
(DWORD)DeleteTimerQueueEx,
(DWORD)DeleteTimerQueueTimer,
(DWORD)DeleteVolumeMountPointA,
(DWORD)DeleteVolumeMountPointW,
(DWORD)DeviceIoControl,
(DWORD)DisableThreadLibraryCalls,
(DWORD)DisconnectNamedPipe,
(DWORD)DnsHostnameToComputerNameA,
(DWORD)DnsHostnameToComputerNameW,
(DWORD)DosDateTimeToFileTime,
//(DWORD)DosPathToSessionPathA,
//(DWORD)DosPathToSessionPathW,
//(DWORD)DuplicateConsoleHandle,
(DWORD)DuplicateHandle,
(DWORD)EndUpdateResourceA,
(DWORD)EndUpdateResourceW,
(DWORD)EnterCriticalSection,
(DWORD)EnumCalendarInfoA,
(DWORD)EnumCalendarInfoExA,
(DWORD)EnumCalendarInfoExW,
(DWORD)EnumCalendarInfoW,
(DWORD)EnumDateFormatsA,
(DWORD)EnumDateFormatsExA,
(DWORD)EnumDateFormatsExW,
(DWORD)EnumDateFormatsW,
(DWORD)EnumLanguageGroupLocalesA,
(DWORD)EnumLanguageGroupLocalesW,
(DWORD)EnumResourceLanguagesA,
(DWORD)EnumResourceLanguagesW,
(DWORD)EnumResourceNamesA,
(DWORD)EnumResourceNamesW,
(DWORD)EnumResourceTypesA,
(DWORD)EnumResourceTypesW,
(DWORD)EnumSystemCodePagesA,
(DWORD)EnumSystemCodePagesW,
(DWORD)EnumSystemLanguageGroupsA,
(DWORD)EnumSystemLanguageGroupsW,
(DWORD)EnumSystemLocalesA,
(DWORD)EnumSystemLocalesW,
(DWORD)EnumTimeFormatsA,
(DWORD)EnumTimeFormatsW,
(DWORD)EnumUILanguagesA,
(DWORD)EnumUILanguagesW,
(DWORD)EraseTape,
(DWORD)EscapeCommFunction,
(DWORD)ExitProcess,
(DWORD)ExitThread,
//(DWORD)ExitVDM,
(DWORD)ExpandEnvironmentStringsA,
(DWORD)ExpandEnvironmentStringsW,
//(DWORD)ExpungeConsoleCommandHistoryA,
//(DWORD)ExpungeConsoleCommandHistoryW,
//(DWORD)ExtendVirtualBuffer,
(DWORD)FatalAppExitA,
(DWORD)FatalAppExitW,
(DWORD)FatalExit,
(DWORD)FileTimeToDosDateTime,
(DWORD)FileTimeToLocalFileTime,
(DWORD)FileTimeToSystemTime,
(DWORD)FillConsoleOutputAttribute,
(DWORD)FillConsoleOutputCharacterA,
(DWORD)FillConsoleOutputCharacterW,
(DWORD)FindAtomA,
(DWORD)FindAtomW,
(DWORD)FindClose,
(DWORD)FindCloseChangeNotification,
(DWORD)FindFirstChangeNotificationA,
(DWORD)FindFirstChangeNotificationW,
(DWORD)FindFirstFileA,
(DWORD)FindFirstFileExA,
(DWORD)FindFirstFileExW,
(DWORD)FindFirstFileW,
(DWORD)FindFirstVolumeA,
(DWORD)FindFirstVolumeMountPointA,
(DWORD)FindFirstVolumeMountPointW,
(DWORD)FindFirstVolumeW,
(DWORD)FindNextChangeNotification,
(DWORD)FindNextFileA,
(DWORD)FindNextFileW,
(DWORD)FindNextVolumeA,
(DWORD)FindNextVolumeMountPointA,
(DWORD)FindNextVolumeMountPointW,
(DWORD)FindNextVolumeW,
(DWORD)FindResourceA,
(DWORD)FindResourceExA,
(DWORD)FindResourceExW,
(DWORD)FindResourceW,
(DWORD)FindVolumeClose,
(DWORD)FindVolumeMountPointClose,
(DWORD)FlushConsoleInputBuffer,
(DWORD)FlushFileBuffers,
(DWORD)FlushInstructionCache,
(DWORD)FlushViewOfFile,
(DWORD)FoldStringA,
(DWORD)FoldStringW,
(DWORD)FormatMessageA,
(DWORD)FormatMessageW,
(DWORD)FreeConsole,
(DWORD)FreeEnvironmentStringsA,
(DWORD)FreeEnvironmentStringsW,
(DWORD)FreeLibrary,
(DWORD)FreeLibraryAndExitThread,
(DWORD)FreeResource,
(DWORD)FreeUserPhysicalPages,
//(DWORD)FreeVirtualBuffer,
(DWORD)GenerateConsoleCtrlEvent,
(DWORD)GetACP,
(DWORD)GetAtomNameA,
(DWORD)GetAtomNameW,
(DWORD)GetBinaryType,
(DWORD)GetBinaryTypeA,
(DWORD)GetBinaryTypeW,
(DWORD)GetCPInfo,
(DWORD)GetCPInfoExA,
(DWORD)GetCPInfoExW,
(DWORD)GetCalendarInfoA,
(DWORD)GetCalendarInfoW,
(DWORD)GetCommConfig,
(DWORD)GetCommMask,
(DWORD)GetCommModemStatus,
(DWORD)GetCommProperties,
(DWORD)GetCommState,
(DWORD)GetCommTimeouts,
(DWORD)GetCommandLineA,
(DWORD)GetCommandLineW,
(DWORD)GetCompressedFileSizeA,
(DWORD)GetCompressedFileSizeW,
(DWORD)GetComputerNameA,
(DWORD)GetComputerNameExA,
(DWORD)GetComputerNameExW,
(DWORD)GetComputerNameW,
(DWORD)GetConsoleAliasA,
(DWORD)GetConsoleAliasExesA,
(DWORD)GetConsoleAliasExesLengthA,
(DWORD)GetConsoleAliasExesLengthW,
(DWORD)GetConsoleAliasExesW,
(DWORD)GetConsoleAliasW,
(DWORD)GetConsoleAliasesA,
(DWORD)GetConsoleAliasesLengthA,
(DWORD)GetConsoleAliasesLengthW,
(DWORD)GetConsoleAliasesW,
(DWORD)GetConsoleCP,
//(DWORD)GetConsoleCharType,
//(DWORD)GetConsoleCommandHistoryA,
//(DWORD)GetConsoleCommandHistoryLengthA,
//(DWORD)GetConsoleCommandHistoryLengthW,
//(DWORD)GetConsoleCommandHistoryW,
(DWORD)GetConsoleCursorInfo,
//(DWORD)GetConsoleCursorMode,
(DWORD)GetConsoleDisplayMode,
//(DWORD)GetConsoleFontInfo,
(DWORD)GetConsoleFontSize,
//(DWORD)GetConsoleHardwareState,
//(DWORD)GetConsoleInputExeNameA,
//(DWORD)GetConsoleInputExeNameW,
//(DWORD)GetConsoleInputWaitHandle,
//(DWORD)GetConsoleKeyboardLayoutNameA,
//(DWORD)GetConsoleKeyboardLayoutNameW,
(DWORD)GetConsoleMode,
//(DWORD)GetConsoleNlsMode,
(DWORD)GetConsoleOutputCP,
(DWORD)GetConsoleScreenBufferInfo,
(DWORD)GetConsoleTitleA,
(DWORD)GetCo
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 如何 检测 自己 程序 API HOOK