我用detours库函数写了一个拦截CreateFileA()和CreateFileW()的DLL,然后弹出一个MessageBox。
当我把这个DLL用远程注入的方式注入到explorer.exe的时候,用冰刃查看并没有注入该DLL,但是刚刚查看完机器就自动重启了,这是为什么?
如果仅仅是注入explorer.exe一个弹出MessageBox的DLL,不会重启,只是间歇性的弹出MessageBox,但是用冰刃查看的时候,发现这个DLL已经注入到explorer.exe进程中。
郁闷,望高手赐教!!!
当我把这个DLL用远程注入的方式注入到explorer.exe的时候,用冰刃查看并没有注入该DLL,但是刚刚查看完机器就自动重启了,这是为什么?
如果仅仅是注入explorer.exe一个弹出MessageBox的DLL,不会重启,只是间歇性的弹出MessageBox,但是用冰刃查看的时候,发现这个DLL已经注入到explorer.exe进程中。
郁闷,望高手赐教!!!
解决方案 »
- 局域网远程用ADO远程连接Sqlserver2000数据库,时间长了程序变慢??
- microsoft FlexGrid Control控件在win7 64位系统下显示问题 急!!!
- 哪为兄弟有WATTCP的资料,给我发一份,100分求助.
- 想在CDialogBar里使用CPropertySheet,有什么好方法?难道只能用CTabCtrl么?
- 如何让控件位于所画线条的上面
- 高手来,100分,言者有分,问题有难度!
- 请教各位大侠,在OnCreate中创建StatusBar后,如何动态修改状态的分栏数啊?如何由5个分栏变成4个?
- 喂!都别睡了!过来帮忙看看,给200分!
- 有关强制转换的问题?
- 移动滚动条视图刷新问题
- 关于列表框创建的问题会的进来哈解决给分哈
- 有关图形处理的问题
为什么用detours拦截api的DLL无法注入explorer.exe呢?
楼主的不能运行一定是有原因,不要说得跟有什么神密事件事件似的。
你仔细理一下自己程序的逻辑,看有什么在windows系统上不妥的地方,修改一下。我建议楼主先从简单的来,
1.做一个可能正常注入explorer.exe的DLL,
2.然后再在这个DLL里面加入什么都不做的hook CreateFile()函数的功能,
3.再加入实际的代码。
#include "detours.h"#pragma comment(lib,"detoured.lib")
#pragma comment(lib,"detours.lib")static HANDLE (WINAPI* SysCreateFileW)(LPCWSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes, // pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to copy
) = CreateFileW;static HANDLE (WINAPI* SysCreateFileA)( LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes, // pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to copy
) = CreateFileA;HANDLE WINAPI HookCreateFileW(LPCWSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes, // pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to copy
)
{
::MessageBox(NULL,"状态","马上要创建文件",NULL);
OutputDebugString("马上要创建文件");
HANDLE h = SysCreateFileW(lpFileName, // pointer to name of the file
dwDesiredAccess, // access (read-write) mode
dwShareMode, // share mode
lpSecurityAttributes, // pointer to security attributes
dwCreationDisposition, // how to create
dwFlagsAndAttributes, // file attributes
hTemplateFile // handle to file with attributes to copy
);
if(h==INVALID_HANDLE_VALUE)
{
MessageBox(NULL,"文件打开失败",0,MB_OK);
}
::MessageBox(NULL,"已经创建文件","状态",NULL);
return h;
}HANDLE WINAPI HookCreateFileA( LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes, // pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to copy
)
{
::MessageBox(NULL,"马上要创建文件","状态",NULL);
OutputDebugString("马上要创建文件");
HANDLE h = SysCreateFileA(lpFileName, // pointer to name of the file
dwDesiredAccess, // access (read-write) mode
dwShareMode, // share mode
lpSecurityAttributes, // pointer to security attributes
dwCreationDisposition, // how to create
dwFlagsAndAttributes, // file attributes
hTemplateFile // handle to file with attributes to copy
);
if(h==INVALID_HANDLE_VALUE)
{
MessageBox(NULL,"文件打开失败",0,MB_OK);
}
::MessageBox(NULL,"状态","已经创建文件",NULL);
return h;
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
int error;
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DetourTransactionBegin();
DetourUpdateThread(::GetCurrentThread());
DetourAttach(&(PVOID&)SysCreateFileW, HookCreateFileW);
DetourAttach(&(PVOID&)SysCreateFileA, HookCreateFileA);
error = DetourTransactionCommit();
if(NO_ERROR!=error)
{
::MessageBox(NULL,"Error!","Error in Detours!",MB_OK);
}
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)SysCreateFileW, HookCreateFileW);
DetourDetach(&(PVOID&)SysCreateFileA, HookCreateFileA);
error = DetourTransactionCommit();
::MessageBox(NULL,"Detour ends","Prompt!",MB_OK);
break;
}
return TRUE;
}
DLL如上
2 99%的困难是你的dll写的有问题,而不是别 的方面的原因。