home *** CD-ROM | disk | FTP | other *** search
- ;------------------------------------------------------------------------
- ;Following exported functions (in fact one function with A and W)
- ;are really hilevel. They only prepare dynamic hooks with 1 API
- ;wanted to hook in the current process. Then call EAH. Moreover check
- ;for Visual Basic structures is made.
- ;------------------------------------------------------------------------
- PUBLIC HookApiA
- HookApiA PROC ModuleExport, ApiNameOrOrd, dwFlags, ModuleImport,\
- UnhookAddresses, NewApi, ExcludeBases
- LOCAL DynaHook[3]: API_HOOK ;x dynamic hooks = x + 2 AH structures
- LOCAL UnhookAddresses4VB: API_UNHOOK ;for Visual Basic
- CMP ModuleExport, HOOKS_END ;if empty hook was passed -> success
- oMOV EAX, ErrorSuccess
- JE HookApiEnd
-
- ;prepare 1st AH structure
- oMOV DynaHook[0*API_HOOK].ModuleExport, HOOKS_DYNAMIC
- oMOV DynaHook[0*API_HOOK].UnhookAddresses, ExcludeBases
-
- ;prepare UnhookAddresses
- MOV EAX, UnhookAddresses
- TEST EAX, EAX
- JE NoUnhook
- ASSUME EAX: PTR API_UNHOOK
- MOV ECX, [EAX].MaxNoAddr
- TEST ECX, ECX
- JNE @F
- MOV EAX, ECX ;if empty Unhook
- JMP NoUnhook ;prepare nothing
-
- ;check for VB WhereWhat structures
- ;because in VB RealWhereWhat == VBWhereWhat+12
- @@:
- MOV EDX, [EAX].WhereWhat
- MOV EAX, [EAX].CurNoAddr
- ASSUME EAX: NOTHING
- CMP DWORD PTR [EDX+04H], 8 ;VB specific
- JNE @F ;not VB
- CMP DWORD PTR [EDX+0CH], 10000H ;check pointer
- JB @F ;not VB
- MOV EDX, [EDX+0CH] ;fix WhereWhat
- @@:
- PUSHp ECX , EAX, EDX
- POPc UnhookAddresses4VB.MaxNoAddr,UnhookAddresses4VB.CurNoAddr,\
- UnhookAddresses4VB.WhereWhat
- LEA EAX, UnhookAddresses4VB
- ;UnhookAddresses are prepared
-
- ;Fill in 2nd AH strucure with passed parametrs ...
- NoUnhook:
- PUSHp ModuleExport, ApiNameOrOrd,\
- dwFlags, ModuleImport,\
- EAX, NewApi
- LEA EAX, DynaHook
- POPc DynaHook[1*API_HOOK].ModuleExport, DynaHook[1*API_HOOK].ApiNameOrOrd,\
- DynaHook[1*API_HOOK].dwFlags, DynaHook[1*API_HOOK].ModuleImport,\
- DynaHook[1*API_HOOK].UnhookAddresses, DynaHook[1*API_HOOK].HookAddress
-
- ;... and 3rd AH structure with hooks end
- oMOV DynaHook[2*API_HOOK].ModuleExport, HOOKS_END
-
- ;call it with current process id
- sWin32 EstablishApiHooksA, EAX, CurPID
-
- MOV ECX, UnhookAddresses
- JECXZ HookApiEnd
- CMP (API_UNHOOK PTR [ECX]).MaxNoAddr, 0
- JE HookApiEnd
-
- ;update CurNoAddr in passed UnhookAddresses
- oMOV (API_UNHOOK PTR [ECX]).CurNoAddr, UnhookAddresses4VB.CurNoAddr
-
- HookApiEnd:
- RET
- HookApiA ENDP
- ;------------------------------------------------------------------------
- ;Only convert unicode strings to ansi and call HookApiA
-
- PUBLIC HookApiW
- HookApiW PROC USES EBX ESI EDI, ModuleExport, ApiNameOrOrd, dwFlags,\
- ModuleImport, UnhookAddresses, NewApi, ExcludeBases
- LOCAL ModuleExportA[MAX_PATH]: ACHAR
- LOCAL ApiNameOrOrdA[MAX_PATH]: ACHAR
- LOCAL ModuleImportA[MAX_PATH]: ACHAR
-
- MOV ESI, ModuleExport
- TEST ESI, ESI
- JE DoApiNameOrOrd ;don't convert special constants
- MOV EAX, ESI
- LEA ESI, ModuleExportA
- iWin32 WideCharToMultiByte, CP_ACP, NULL, EAX, -1, ESI, MAX_PATH, NULL, NULL
- DoApiNameOrOrd:
- MOV EDI, ApiNameOrOrd
- CMP EDI, 10000H
- JB DoModuleImport ;it is ordinal
- MOV EAX, EDI
- LEA EDI, ApiNameOrOrdA
- iWin32 WideCharToMultiByte, CP_ACP, NULL, EAX, -1, EDI, MAX_PATH, NULL, NULL
- DoModuleImport:
- MOV EBX, ModuleImport
- TEST EBX, EBX
- JE CallHookApiA
- CMP EBX, ALL_MODULES ;don't convert special constants
- JE CallHookApiA
- MOV EAX, EBX
- LEA EBX, ApiNameOrOrdA
- iWin32 WideCharToMultiByte, CP_ACP, NULL, EAX, -1, EBX, MAX_PATH, NULL, NULL
- CallHookApiA:
- sWin32 HookApiA, ESI, EDI, dwFlags, EBX, UnhookAddresses, NewApi, ExcludeBases
- RET
- HookApiW ENDP
- ;------------------------------------------------------------------------
