我在DLL中HOOK了CreateFileA和CreateFileW,
当然还有
MoveFileW,MoveFileA
DeleteFileW,DeleteFileA
CopyFileW,CopyFileA等函数下面我说一下症状:1.把CreateFileA和CreateFileW的HOOK去掉,挂钩和卸载钩子后都没有任何问题
2.把CreateFileA和CreateFileW的HOOK加上后,挂钩没问题,卸载钩子后,点一下“开始”或双击“我的电脑”等操作时explorer会崩溃以上两个现象出现率是100%我观察了一下,CreateFileA和CreateFileW这两个函数与其他函数的唯一不同之处就在于返回值这两个是HANDLE型的,其他的都是BOOL型的,问题到底出现在哪呢?高手指点对了,最后说明一下,我用的是Detours技术。
当然还有
MoveFileW,MoveFileA
DeleteFileW,DeleteFileA
CopyFileW,CopyFileA等函数下面我说一下症状:1.把CreateFileA和CreateFileW的HOOK去掉,挂钩和卸载钩子后都没有任何问题
2.把CreateFileA和CreateFileW的HOOK加上后,挂钩没问题,卸载钩子后,点一下“开始”或双击“我的电脑”等操作时explorer会崩溃以上两个现象出现率是100%我观察了一下,CreateFileA和CreateFileW这两个函数与其他函数的唯一不同之处就在于返回值这两个是HANDLE型的,其他的都是BOOL型的,问题到底出现在哪呢?高手指点对了,最后说明一下,我用的是Detours技术。
HANDLE WINAPI CopyCreateFileW(LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile );
DETOUR_TRAMPOLINE(HANDLE WINAPI CopyCreateFileW(LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile ),
CreateFileW);
HANDLE WINAPI MyCreateFileW(LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile )
{
//我想问问比尔盖兹,这样写都崩溃吗?太没天理了吧!!!一句我自己的代码都没有啊!
return CopyCreateFileW(lpFileName,
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);}
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile )
= CreateFileW; 兄弟,下次代码贴整齐点,必要的留点空格。这样别人也好看啊:)
// 2、CopyCreateFileW 是一个用于保存原来系统函数CreateFileW的函数指针变量,应该这样声明:
HANDLE (WINAPI * CopyCreateFileW)(LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile )
= CreateFileW;
如果这样的话。
我认为是APIHOOK hook冲突。
这个可能性最大。找一个干净的开发环境测试把,
把杀毒,监控什么的都关了。
你试试别人的电脑或在2000下运行试试
我按照你说的改了,挂上钩子后,这个函数不起作用了,也就是说没有拐到我的代码里来,也就是说,没HOOK到这个函数,我想可能是DllMain需要改一下吧,你帮我看看怎么改呢?谢谢
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DetourFunctionWithTrampoline((PBYTE)CopyCreateFileA, (PBYTE)MyCreateFileA);
DetourFunctionWithTrampoline((PBYTE)CopyCreateFileW, (PBYTE)MyCreateFileW);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
DetourRemove((PBYTE)CopyCreateFileA, (PBYTE)MyCreateFileA);
DetourRemove((PBYTE)CopyCreateFileW, (PBYTE)MyCreateFileW);
//DetourRemove((PBYTE)CopyCreateFile, (PBYTE)MyCreateFile);
break;
}
return TRUE;
}
// Dll 文件:#include "detours.h"#pragma comment(lib, "detours.lib")
#pragma comment(lib, "detoured.lib")////////////////////////////////////////////////////////////////////////////////
// CreateFileW:
HANDLE (WINAPI* SysCreateFileW)(LPCWSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes, // pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to copy
) = CreateFileW;HANDLE WINAPI HookCreateFileW(LPCWSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes, // pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to copy
)
{
// 这里放入你创建文件前的工作:
HANDLE h = SysCreateFileW(lpFileName, // pointer to name of the file
dwDesiredAccess, // access (read-write) mode
dwShareMode, // share mode
lpSecurityAttributes, // pointer to security attributes
dwCreationDisposition, // how to create
dwFlagsAndAttributes, // file attributes
hTemplateFile // handle to file with attributes to copy
); // 这里放入你创建文件后的工作: return h;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)SysCreateFileW, HookCreateFileW);
DetourTransactionCommit();
}
else if (ul_reason_for_call == DLL_PROCESS_DETACH)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)SysCreateFileW, HookCreateFileW);
DetourTransactionCommit();
} return true;
}////////////////////////////////////////////////////////////////////////////////
// Must at least ONE export function:
__declspec(dllexport) void ExportFunc(void)
{
}
// 注入程序关键代码:#include "detours.h"#pragma comment(lib, "detours.lib")
#pragma comment(lib, "detoured.lib")void CInjectDlg::Inject(const TCHAR* pExe,
const TCHAR* pArgs,
const TCHAR* pDetourDllFullPath,
const TCHAR* pHookDllFullPath)
{
STARTUPINFO si;
PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si); if( !DetourCreateProcessWithDll(pExe, pArgs, NULL, NULL, TRUE,
CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
NULL, NULL,
&si, &pi,
pDetourDllFullPath,
pHookDllFullPath,
NULL) )
{
CString szTips;
szTips.Format(_T("DetourCreateProcessWithDll failed: %d\n"), GetLastError());
MessageBox(szTips);
}
else
{
ResumeThread(pi.hThread);
}
}仔细对照两段代码,看看你哪里没写对? 如果你是直接HOOK本进程的API的话,则不需要编写那个DLL了,把DLL中的代码移到你的进程中去即可。
void CInjectDlg::Inject(const TCHAR* pExe,
const TCHAR* pArgs,
const TCHAR* pDetourDllFullPath,
const TCHAR* pHookDllFullPath)这个函数的四个参数怎么写啊?尤其是第二个,其他三个我大概能写出来,如下Inject("test.exe",
"",
"detoured.dll",
"fpublic.dll")不知道这么写对不对,尤其第二个参数不知道怎么写