好象在中文windows 2000 professional下不行,而在windows 2000 server下好象有捕获到的有乱码现象。而在xp,2003下一切正常。
有知道原因吗?调了一天没调出来,好象2000 pro下地址不对。我钩的是CreateProcess.
而在2000 server 下
BOOL WINAPI proxy_CreateProcessW(
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
LPSTR lpszName = new CHAR[ 255 ];
LPSTR lpszName1 = new CHAR[ 255 ];
::WideCharToMultiByte( CP_ACP, 0, (unsigned short *)lpCommandLine, -1, lpszName1, 255, NULL, NULL );//lpszName1正常
::WideCharToMultiByte( CP_ACP, 0, (unsigned short *)lpApplicationName, -1, lpszName, 255, NULL, NULL );//lpszName是乱码,而在xp和2003下是正常的。
}
有知道原因吗?调了一天没调出来,好象2000 pro下地址不对。我钩的是CreateProcess.
而在2000 server 下
BOOL WINAPI proxy_CreateProcessW(
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
LPSTR lpszName = new CHAR[ 255 ];
LPSTR lpszName1 = new CHAR[ 255 ];
::WideCharToMultiByte( CP_ACP, 0, (unsigned short *)lpCommandLine, -1, lpszName1, 255, NULL, NULL );//lpszName1正常
::WideCharToMultiByte( CP_ACP, 0, (unsigned short *)lpApplicationName, -1, lpszName, 255, NULL, NULL );//lpszName是乱码,而在xp和2003下是正常的。
}
解决方案 »
- VC怎么调用自动化接口中的类呢(OPCDAAuto.dll)
- _com_ptr_t类型的指针,->Release和.Release有什么区别?
- 如何在vs2005中使用vs2008所生成的DLL
- 菜鸟提问:vc中如何画100毫米直线,然后在视窗中显示就是100毫米
- 如何才能使窗口支持Tab键使焦点在不同的控件之间移动?
- Vc.net 创建窗口问题
- 请指教:Onpaint 和OnDraw 有何具体不同?
- 控制台下消息接收不到,请大侠指点
- ado操纵数据库,怎样实现对数据库表的修改,比如说新增加一个属性列?谢谢!
- 菜鸟送分:在线等候,先答对的得20分,谢谢各位弟兄姊妹
- 求:VC网络编程资料 和 范例
- 为什么用SHGetFileInfo可以得到其它文件的系统图标,而不能正常得到.htm文件的系统图标?shFinfo.iIcon=3.
m_pfnOrig = GetProcAddressRaw(
GetModuleHandleA(pszCalleeModName), m_pszFuncName);
ReplaceIATEntryInAllMods(m_pszCalleeModName, m_pfnOrig, m_pfnHook,
m_fExcludeAPIHookMod);
FARPROC CAPIHook::GetProcAddressRaw(HMODULE hmod, PCSTR pszProcName) { return(::GetProcAddress(hmod, pszProcName));
}
void CAPIHook::ReplaceIATEntryInAllMods(PCSTR pszCalleeModName,
PROC pfnCurrent, PROC pfnNew, BOOL fExcludeAPIHookMod) { HMODULE hmodThisMod = fExcludeAPIHookMod
? ModuleFromAddress(ReplaceIATEntryInAllMods) : NULL; // Get the list of modules in this process
// CToolhelp th(TH32CS_SNAPMODULE, GetCurrentProcessId());
m_hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
MODULEENTRY32 me = { sizeof(me) };
for (BOOL fOk = Module32First(m_hSnapshot, &me); fOk; fOk = Module32Next(m_hSnapshot, &me)) { // NOTE: We don't hook functions in our own module
if (me.hModule != hmodThisMod) { // Hook this function in this module
ReplaceIATEntryInOneMod(
pszCalleeModName, pfnCurrent, pfnNew, me.hModule);
}
}
}void CAPIHook::ReplaceIATEntryInOneMod(PCSTR pszCalleeModName,
PROC pfnCurrent, PROC pfnNew, HMODULE hmodCaller) { // Get the address of the module's import section
ULONG ulSize;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)
ImageDirectoryEntryToData(hmodCaller, TRUE,
IMAGE_DIRECTORY_ENTRY_IMPORT, &ulSize); if (pImportDesc == NULL)
return; // This module has no import section
// Find the import descriptor containing references to callee's functions
for (; pImportDesc->Name; pImportDesc++) {
PSTR pszModName = (PSTR) ((PBYTE) hmodCaller + pImportDesc->Name);
if (lstrcmpiA(pszModName, pszCalleeModName) == 0)
break; // Found
} if (pImportDesc->Name == 0)
return; // This module doesn't import any functions from this callee // Get caller's import address table (IAT) for the callee's functions
PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)
((PBYTE) hmodCaller + pImportDesc->FirstThunk); // Replace current function address with new function address
for (; pThunk->u1.Function; pThunk++) { // Get the address of the function address
PROC* ppfn = (PROC*) &pThunk->u1.Function; // Is this the function we're looking for?
BOOL fFound = (*ppfn == pfnCurrent); //就这个地方不相等。。 if (!fFound && (*ppfn > sm_pvMaxAppAddr)) { // If this is not the function and the address is in a shared DLL,
// then maybe we're running under a debugger on Windows 98. In this
// case, this address points to an instruction that may have the
// correct address. PBYTE pbInFunc = (PBYTE) *ppfn;
if (pbInFunc[0] == cPushOpCode) {
// We see the PUSH instruction, the real function address follows
ppfn = (PROC*) &pbInFunc[1]; // Is this the function we're looking for?
fFound = (*ppfn == pfnCurrent);
}
} if (fFound) {
// The addresses match, change the import section address
WriteProcessMemory(GetCurrentProcess(), ppfn, &pfnNew,
sizeof(pfnNew), NULL);
return; // We did it, get out
}
} // If we get to here, the function is not in the caller's import section
}
帮忙看看在2000系统下怎么会出现乱码,分析一下也可以
BOOL WINAPI proxy_CreateProcessW(
LPCTSTR lpApplicationName,
LPTSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
)
{
LPSTR lpszName = new CHAR[ 255 ];
LPSTR lpszName1 = new CHAR[ 255 ];
::WideCharToMultiByte( CP_ACP, 0, (unsigned short *)lpCommandLine, -1, lpszName1, 255, NULL, NULL );//lpszName1正常
::WideCharToMultiByte( CP_ACP, 0, (unsigned short *)lpApplicationName, -1, lpszName, 255, NULL, NULL );//lpszName是乱码,而在xp和2003下是正常的。
第一个问题是JR的核心编程代码是有误的,在windows2000 sp4下是不能执行的。
我现在也在使用JR的APIHOOK类,也发现了一些问题。能否帮助看看:
http://community.csdn.net/Expert/TopicView.asp?id=5316649