[Delphi] 纯文本查看 复制代码
library d3d8thk;
uses Windows;
var
g_pFunc1, g_pFunc2, g_pFunc3, g_pFunc4, g_pFunc5, g_pFunc6, g_pFunc7, g_pFunc8, g_pFunc9, g_pFunc10,
g_pFunc11, g_pFunc12, g_pFunc13, g_pFunc14, g_pFunc15, g_pFunc16, g_pFunc17, g_pFunc18, g_pFunc19, g_pFunc20,
g_pFunc21, g_pFunc22, g_pFunc23, g_pFunc24, g_pFunc25, g_pFunc26, g_pFunc27, g_pFunc28, g_pFunc29, g_pFunc30,
g_pFunc31, g_pFunc32, g_pFunc33, g_pFunc34, g_pFunc35, g_pFunc36, g_pFunc37, g_pFunc38, g_pFunc39, g_pFunc40,
g_pFunc41, g_pFunc42, g_pFunc43, g_pFunc44, g_pFunc45, g_pFunc46, g_pFunc47, g_pFunc48, g_pFunc49, g_pFunc50,
g_pFunc51, g_pFunc52, g_pFunc53, g_pFunc54, g_pFunc55, g_pFunc56: Pointer;
g_nBakData: Int64;
procedure FakeProc1; asm jmp g_pFunc1 end;
procedure FakeProc2; asm jmp g_pFunc2 end;
procedure FakeProc3; asm jmp g_pFunc3 end;
procedure FakeProc4; asm jmp g_pFunc4 end;
procedure FakeProc5; asm jmp g_pFunc5 end;
procedure FakeProc6; asm jmp g_pFunc6 end;
procedure FakeProc7; asm jmp g_pFunc7 end;
procedure FakeProc8; asm jmp g_pFunc8 end;
procedure FakeProc9; asm jmp g_pFunc9 end;
procedure FakeProc10; asm jmp g_pFunc10 end;
procedure FakeProc11; asm jmp g_pFunc11 end;
procedure FakeProc12; asm jmp g_pFunc12 end;
procedure FakeProc13; asm jmp g_pFunc13 end;
procedure FakeProc14; asm jmp g_pFunc14 end;
procedure FakeProc15; asm jmp g_pFunc15 end;
procedure FakeProc16; asm jmp g_pFunc16 end;
procedure FakeProc17; asm jmp g_pFunc17 end;
procedure FakeProc18; asm jmp g_pFunc18 end;
procedure FakeProc19; asm jmp g_pFunc19 end;
procedure FakeProc20; asm jmp g_pFunc20 end;
procedure FakeProc21; asm jmp g_pFunc21 end;
procedure FakeProc22; asm jmp g_pFunc22 end;
procedure FakeProc23; asm jmp g_pFunc23 end;
procedure FakeProc24; asm jmp g_pFunc24 end;
procedure FakeProc25; asm jmp g_pFunc25 end;
procedure FakeProc26; asm jmp g_pFunc26 end;
procedure FakeProc27; asm jmp g_pFunc27 end;
procedure FakeProc28; asm jmp g_pFunc28 end;
procedure FakeProc29; asm jmp g_pFunc29 end;
procedure FakeProc30; asm jmp g_pFunc30 end;
procedure FakeProc31; asm jmp g_pFunc31 end;
procedure FakeProc32; asm jmp g_pFunc32 end;
procedure FakeProc33; asm jmp g_pFunc33 end;
procedure FakeProc34; asm jmp g_pFunc34 end;
procedure FakeProc35; asm jmp g_pFunc35 end;
procedure FakeProc36; asm jmp g_pFunc36 end;
procedure FakeProc37; asm jmp g_pFunc37 end;
procedure FakeProc38; asm jmp g_pFunc38 end;
procedure FakeProc39; asm jmp g_pFunc39 end;
procedure FakeProc40; asm jmp g_pFunc40 end;
procedure FakeProc41; asm jmp g_pFunc41 end;
procedure FakeProc42; asm jmp g_pFunc42 end;
procedure FakeProc43; asm jmp g_pFunc43 end;
procedure FakeProc44; asm jmp g_pFunc44 end;
procedure FakeProc45; asm jmp g_pFunc45 end;
procedure FakeProc46; asm jmp g_pFunc46 end;
procedure FakeProc47; asm jmp g_pFunc47 end;
procedure FakeProc48; asm jmp g_pFunc48 end;
procedure FakeProc49; asm jmp g_pFunc49 end;
procedure FakeProc50; asm jmp g_pFunc50 end;
procedure FakeProc51; asm jmp g_pFunc51 end;
procedure FakeProc52; asm jmp g_pFunc52 end;
procedure FakeProc53; asm jmp g_pFunc53 end;
procedure FakeProc54; asm jmp g_pFunc54 end;
procedure FakeProc55; asm jmp g_pFunc55 end;
procedure FakeProc56; asm jmp g_pFunc56 end;
exports
FakeProc56 name 'OsThunkDdWaitForVerticalBlank',
FakeProc55 name 'OsThunkDdUpdateOverlay',
FakeProc54 name 'OsThunkDdUnlockD3D',
FakeProc53 name 'OsThunkDdUnlock',
FakeProc52 name 'OsThunkDdUnattachSurface',
FakeProc51 name 'OsThunkDdSetOverlayPosition',
FakeProc50 name 'OsThunkDdSetGammaRamp',
FakeProc49 name 'OsThunkDdSetExclusiveMode',
FakeProc48 name 'OsThunkDdSetColorKey',
FakeProc47 name 'OsThunkDdResetVisrgn',
FakeProc46 name 'OsThunkDdRenderMoComp',
FakeProc45 name 'OsThunkDdReleaseDC',
FakeProc44 name 'OsThunkDdReenableDirectDrawObject',
FakeProc43 name 'OsThunkDdQueryMoCompStatus',
FakeProc42 name 'OsThunkDdQueryDirectDrawObject',
FakeProc41 name 'OsThunkDdLockD3D',
FakeProc40 name 'OsThunkDdLock',
FakeProc39 name 'OsThunkDdGetScanLine',
FakeProc38 name 'OsThunkDdGetMoCompGuids',
FakeProc37 name 'OsThunkDdGetMoCompFormats',
FakeProc36 name 'OsThunkDdGetMoCompBuffInfo',
FakeProc35 name 'OsThunkDdGetInternalMoCompInfo',
FakeProc34 name 'OsThunkDdGetFlipStatus',
FakeProc33 name 'OsThunkDdGetDxHandle',
FakeProc32 name 'OsThunkDdGetDriverState',
FakeProc31 name 'OsThunkDdGetDriverInfo',
FakeProc30 name 'OsThunkDdGetDC',
FakeProc29 name 'OsThunkDdGetBltStatus',
FakeProc28 name 'OsThunkDdGetAvailDriverMemory',
FakeProc27 name 'OsThunkDdFlipToGDISurface',
FakeProc26 name 'OsThunkDdFlip',
FakeProc25 name 'OsThunkDdEndMoCompFrame',
FakeProc24 name 'OsThunkDdDestroySurface',
FakeProc23 name 'OsThunkDdDestroyMoComp',
FakeProc22 name 'OsThunkDdDestroyD3DBuffer',
FakeProc21 name 'OsThunkDdDeleteSurfaceObject',
FakeProc20 name 'OsThunkDdDeleteDirectDrawObject',
FakeProc19 name 'OsThunkDdCreateSurfaceObject',
FakeProc18 name 'OsThunkDdCreateSurfaceEx',
FakeProc17 name 'OsThunkDdCreateSurface',
FakeProc16 name 'OsThunkDdCreateMoComp',
FakeProc15 name 'OsThunkDdCreateDirectDrawObject',
FakeProc14 name 'OsThunkDdCreateD3DBuffer',
FakeProc13 name 'OsThunkDdColorControl',
FakeProc12 name 'OsThunkDdCanCreateSurface',
FakeProc11 name 'OsThunkDdCanCreateD3DBuffer',
FakeProc10 name 'OsThunkDdBlt',
FakeProc9 name 'OsThunkDdBeginMoCompFrame',
FakeProc8 name 'OsThunkDdAttachSurface',
FakeProc7 name 'OsThunkDdAlphaBlt',
FakeProc6 name 'OsThunkDdAddAttachedSurface',
FakeProc5 name 'OsThunkD3dValidateTextureStageState',
FakeProc4 name 'OsThunkD3dDrawPrimitives2',
FakeProc3 name 'OsThunkD3dContextDestroyAll',
FakeProc2 name 'OsThunkD3dContextDestroy',
FakeProc1 name 'OsThunkD3dContextCreate';
function HookApiHead(lpApi, lpNew, lpOrg: Pointer): BOOL;
var
nSize, nLen: Integer;
dwProtect, dwData, dwOffset: DWORD;
begin
Result := False;
//取备份字节长度
//nSize := GetBackUpSize(lpApi, 5);
//if nSize = 0 then Exit;
//复制/备份原始代码
nSize:=5;
nLen := nSize + 5;
dwProtect := 0;
if not VirtualProtect(lpOrg, nLen, PAGE_EXECUTE_READWRITE, @dwProtect) then Exit;
CopyMemory(lpOrg, lpApi, nSize);
dwData := DWORD(lpOrg) + nSize;
dwOffset := DWORD(lpApi) + nSize - dwData - 5;
PBYTE(dwData)^ := $E9;
Inc(dwData);
PDWORD(dwData)^ := dwOffset;
VirtualProtect(lpOrg, nLen, dwProtect, @dwProtect);
//开始HOOK API
dwProtect := 0;
if not VirtualProtect(lpApi, nSize, PAGE_EXECUTE_READWRITE, @dwProtect) then Exit;
dwData := DWORD(lpApi);
dwOffset := DWORD(lpNew) - dwData - 5;
PBYTE(dwData)^ := $E9;
Inc(dwData);
PDWORD(dwData)^ := dwOffset;
VirtualProtect(lpApi, nSize, dwProtect, @dwProtect);
Result := True;
end;
procedure Naked_ZwSetInformationThread;
asm
push eax;
mov eax, $11111111;
mov eax, $11111111;
pop eax;
end;
function MyZwSetInformationThread(hThread, dwClass, dwInfo, dwLen: DWORD): Integer; stdcall;
type TCall = function(hThread, dwClass, dwInfo, dwLen: DWORD): Integer; stdcall;
begin
Result := 0;
if dwClass = $11 then Exit;
Result := TCall(@Naked_ZwSetInformationThread)(hThread, dwClass, dwInfo, dwLen);
end;
procedure ReCoveryDbgUiRemoteBreakin(lpArg: PInt64);
var
nCount: Integer;
dwTemp: DWORD;
begin
nCount := 0;
while nCount < 6000 do begin
Sleep(100);
if lpArg^ <> g_nBakData then begin
if VirtualProtect(lpArg, 8, PAGE_EXECUTE_READWRITE, @dwTemp) then begin
lpArg^ := g_nBakData; //还原数据
VirtualProtect(lpArg, 8, dwTemp, @dwTemp);
end;
end;
Inc(nCount);
end;
end;
procedure InitHook;
var
dwMod: DWORD;
pApi: Pointer;
dwTid: DWORD;
begin
dwMod := GetModuleHandle('ntdll.dll');
pApi := GetProcAddress(dwMod, 'ZwSetInformationThread');
if pApi <> nil then HookApiHead(pApi, @MyZwSetInformationThread, @Naked_ZwSetInformationThread);
pApi := GetProcAddress(dwMod, 'DbgUiRemoteBreakin');
if pApi = nil then Exit;
try
g_nBakData := PInt64(pApi)^;
CloseHandle(BeginThread(nil, 0, @ReCoveryDbgUiRemoteBreakin, pApi, 0, dwTid));
except end;
end;
procedure EntryPoint(dwReason: DWORD);
var hMod: HMODULE;
begin
case dwReason of
DLL_PROCESS_ATTACH:
begin
InitHook;
hMod := LoadLibrary('C:\Windows\system32\d3d8thk.dll');
if hMod <> 0 then begin
g_pFunc1 := GetProcAddress(hMod, 'OsThunkD3dContextCreate');
g_pFunc2 := GetProcAddress(hMod, 'OsThunkD3dContextDestroy');
g_pFunc3 := GetProcAddress(hMod, 'OsThunkD3dContextDestroyAll');
g_pFunc4 := GetProcAddress(hMod, 'OsThunkD3dDrawPrimitives2');
g_pFunc5 := GetProcAddress(hMod, 'OsThunkD3dValidateTextureStageState');
g_pFunc6 := GetProcAddress(hMod, 'OsThunkDdAddAttachedSurface');
g_pFunc7 := GetProcAddress(hMod, 'OsThunkDdAlphaBlt');
g_pFunc8 := GetProcAddress(hMod, 'OsThunkDdAttachSurface');
g_pFunc9 := GetProcAddress(hMod, 'OsThunkDdBeginMoCompFrame');
g_pFunc10 := GetProcAddress(hMod, 'OsThunkDdBlt');
g_pFunc11 := GetProcAddress(hMod, 'OsThunkDdCanCreateD3DBuffer');
g_pFunc12 := GetProcAddress(hMod, 'OsThunkDdCanCreateSurface');
g_pFunc13 := GetProcAddress(hMod, 'OsThunkDdColorControl');
g_pFunc14 := GetProcAddress(hMod, 'OsThunkDdCreateD3DBuffer');
g_pFunc15 := GetProcAddress(hMod, 'OsThunkDdCreateDirectDrawObject');
g_pFunc16 := GetProcAddress(hMod, 'OsThunkDdCreateMoComp');
g_pFunc17 := GetProcAddress(hMod, 'OsThunkDdCreateSurface');
g_pFunc18 := GetProcAddress(hMod, 'OsThunkDdCreateSurfaceEx');
g_pFunc19 := GetProcAddress(hMod, 'OsThunkDdCreateSurfaceObject');
g_pFunc20 := GetProcAddress(hMod, 'OsThunkDdDeleteDirectDrawObject');
g_pFunc21 := GetProcAddress(hMod, 'OsThunkDdDeleteSurfaceObject');
g_pFunc22 := GetProcAddress(hMod, 'OsThunkDdDestroyD3DBuffer');
g_pFunc23 := GetProcAddress(hMod, 'OsThunkDdDestroyMoComp');
g_pFunc24 := GetProcAddress(hMod, 'OsThunkDdDestroySurface');
g_pFunc25 := GetProcAddress(hMod, 'OsThunkDdEndMoCompFrame');
g_pFunc26 := GetProcAddress(hMod, 'OsThunkDdFlip');
g_pFunc27 := GetProcAddress(hMod, 'OsThunkDdFlipToGDISurface');
g_pFunc28 := GetProcAddress(hMod, 'OsThunkDdGetAvailDriverMemory');
g_pFunc29 := GetProcAddress(hMod, 'OsThunkDdGetBltStatus');
g_pFunc30 := GetProcAddress(hMod, 'OsThunkDdGetDC');
g_pFunc31 := GetProcAddress(hMod, 'OsThunkDdGetDriverInfo');
g_pFunc32 := GetProcAddress(hMod, 'OsThunkDdGetDriverState');
g_pFunc33 := GetProcAddress(hMod, 'OsThunkDdGetDxHandle');
g_pFunc34 := GetProcAddress(hMod, 'OsThunkDdGetFlipStatus');
g_pFunc35 := GetProcAddress(hMod, 'OsThunkDdGetInternalMoCompInfo');
g_pFunc36 := GetProcAddress(hMod, 'OsThunkDdGetMoCompBuffInfo');
g_pFunc37 := GetProcAddress(hMod, 'OsThunkDdGetMoCompFormats');
g_pFunc38 := GetProcAddress(hMod, 'OsThunkDdGetMoCompGuids');
g_pFunc39 := GetProcAddress(hMod, 'OsThunkDdGetScanLine');
g_pFunc40 := GetProcAddress(hMod, 'OsThunkDdLock');
g_pFunc41 := GetProcAddress(hMod, 'OsThunkDdLockD3D');
g_pFunc42 := GetProcAddress(hMod, 'OsThunkDdQueryDirectDrawObject');
g_pFunc43 := GetProcAddress(hMod, 'OsThunkDdQueryMoCompStatus');
g_pFunc44 := GetProcAddress(hMod, 'OsThunkDdReenableDirectDrawObject');
g_pFunc45 := GetProcAddress(hMod, 'OsThunkDdReleaseDC');
g_pFunc46 := GetProcAddress(hMod, 'OsThunkDdRenderMoComp');
g_pFunc47 := GetProcAddress(hMod, 'OsThunkDdResetVisrgn');
g_pFunc48 := GetProcAddress(hMod, 'OsThunkDdSetColorKey');
g_pFunc49 := GetProcAddress(hMod, 'OsThunkDdSetExclusiveMode');
g_pFunc50 := GetProcAddress(hMod, 'OsThunkDdSetGammaRamp');
g_pFunc51 := GetProcAddress(hMod, 'OsThunkDdSetOverlayPosition');
g_pFunc52 := GetProcAddress(hMod, 'OsThunkDdUnattachSurface');
g_pFunc53 := GetProcAddress(hMod, 'OsThunkDdUnlock');
g_pFunc54 := GetProcAddress(hMod, 'OsThunkDdUnlockD3D');
g_pFunc55 := GetProcAddress(hMod, 'OsThunkDdUpdateOverlay');
g_pFunc56 := GetProcAddress(hMod, 'OsThunkDdWaitForVerticalBlank');
end;
end;
DLL_PROCESS_DETACH: begin end;
end;
end;
begin
DllProc := @EntryPoint;
EntryPoint(DLL_PROCESS_ATTACH);
end.