API_VC_HOOK-.rar CapConsole.c

www.pudn.com > API_VC_HOOK-.rar > CapConsole.c
#if _MSC_VER > 1000 
#pragma once 
#endif 
 
#define WIN32_LEAN_AND_MEAN 
 
#include  
#include "ApiHooks.h" 
 
 
HANDLE hLog = INVALID_HANDLE_VALUE; 
 
 
BOOL APIENTRY DllMain( HANDLE hModule,  
                       DWORD  ul_reason_for_call,  
                       LPVOID lpReserved 
					 ) 
{    
    switch (ul_reason_for_call) 
	{ 
		case DLL_PROCESS_ATTACH: 
			if(hLog == INVALID_HANDLE_VALUE) 
                 hLog = CreateFile("console.log", GENERIC_WRITE, FILE_SHARE_READ, 
                         NULL, CREATE_ALWAYS, 0, NULL); 
		         break; 
		case DLL_PROCESS_DETACH: 
             CloseHandle(hLog); 
			 hLog = INVALID_HANDLE_VALUE; 
			break; 
    } 
    return TRUE; 
} 
 
 
BOOL WINAPI NewWriteConsoleA(HANDLE hConOut, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) {               
      WriteFile(hLog, lpvBuffer, cchToWrite, lpcchWritten, NULL); 
      return(WriteConsoleA(hConOut, lpvBuffer, cchToWrite,lpcchWritten, lpvReserved)); 
} 
 
 
char Place[4096]; 
 
BOOL WINAPI NewWriteConsoleW(HANDLE hConOut, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) { 
	  int nbytes = 0; 
      if(nbytes = WideCharToMultiByte(CP_ACP, 0, lpvBuffer, -1, Place, sizeof(Place), NULL, NULL)) 
        WriteFile(hLog, Place, nbytes, lpcchWritten, NULL); 
      return(WriteConsoleW(hConOut, lpvBuffer, cchToWrite,lpcchWritten, lpvReserved)); 
} 
 
 
HANDLE hErr = 0; 
 
HANDLE WINAPI NewGetStdHandle(DWORD nStdHandle) { 
	     HANDLE NewHandle = GetStdHandle(nStdHandle); 
	     if(nStdHandle == STD_ERROR_HANDLE) hErr = NewHandle; 
	     return(NewHandle); 
} 
 
 
BOOL WINAPI NewWriteFile(HANDLE hFile, LPCVOID lpvBuffer, DWORD cchToWrite, LPDWORD lpcchWritten, LPOVERLAPPED lpvReserved) { 
	  if(hFile == hErr) 
      WriteFile(hLog, lpvBuffer, cchToWrite, lpcchWritten, NULL); 
      return(WriteFile(hFile, lpvBuffer, cchToWrite, lpcchWritten, lpvReserved)); 
} 
 
 
FARPROC WINAPI NewGetProcAddress(HMODULE hModule, LPCSTR lpProcName) { 
	if(hModule == GetModuleHandle("KERNEL32.DLL"))	{  
      if(!lstrcmp(lpProcName, "WriteConsoleA"))  return((FARPROC)NewWriteConsoleA); 
      if(!lstrcmp(lpProcName, "WriteConsoleW"))  return((FARPROC)NewWriteConsoleW); 
      if(!lstrcmp(lpProcName, "GetStdHandle"))   return((FARPROC)NewGetStdHandle); 
      if(!lstrcmp(lpProcName, "WriteFile"))      return((FARPROC)NewWriteFile); 
      if(!lstrcmp(lpProcName, "GetProcAddress")) return((FARPROC)NewGetProcAddress); 
	} 
    return(GetProcAddress(hModule, lpProcName)); 
} 
 
__declspec(dllexport) API_HOOK ApiHookChain[6] = { 
	{"KERNEL32.DLL","WriteConsoleA", HOOK_ALL, ALL_MODULES, NULL, NewWriteConsoleA}, 
	{"KERNEL32.DLL","WriteConsoleW", HOOK_ALL, ALL_MODULES, NULL, NewWriteConsoleW}, 
	{"KERNEL32.DLL","GetStdHandle" , HOOK_ALL, ALL_MODULES, NULL, NewGetStdHandle}, 
	{"KERNEL32.DLL","WriteFile"    , HOOK_ALL, ALL_MODULES, NULL, NewWriteFile}, 
	{"KERNEL32.DLL","GetProcAddress",HOOK_ALL, ALL_MODULES, NULL, NewGetProcAddress}, 
	{HOOKS_END} 
};