使用detours做了一个监控文件系统操作的程序.遇到些小问题."新建""打开"操作什么的都没问题.唯独"读""写"操作有问题.感觉函数构造应该差不多啊.怎么会有这么大差别.
先附上成功的api的代码
HANDLE WINAPI NEW_CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess,
DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition, DWORD dwFlagAndAttributes, HANDLE hTemplateFile)
{
if(lpFileName != "C:\\dlllog.log"){
switch(dwCreationDisposition){
case CREATE_ALWAYS:;
case CREATE_NEW:;
case OPEN_ALWAYS:AppendMessageToLog("创建新文件:","C:\\dlllog.log");
AppendMessageToLog((char *)lpFileName,"C:\\dlllog.log");
break;
case OPEN_EXISTING:;
case TRUNCATE_EXISTING:AppendMessageToLog("打开文件:","C:\\dlllog.log");
AppendMessageToLog((char *)lpFileName,"C:\\dlllog.log");
break;
}
}
HANDLE ret = OLD_CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagAndAttributes, hTemplateFile);
//MessageBoxW(NULL,lpFileName,L"[测试]",MB_OK);
return ret;
}
有问题的函数如下
BOOL WINAPI NEW_WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
{
AppendWMessageToLog(L"修改文件:",L"C:\\dlllog.log");
AppendWMessageToLog((wchar_t *)hFile,L"C:\\dlllog.log");
BOOL ret=OLD_WriteFile(hFile,lpBuffer,nNumberOfBytesToWrite,lpNumberOfBytesWritten,lpOverlapped);
return ret;
}
当把上面这个函数加入后,就不正常了..apiwindow文件系统
先附上成功的api的代码
HANDLE WINAPI NEW_CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess,
DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition, DWORD dwFlagAndAttributes, HANDLE hTemplateFile)
{
if(lpFileName != "C:\\dlllog.log"){
switch(dwCreationDisposition){
case CREATE_ALWAYS:;
case CREATE_NEW:;
case OPEN_ALWAYS:AppendMessageToLog("创建新文件:","C:\\dlllog.log");
AppendMessageToLog((char *)lpFileName,"C:\\dlllog.log");
break;
case OPEN_EXISTING:;
case TRUNCATE_EXISTING:AppendMessageToLog("打开文件:","C:\\dlllog.log");
AppendMessageToLog((char *)lpFileName,"C:\\dlllog.log");
break;
}
}
HANDLE ret = OLD_CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagAndAttributes, hTemplateFile);
//MessageBoxW(NULL,lpFileName,L"[测试]",MB_OK);
return ret;
}
有问题的函数如下
BOOL WINAPI NEW_WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
{
AppendWMessageToLog(L"修改文件:",L"C:\\dlllog.log");
AppendWMessageToLog((wchar_t *)hFile,L"C:\\dlllog.log");
BOOL ret=OLD_WriteFile(hFile,lpBuffer,nNumberOfBytesToWrite,lpNumberOfBytesWritten,lpOverlapped);
return ret;
}
当把上面这个函数加入后,就不正常了..apiwindow文件系统
解决方案 »
- 已经建立了一个IE工具条,如何设计程序自动更新机制?
- 谁有关于商品陈列管理的软件,我们公司要买
- 请教CMapStringToString对象和CString类型之间如何互相转换?在线等,立即结!
- 安装visual studio6.0提示如下错误,couldn't find acme setup
- 高手帮忙
- 怎样让客户端觉得我的两个服务端对它来说就象一个服务一样?
- 请问如何更改控制台程序默认的图标?
- 请教一个处理字符串问题
- TCPIP中為什麼總是在三次握手通訊后,再給彼端發數據,Tcp中都返回Rst呢,都要瘋了(誰要原嗎,幫忙分析一下)
- 请推荐基本关于C++和VC的好书
- VS2008SP1安装过程中的错误
- 如何获取LPITEMIDLIST的大小
DetourAttach(&(PVOID&)OLD_ReadFile,NEW_ReadFile);这两行之后,生成的dll再注入到进程里的时候,就不能记录结果了...不加这个的时候就是可以记录的...不知道是不是这个NEW_WriteFile写的有问题啊还是哪里出了问题...求大牛帮忙分析..
http://bbs.csdn.net/topics/390548195