C# (CSharp) Csharp_InlineHook NativeAPI.ReadMemoryValue 예제들

예제 #1

        private void button5_Click(object sender, EventArgs e)
        {
            byte[] jmp_inst =
            {
                233, 0, 0, 0, 0,//JMP Address
            };
            int Method = NativeAPI.GetMethodPTR(typeof(WeChetHook), "Callback");

            textBox3.Text = (3212659 + int.Parse(label1.Text)).ToString();

            List <byte> byteSource = new List <byte>();

            byteSource.AddRange(new byte[] { 199, 134, 236, 2, 0, 0 });                    //mov dword [esi+0x000002EC],
            byteSource.AddRange(BitConverter.GetBytes(int.Parse(textBox3.Text) + 5));      //0x00000000  把hook的后五个字节地址压进寄存器
            byteSource.AddRange(jmp_inst);                                                 //让他跳到跳板函数
            //这部分根据实际情况填写
            byteSource.Add(185);                                                           //补充替换的汇编指令
            byteSource.AddRange(BitConverter.GetBytes(int.Parse(label1.Text) + 19255272)); //补充替换的汇编指令地址
            //开始hook
            Inline_Hook.InlineHook(int.Parse(textBox3.Text), 5, byteSource.ToArray(), getInt(Method), 11 + 10, "接收消息", (obj) => {
                StringBuilder sb = new StringBuilder();
                sb.Append("接收消息:");
                int a = 0x68;
                //System.Windows.Forms.MessageBox.Show("esp:"+a.ToString());
                try
                {
                    if (obj.ESP == 0)
                    {
                        return;
                    }
                    int MsgPtr = NativeAPI.ReadMemoryValue(obj.ESP);
                    if (MsgPtr == 0)
                    {
                        return;
                    }
                    MsgPtr = NativeAPI.ReadMemoryValue(MsgPtr);
                    if (MsgPtr == 0)
                    {
                        return;
                    }
                    MsgPtr = NativeAPI.ReadMemoryValue(MsgPtr + 0x68);
                    if (MsgPtr == 0)
                    {
                        return;
                    }
                    int len = NativeAPI.lstrlenW(MsgPtr);
                    if (len == 0)
                    {
                        return;
                    }
                    sb.Append(NativeAPI.ReadMemoryStrValue(MsgPtr, len * 2 + 2));
                    sb.Append("\r\n");
                    listBox1.Items.Add(sb.ToString());
                }
                catch (Exception es)
                {
                    File.AppendAllText("error.txt", es.Message);
                }
            });
        }

예제 #2

파일: WeChetHook.cs 프로젝트: zmrbak/csharp_InlineHook

        /// <summary>
        /// 前两个是不属于参数
        /// </summary>
        /// <param name="Default1">默认</param>
        /// <param name="Default2">默认</param>
        /// <param name="EAX"></param>
        /// <param name="EBX"></param>
        /// <param name="ECX"></param>
        /// <param name="EDX"></param>
        /// <param name="ESI"></param>
        /// <param name="EDI"></param>
        /// <param name="EBP"></param>
        /// <param name="ESP"></param>
        public static void Callback(int Default1, int Default2,
                                    int ECX, int EAX, int EDX, int EBX, int ESP, int EBP, int ESI, int EDI)
        {
            int ptr = NativeAPI.ReadMemoryValue(Default2);

            if (Methods.callBacks.ContainsKey(ptr))
            {
                Methods.callBacks[ptr](Default1, ptr, ECX, EAX, EDX, EBX, ESP, EBP, ESI, EDI);
            }
            //System.Windows.Forms.MessageBox.Show("微信hook消息拦截成功EAX:" + NativeAPI.ReadMemoryValue(Default2).ToString(), "hook成功");
            //System.Windows.Forms.MessageBox.Show("微信hook消息拦截成功ESP:" + Default2.ToString(), "hook成功");
        }