陷阱技术探秘----动态汉化Windows技术的分析

陷阱技术探秘----动态汉化Windows技术的分析(4) #include
#include

BOOL WINAPI MyExtTextOut(HDC hDC, int x,
int y, UINT nInt1, const RECT
FAR* lpRect,LPCSTR lpStr, UINT nInt2, int FAR* lpInt);
WORD FAR PASCAL AllocCStoDSAlias(WORD code_sel);

typedef strUCt tagFUNC
{
FARPROC lpFarProcReplace;//替代函数地址
FARPROC lpFarProcWindows;//Windows函数地址
BYTEbOld;//保存原函数第一字节
LONGlOld;//保存原函数接后的四字节长值
}FUNC;

FUNCFunc={MyExtTextOut,ExtTextOut};

//Windows主函数
int PASCAL WinMain(HINSTANCE
hInstance,HINSTANCE hPrevInstance,
LPSTR lpCmdLine,int nCmdShow)
{
HANDLE hMemCode;//代码段句柄
WORD hMemData;//相同基址的可写数据段别名
WORD wOffset; //函数偏移
LPSTRlpStr;
LPLONG lpLong;
char lpNotice[96];


hMemCode=HIWORD((LONG) Func.lpFarProcWindows );
wOffset=LOWORD((LONG) Func.lpFarProcWindows );

wsprintf(lpNotice,"函数所在模块句柄 0x%4xH,偏移 0x%4xH",
hMemCode,wOffset);
MessageBox(NULL,lpNotice,"提示",MB_OK);

//取与代码段有相同基址的可写数据段别名
hMemData=AllocCStoDSAlias(hMemCode);

lpStr=GlobalLock(hMemData);

lpLong=(lpStr+wOffset+1 );
//保存原函数要替换的头几个字节
Func.bOld=*(lpStr+wOffset);
Func.lOld=*lpLong;

*(lpStr+wOffset)=0xEA;
*lpLong=Func.lpFarProcReplace;
GlobalUnlock(hMemData);

MessageBox(NULL,"改为自己的函数","提示",MB_OK);

//将保留的内容改回来
hMemData=AllocCStoDSAlias(hMemCode);
lpStr=GlobalLock(hMemData);
lpLong=(lpStr+wOffset+1 );
*(lpStr+wOffset)=Func.bOld;
*lpLong=Func.lOld;
GlobalUnlock(hMemData);

MessageBox(NULL,"改回原Windows函数","提示",MB_OK);
return 1;
}

//自己的替代函数
BOOL WINAPI MyExtTextOut(HDC hDC, int x, int y, UINT nInt1,
const RECT FAR* lpRect, LPCSTR lpStr, UINT nInt2, int FAR* lpInt)
{
BYTE NameDot[96]={
0x09, 0x00, 0xfd, 0x08, 0x09, 0x08, 0x09, 0x10, 0x09, 0x20,
0x79, 0x40, 0x41, 0x04, 0x47, 0xfe, 0x41, 0x40, 0x79, 0x40,