www.pudn.com > API_VC_HOOK-.rar > Dynamic.asm
;@goto translate .586P .MODEL FLAT, STDCALL OPTION CASEMAP: NONE INCLUDE WINDOWS.inc UNICODE = FALSE INCLUDE APIMACRO.mac INCLUDE ApiHooks.inc INCLUDELIB iKERNEL32.lib INCLUDELIB iUSER32.lib INCLUDELIB iApiHooks.lib ;------------------------------------------------------------------ .DATA ;dynamic hooks------ BeginHooks HooksDynamic API_HOOKMkHook DynamicHook, , CreateFileA, HOOK_BY_ADDRESS EndHooks ;static hooks------ BeginHooks Dynamic MkHook , , CreateFileA MkHook , , LoadLibraryA MkHook , , LoadLibraryW MkHook , , LoadLibraryExA MkHook , , LoadLibraryExW EndHooks hLog HANDLE INVALID_HANDLE_VALUE TEXTA KERNEL32, TEXTA LoadLibraryW, TEXTA LoadLibraryA, TEXTA LoadLibraryExW, TEXTA LoadLibraryExA, TEXTA CreateFileA, TEXT LogName, TEXTA CRFTemplate, .DATA? Place SIGN 1000 DUP (?) .CODE DllMain PROC DllHandle, Reason, pContext MOV EAX, Reason CMP EAX, DLL_PROCESS_ATTACH JE Attach CMP EAX, DLL_PROCESS_DETACH JE Detach Success: MOV EAX, TRUE RET Attach: CMP hLog, INVALID_HANDLE_VALUE JNE Success iWin32i CreateFile, sLogName, GENERIC_WRITE, FILE_SHARE_READ,\ NULL, CREATE_ALWAYS, NULL, NULL MOV hLog, EAX JMP Success Detach: iWin32 CloseHandle, hLog MOV hLog, INVALID_HANDLE_VALUE JMP Success DllMain ENDP ;------------------------------------------------------------------ ;Helper part NewLoadLibraryW PROC lpLibFileName iWin32 LoadLibraryW, lpLibFileName TEST EAX, EAX JE @F PUSH EAX iWin32 WideCharToMultiByte, CP_ACP, NULL, lpLibFileName, -1, OFFSET Place, SIZEOF Place, NULL, NULL TEST EAX, EAX JE WCTMBFailed MOV EAX, OFFSET DynamicHook ASSUME EAX: PTR API_HOOK MOV [EAX].ModuleImport, OFFSET Place iWin32 GetCurrentProcessId iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX WCTMBFailed: POP EAX @@: RET NewLoadLibraryW ENDP ;------------------------------------------------------------------ NewLoadLibraryA PROC lpLibFileName iWin32 LoadLibraryA, lpLibFileName TEST EAX, EAX JE @F PUSH EAX MOV EAX, OFFSET DynamicHook ASSUME EAX: PTR API_HOOK PUSH lpLibFileName POP [EAX].ModuleImport iWin32 GetCurrentProcessId iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX POP EAX @@: RET NewLoadLibraryA ENDP ;------------------------------------------------------------------ NewLoadLibraryExW PROC lpLibFileName, hFile, dwFlags iWin32 LoadLibraryExW, lpLibFileName, hFile, dwFlags TEST EAX, EAX JE @F CMP dwFlags, DONT_RESOLVE_DLL_REFERENCES JE @F CMP dwFlags, LOAD_LIBRARY_AS_DATAFILE JE @F PUSH EAX iWin32 WideCharToMultiByte, CP_ACP, NULL, lpLibFileName, -1, OFFSET Place, SIZEOF Place, NULL, NULL TEST EAX, EAX JE WCTMBFailed MOV EAX, OFFSET DynamicHook ASSUME EAX: PTR API_HOOK MOV [EAX].ModuleImport, OFFSET Place iWin32 GetCurrentProcessId iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX WCTMBFailed: POP EAX @@: RET NewLoadLibraryExW ENDP ;------------------------------------------------------------------ NewLoadLibraryExA PROC lpLibFileName, hFile, dwFlags iWin32 LoadLibraryExA, lpLibFileName, hFile, dwFlags TEST EAX, EAX JE @F CMP dwFlags, DONT_RESOLVE_DLL_REFERENCES JE @F CMP dwFlags, LOAD_LIBRARY_AS_DATAFILE JE @F PUSH EAX MOV EAX, OFFSET DynamicHook ASSUME EAX: PTR API_HOOK PUSH lpLibFileName POP [EAX].ModuleImport iWin32 GetCurrentProcessId iWin32 EstablishApiHooksA, OFFSET HooksDynamic, EAX WCTMBFailed: POP EAX @@: RET NewLoadLibraryExA ENDP ;------------------------------------------------------------------ ;Executive part NewCreateFileA PROC sFile LOCAL Written : DWORD PUSH EBX MOV EBX, OFFSET Place icWin32 wsprintfA, EBX, sCRFTemplate, sFile iWin32 lstrlenA, EBX LEA ECX, Written iWin32 WriteFile, hLog, EBX, EAX, ECX, NULL POP EBX LEAVE iWin32j CreateFileA NewCreateFileA ENDP ;------------------------------------------------------------------ END DllMain :TRANSLATE @ECHO OFF ML /c /coff /nologo Dynamic.bat LINK3 Dynamic /nologo /DLL /EXPORT:Dynamic,@1,NONAME /SUBSYSTEM:WINDOWS /MERGE:.idata=.text /MERGE:.rdata=.text /SECTION:.text,WRE /IGNORE:4078 /BASE:0X77600000 DEL Dynamic.obj DEL Dynamic.exp DEL Dynamic.lib