VxD编程入门教程
2006-07-19 11:35:47 来源:WEB开发网该VxD的文件名是FILEHOOK.VXD,源程序(FILEHOOK.ASM)如下:
;FILEHOOK.VXD--拦截Windows 95/98文件操作的VxD
.386p
.XLIST
INCLUDE VMM.Inc
INCLUDE VWin32.Inc
INCLUDE Shell.Inc
MASM=1
INCLUDE IFS.Inc
INCLUDE IFSMgr.Inc
.LIST
;VxD声明
Declare_Virtual_Device
FILEHOOK,1,0,VxD_Control,Undefined_Device_ID,,,
;保护模式数据段
VxD_DATA_SEG
Prev_File_System_Api_Hook dd 0
In_File_System_Api_Hook db 0
Message1 db ''Open file !'',0
Caption1 db ''FILEHOOK'',0
VxD_DATA_ENDS
;保护模式代码段
VxD_CODE_SEG
;系统控制过程
BeginProc VxD_Control
Control_Dispatch SYS_DYNAMIC_DEVICE_INIT,VxD_Device_Init
Control_Dispatch SYS_DYNAMIC_DEVICE_EXIT,VxD_Device_Exit
Control_Dispatch W32_DEVICEIOCONTROL,VxD_IOCTL
clc
ret
EndProc VxD_Control
;IOCTL 控制(设备I/O控制)过程
BeginProc VxD_IOCTL
;获取DeviceIoControl控制代码
mov ecx,[esi.dwIoControlCode]
cmp ecx,1
jz Install_File_System_Api_Hook
cmp ecx,2
jz Uninstall_File_System_Api_Hook
jmp VxD_IOCTL_Exit
;安装文件系统API 钩子
Install_File_System_Api_Hook:
mov eax,OFFSET32 File_System_Api_Hook
VxDCall IFSMgr_InstallFileSystemApiHook
or eax,eax
jz Error_Handler
;保存上一个文件系统API 钩子地址
mov Prev_File_System_Api_Hook,eax
jmp VxD_IOCTL_Exit
;移去文件系统API 钩子
Uninstall_File_System_Api_Hook:
mov eax,OFFSET32 File_System_Api_Hook
VxDCall IFSMgr_RemoveFileSystemApiHook
cmp eax,0FFFFFFFFH
jz Error_Handler
jmp VxD_IOCTL_Exit
;IOCTL 控制过程结束
VxD_IOCTL_Exit:
xor eax,eax
clc
ret
;错误处理
Error_Handler:
mov eax,0FFFFFFFFH
stc
ret
EndProc VxD_IOCTL
;VxD_Device_Exit过程
BeginProc VxD_Device_Exit
clc
ret
EndProc VxD_Device_Exit
;文件系统API 钩子过程(C语言调用方式)
BeginProc File_System_Api_Hook,CCALL
ArgVar FSDFnAddr,DWORD
ArgVar FunctionNum,DWORD
ArgVar Drive,DWORD
ArgVar ResourceFlags,DWORD
ArgVar CodePage,DWORD
ArgVar pir,DWORD
EnterProc
pushad
;防止重入
cmp byte ptr In_File_System_Api_Hook,00h
jnz Prev_Hook
;比较是打开文件操作吗?
cmp dword ptr FunctionNum,IFSFN_OPEN
jnz Prev_Hook
;设置重入标志
inc byte ptr In_File_System_Api_Hook
;取当前VM句柄
VMMCall Get_Cur_VM_Handle
;显示消息框
mov eax,MB_ICONASTERISK+MB_OK
mov ecx,OFFSET32 Message1
mov edi,OFFSET32 Caption1
mov esi,0
mov edx,0
VxDCall Shell_Message
;取消重入标志
dec byte ptr In_File_System_Api_Hook
;转到上一个文件系统API 钩子地址
Prev_Hook:
popad
LeaveProc
mov eax,Prev_File_System_Api_Hook
jmp [eax]
Return
EndProc File_System_Api_Hook
VxD_CODE_ENDS
;保护模式初始化代码段
VxD_ICODE_SEG
;VxD_Device_Init过程
BeginProc VxD_Device_Init
clc
ret
EndProc VxD_Device_Init
VxD_ICODE_ENDS
end
中查找“VxD编程入门教程”更多相关内容
中查找“VxD编程入门教程”更多相关内容更多精彩
赞助商链接
