现在网上随便一搜索HOOK，贴子一大堆，学会了HOOK那做木马或者其它的病毒都是小意思。但是随便现在杀毒软件库的强大，如果用windows
自带的HOOK API，那还没给用户使用就被查杀了。今天就给大家介绍一款国外牛人编写的一个HOOK APK，纯C代码写的。MHOOK。源码网上
有的下载，我就给大家简单封装一下如果抓包和发包的功能，其它的API大家可能根据这个例子一一实现。
MHOOK要成功HOOK住其它进程中的SOCKET接收和发送方法，必须要写成动态链接库，然后把DLL文件注入到其进程中即可。实现也非常之
简单。上代码！

// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"
#include "mhook-lib/mhook.h"
#include 
//////////////封包函数//////////////
typedef int (WINAPI *_send)(SOCKET s, const char *buf, int len, int flags);
typedef int (WINAPI *_recv)(SOCKET s, char *buf, int len, int flags);
_send g_trueSend = (_send)GetProcAddress(GetModuleHandleA("Ws2_32"),"send");
_recv g_trueRecv = (_recv)GetProcAddress(GetModuleHandleA("Ws2_32"),"recv");
mhook_func _msend = NULL;
mhook_func _mrecv = NULL;

static int WINAPI hook_send(SOCKET s, const char *buf, int len, int flags)
{
	int ret = g_trueSend(s,buf,len,flags);
	if (ret > 0)
	{
		char *temp = new char[ret];
		memcpy_s(temp,ret,buf,ret);
		if(_msend != NULL)
			_msend(temp,ret);
		delete temp;
	}
	return ret;
}
static int WINAPI hook_recv(SOCKET s, char *buf, int len, int flags)
{
	int ret = g_trueRecv(s,buf,len,flags);
	if (ret > 0)
	{
		char *temp = new char[ret];
		memcpy_s(temp,ret,buf,ret);
		if(_msend != NULL)
			_mrecv(temp,ret);
		delete temp;
	}
	return ret;
}
BOOL APIENTRY DllMain(HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		//直接在这里HOOK SEND和RECV函数
		Mhook_SetHook((LPVOID*)&g_trueSend,hook_send);
		Mhook_SetHook((LPVOID*)&g_trueRecv,hook_recv);
		break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	case DLL_PROCESS_DETACH:
		//直接在这里UNHOOK SEND和RECV函数)
		Mhook_Unhook((LPVOID*)&g_trueSend);
		Mhook_Unhook((LPVOID*)&g_trueRecv);
		break;
	}
	return TRUE;
}

需要实现的函数及.cpp文件

// mk.cpp : 定义 DLL 应用程序的导出函数。
//
#include "stdafx.h"
#include "mhook-lib/mhook.h"
extern mhook_func _msend;
extern mhook_func _mrecv;
//ppSystemFunction为系统API,pHookFunction为自己定义的API
BOOL t001(PVOID *ppSystemFunction, PVOID pHookFunction)
{
	return Mhook_SetHook(ppSystemFunction,pHookFunction);
}
//pHookFunction为自己定义的API
BOOL t002(PVOID *ppHookedFunction)
{
	return Mhook_Unhook(ppHookedFunction);
}
BOOL t003(mhook_func pHookSendFunc,mhook_func pHookRecvFuc)
{
	_msend = pHookSendFunc;
	_mrecv = pHookRecvFuc;
	return TRUE;
}

mk.def

LIBRARY
EXPORTS
    ; 此处可以是显式导出
	t001 @1
	t002 @2
	t003 @3

在stdafx.h中添加以下别名

typedef void (WINAPI *mhook_func)(char *buf, int len);

最后直接编译生成DLL库就成功了。

本文链接:https://www.it72.com/369.htm