1、封包定义
PacketData = array of Byte; //封包数据定义类型
PPacketData = ^PacketData;
2、定义个函数指针
KOSend = procedure(pData : PByte;nSize : Integer);stdcall;
3、定义HOOK JMP 代码
//JMP code that will be replaced
TJmpCode = packed record // Total: 7 bytes
JmpCode: BYTE ; // 1 bytes
Address: Pointer; // 4 bytes
MOVEAX : Array [0..1] of BYTE; // 2 bytes
end;
pJmpCode = ^TJmpCode;
4、定义新的SEND函数用户拦截代码
procedure NewKOSend(pData : PByte;nSize : Integer);stdcall;
var dwSize :DWord;
begin
WriteProcessMemory(GetCurrentProcess, g_Hook.FOldMethod,
@g_Hook.FOldJMPCode, 7, dwSize);
//默认ECX参数
asm
mov ecx,KO_PTR_PKT
mov ecx,[ecx]
end;
//重新发送
KOSend(g_Hook.FOldMethod)(pData,nSize);
riteProcessMemory(GetCurrentProcess, g_Hook.FOldMethod,
@g_tJmpCode, 7, dwSize);
end; |
