www.pudn.com > API_VC_HOOK-.rar > VxDCallDll.asm
;@GOTO TRANSLATE
.586P
.MODEL FLAT, STDCALL
OPTION CASEMAP: NONE
INCLUDE WINDOWS.inc
UNICODE = FALSE
INCLUDE APIMACRO.mac
INCLUDE ApiHooks.inc
INCLUDELIB iKERNEL32.lib
INCLUDELIB iUSER32.lib
;------------------------------------------------------------------
.DATA
MkUnhook 1, 1
hWnd HANDLE 0
.DATA?
Place DWORD 7+(MAX_PATH+1)/4 DUP (?)
.CODE
DllMain PROC DllHandle, Reason, pContext
CMP Reason, DLL_PROCESS_DETACH
JNE Success
Detach:
PUSH EDI
PUSH EAX
MOV EDI, Unhook1.WhereWhat
MOV EDI, (ADDR_CONTENTS PTR [EDI]).ReturnWhere
iWin32 VirtualProtect, EDI, 4, PAGE_READWRITE, ESP
TEST EAX, EAX
POP ECX
JE $ ;immortality required if can't be unhooked
MOV EAX, Unhook1.WhereWhat
MOV EAX, (ADDR_CONTENTS PTR [EAX]).ReturnWhat
MOV [EDI], EAX
PUSH EAX
iWin32 VirtualProtect, EDI, 4, ECX, ESP
POP EAX
POP EDI
Success:
MOV EAX, TRUE
RET
DllMain ENDP
PUBLIC RegHwnd
RegHwnd PROC
PUSH [ESP+4]
POP hWnd
RET 4
RegHwnd ENDP
ALIGN 4
cpdata COPYDATASTRUCT <0,7*4+MAX_PATH+1,OFFSET Place>
;------------------------------------------------------------------
New1 PROC Service, par1, par2, par3, par4, par5, par6
EIP EQU DWORD PTR [EBP+4]
CMP hWnd, 0
JE @F
CMP EIP, 80000000H ;log VxDCalls from user space only
JAE @F
PUSH EDI
iWin32 GetCurrentProcessId
CLD
MOV EDI, OFFSET Place
STOSD
MOV EAX, Service
STOSD
MOV EAX, EIP
STOSD
MOV EAX, par1
STOSD
MOV EAX, par2
STOSD
MOV EAX, par3
STOSD
MOV EAX, par4
STOSD
iWin32i GetModuleHandle, NULL
iWin32i GetModuleFileName, EAX, EDI, MAX_PATH
POP EDI
iWin32i SendMessage, hWnd, WM_COPYDATA, hWnd, OFFSET cpdata
@@:
LEAVE
iWin32j KERNEL32_ORD_0001
New1 ENDP
;names-------------------------------------------------------------
TEXTA KERNEL32,
;------------------------------------------------------------------
BeginHooks VxDCall
MkHook ,, 1, HOOK_EXPORT + HOOK_HARD
EndHooks
;------------------------------------------------------------------
END DllMain
:TRANSLATE
@ECHO OFF
ML /c /coff /nologo VxDCallDll.bat
LINK3 VxDCallDll /nologo /DLL /OUT:VxDCall.dll /EXPORT:VxDCall,@1,NONAME /EXPORT:RegHwnd /SUBSYSTEM:WINDOWS /SECTION:.bss,S /SECTION:.data,S /MERGE:.idata=.text /MERGE:.rdata=.text /IGNORE:4078,4092 /BASE:0XBFF40000
DEL VxDCallDll.obj
DEL VxDCall.exp
DEL VxDCall.lib