在WINDOWS EXPLORER中拷贝、删除、移动文件和文件夹到底用的是什么API函数; |
答題得分者是:wameng
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
|
wameng
版主 發表:31 回覆:1336 積分:1188 註冊:2004-09-16 發送簡訊給我 |
|
wameng
版主 發表:31 回覆:1336 積分:1188 註冊:2004-09-16 發送簡訊給我 |
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
|
wameng
版主 發表:31 回覆:1336 積分:1188 註冊:2004-09-16 發送簡訊給我 |
|
wameng
版主 發表:31 回覆:1336 積分:1188 註冊:2004-09-16 發送簡訊給我 |
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
以下是我的原码 library HookAPIDLL; uses
HookAPI in '..\HookAPI.pas',
Windows, shellApi, SysUtils, Dialogs; type
//TOpenProcess = function(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId: DWORD): THandle; stdcall;
//TSHFileOperation = function(const lpFileOp: TSHFileOpStruct): Integer; stdcall;
TCopyFile = function(lpExistingFileName, lpNewFileName: PChar; bFailIfExists: BOOL): BOOL;
{function (lpExistingFileName, lpNewFileName: PChar;
lpProgressRoutine: TFNProgressRoutine; lpData: Pointer; pbCancel: PBool;
dwCopyFlags: DWORD): BOOL; stdcall; } var
//APIOpenProcess: TOpenProcess;
//APISHFileOperation: TSHFileOperation;
APICopyFile: TCopyFile;
iHook: HHook;
hMapObject: THandle;
fMapFile: Pointer; procedure CreateMapFile;
begin
// create map file
if hMapObject = 0 then
begin
hMapObject := CreateFileMapping($FFFFFFFF, nil, page_ReadWrite, 0, 18, 'ProtectProcess');
if hMapObject > 0 then
begin
fMapFile := MapViewOfFile(hMapObject, File_Map_All_Access, 0, 0, 0);
StrCopy(PChar(fMapFile), PChar(IntToStr(GetCurrentProcessID)));
end;
end;
end; procedure FreeMapFile;
begin
if fMapFile <> nil then UnMapViewOfFile(fMapFile);
if hMapObject > 0 then CloseHandle(hMapObject);
end; // hook proc function HookProc(nCode: Integer; WPARAM: wParam; LPARAM: lParam): LResult; stdcall;
begin
Result := 0;
// do onthing
if nCode < 0 then Result := CallNextHookEx(iHook, nCode, wParam, lParam);
end; // our EXE calls this method to setup the hook procedure SetHook; stdcall;
begin
CreateMapFile;
iHook := SetWindowsHookEx(WH_SYSMSGFILTER, @HookProc, hInstance, 0);
end; // our EXE calls this method to unset the hook procedure UnSetHook; stdcall;
begin
UnHookWindowsHookEx(iHook);
iHook := 0;
FreeMapFile;
end; function MySHFileOperation(const lpFileOp: TSHFileOpStruct): Integer; stdcall;
begin
case lpFileOp.wFunc of
FO_MOVE: showmessage('move file'); FO_COPY: showmessage('copy file'); FO_DELETE: showmessage('delete file'); FO_RENAME: showmessage('rename file'); end;
Result := 0 //APISHFileOperation(lpFileOp);
end; function MyCopyFile(lpExistingFileName, lpNewFileName: PChar; bFailIfExists: BOOL): BOOL; stdcall;
{function CopyFileEx
(lpExistingFileName, lpNewFileName: PChar;
lpProgressRoutine: TFNProgressRoutine; lpData: Pointer; pbCancel: PBool;
dwCopyFlags: DWORD): BOOL; stdcall; }
begin
showmessage(lpExistingFileName '-->' lpNewFileName);
result := true;
end; procedure SetAPIHook; stdcall;
begin
if @APICopyFile = nil then
begin //SHFileOperation
//deletefile
@APICopyFile := LocateFunctionAddress(@CopyFile);
RepointFunction(@APICopyFile, @MyCopyFile);
end;
//CopyCallback()
end; procedure UnSetAPIHook; stdcall;
begin
{if @APISHFileOperation <> nil then
begin
RepointFunction(@MySHFileOperation, @APISHFileOperation);
@APISHFileOperation := nil;
end;}
if @APICopyFile <> nil then
begin
RepointFunction(@MyCopyFile, @APICopyFile);
@APICopyFile := nil;
end;
end; function IsHooking: bool; stdcall;
begin
Result := (@APICopyFile <> nil) and (iHook <> 0);
end; procedure EntryPointProc(Reason: Integer);
begin
case reason of
DLL_PROCESS_ATTACH:
begin
hMapObject := OpenFileMapping(File_Map_All_Access, true, 'ProtectProcess');
if hMapObject > 0 then fMapFile := MapViewOfFile(hMapObject, File_Map_All_Access, 0, 0, 0);
SetAPIHook;
//showmessage('loadOK');
end;
DLL_PROCESS_DETACH:
begin
UnSetAPIHook;
FreeMapFile;
//showmessage('FreeOK');
end;
end;
end; exports
SetHook, UnSetHook, SetAPIHook, UnSetAPIHook, IsHooking; begin
fMapFile := nil; iHook := 0;
DllProc := @EntryPointProc;
EntryPointProc(DLL_PROCESS_ATTACH);
end.
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
unit HookAPI; interface uses
Windows, Classes;
function LocateFunctionAddress(Code: Pointer): Pointer;
function RepointFunction(OldFunc, NewFunc: Pointer): Integer; type //定义一个入口结构
PImage_Import_Entry = ^Image_Import_Entry;
Image_Import_Entry = record
Characteristics: DWORD;
TimeDateStamp: DWORD;
MajorVersion: Word;
MinorVersion: Word;
Name: DWORD;
LookupTable: DWORD;
end; type //定义一个跳转的结构
TImportCode = packed record
JumpInstruction: Word; //定义跳转指令jmp
AddressOfPointerToFunction: ^Pointer; //定义要跳转到的函数
end;
PImportCode = ^TImportCode;
implementation function LocateFunctionAddress(Code: Pointer): Pointer;
var
func: PImportCode;
begin
Result := Code;
if Code = nil then exit;
try
func := code;
if (func.JumpInstruction = $25FF) then
begin
Result := func.AddressOfPointerToFunction^;
end;
except
Result := nil;
end;
end; function RepointFunction(OldFunc, NewFunc: Pointer): Integer;
var
IsDone: TList;
function RepointAddrInModule(hModule: THandle; OldFunc, NewFunc: Pointer): Integer;
var
Dos: PImageDosHeader;
NT: PImageNTHeaders;
ImportDesc: PImage_Import_Entry;
RVA: DWORD;
Func: ^Pointer;
DLL: string;
f: Pointer;
written: DWORD;
begin
Result := 0;
Dos := Pointer(hModule);
if IsDone.IndexOf(Dos) >= 0 then exit;
IsDone.Add(Dos); OldFunc := LocateFunctionAddress(OldFunc); if IsBadReadPtr(Dos, SizeOf(TImageDosHeader)) then exit;
if Dos.e_magic <> IMAGE_DOS_SIGNATURE then exit;
NT := Pointer(Integer(Dos) dos._lfanew); RVA := NT^.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]
.VirtualAddress; if RVA = 0 then exit;
ImportDesc := pointer(integer(Dos) RVA);
while (ImportDesc^.Name <> 0) do
begin
DLL := PChar(Integer(Dos) ImportDesc^.Name);
RepointAddrInModule(GetModuleHandle(PChar(DLL)), OldFunc, NewFunc);
Func := Pointer(Integer(DOS) ImportDesc.LookupTable);
while Func^ <> nil do
begin
f := LocateFunctionAddress(Func^);
if f = OldFunc then
begin
WriteProcessMemory(GetCurrentProcess, Func, @NewFunc, 4, written);
if Written > 0 then Inc(Result);
end;
Inc(Func);
end;
Inc(ImportDesc);
end;
end; begin
IsDone := TList.Create;
try
Result := RepointAddrInModule(GetModuleHandle(nil), OldFunc, NewFunc);
finally
IsDone.Free;
end;
end; end.
|
wameng
版主 發表:31 回覆:1336 積分:1188 註冊:2004-09-16 發送簡訊給我 |
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
|
wameng
版主 發表:31 回覆:1336 積分:1188 註冊:2004-09-16 發送簡訊給我 |
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
|
popmailzjw
一般會員 發表:7 回覆:18 積分:5 註冊:2002-05-11 發送簡訊給我 |
|
favinc
一般會員 發表:22 回覆:19 積分:8 註冊:2003-03-11 發送簡訊給我 |
|
dg822
一般會員 發表:14 回覆:38 積分:10 註冊:2004-12-16 發送簡訊給我 |
本站聲明 |
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |