我是个新手,以前从来没拦截过API。因为需要,所以今天在研究这个,想拦截rasapi32.dll里的RasDialW函数。在网上看了不少文章,但代码大多都不能用。可能我下的是Detours3.0,而Detours2.1在我的电脑上无法成功编译。在尝试了一些例子后,写了这么一段代码。使用用国外的一个人用Detours写的注入器把生成的dll与希望拦截的程序一起运行。从记录的结果来看,dll注入成功,并且Detours的函数返回了执行成功的值。但是API没有被截获。我又把dll注入到rasdial.exe中运行,还是不行。懂行的帮解答一下。
或者有什么简便方法能拦截这个API,我只是需要得到参数。
#include "stdafx.h"
#include <stdio.h>
#include <iostream>
#include <fstream>#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")#include <Ras.h>
#pragma comment(lib, "rasapi32.lib")#include "atlconv.h" //Define of origin and modified APIs
DWORD WINAPI MyRasDialA(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMSA lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
);DWORD (WINAPI *OriginRasDialA)(
LPRASDIALEXTENSIONS, // pointer to function extensions data
LPCSTR, // pointer to full path and file name of phone-book file
LPRASDIALPARAMSA, // pointer to calling parameters data
DWORD, // specifies type of RasDial event handler
LPVOID, // specifies a handler for RasDial events
LPHRASCONN // pointer to variable to receive connection handle
)=RasDialA;DWORD WINAPI MyRasDialW(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCWSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
);DWORD (WINAPI *OriginRasDialW)(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCWSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
)=RasDialW;DWORD (WINAPI *OriginRasSetEntryDialParamsA)(
LPCSTR lpszPhonebook,
LPRASDIALPARAMSA lprasdialparams,
BOOL fRemovePassword
)=RasSetEntryDialParamsA;DWORD WINAPI MyRasSetEntryDialParamsA(
LPCSTR lpszPhonebook,
LPRASDIALPARAMSA lprasdialparams,
BOOL fRemovePassword
);DWORD (WINAPI *OriginRasSetEntryDialParamsW)(
LPCWSTR lpszPhonebook,
LPRASDIALPARAMSW lprasdialparams,
BOOL fRemovePassword
)=RasSetEntryDialParamsW;DWORD WINAPI MyRasSetEntryDialParamsW(
LPCWSTR lpszPhonebook,
LPRASDIALPARAMSW lprasdialparams,
BOOL fRemovePassword
);void record(CHAR *str)
{
std::ofstream myfile ("D:\\out.txt", std::ios::out | std::ios::app);
if (myfile.is_open())
{
int l=strlen(str);
//myfile << str << std::endl;
for(int i=0;i<l;i++)
myfile<<(*(str+i));
myfile<<std::endl;
myfile.close();
}
}BOOL APIENTRY DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
LONG error;
(void)hinst;
(void)reserved; if (DetourIsHelperProcess()) {
return TRUE;
} if (dwReason == DLL_PROCESS_ATTACH) {
record("DLL attached."); DetourRestoreAfterWith(); DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//DetourAttach(&(PVOID&)OriginRasDialA, MyRasDialA);
DetourAttach(&(PVOID&)OriginRasDialW, MyRasDialW);
error = DetourTransactionCommit(); if (error == NO_ERROR) {
record("simple");
}
else {
std::ofstream myfile ("D:\\out.txt", std::ios::out | std::ios::app);
if (myfile.is_open())
{
myfile<<"Error code: "<<error<<std::endl;
myfile.close();
}
}
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//DetourDetach(&(PVOID&)OriginRasDialA, MyRasDialA);
DetourDetach(&(PVOID&)OriginRasDialW, MyRasDialW);
error = DetourTransactionCommit();
record("DLL dettached.");
}
return TRUE;
}//Modified functions
void hooked(CHAR szUserName[], CHAR szPassword[])
{
record("Function hooked.");
record(szUserName);
record(szPassword);
}DWORD WINAPI MyRasDialA(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMSA lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
)
{
hooked(lpRasDialParams->szUserName, lpRasDialParams->szPassword);
return OriginRasDialA(lpRasDialExtensions,lpszPhonebook,lpRasDialParams,dwNotifierType,lpvNotifier,lphRasConn);
}DWORD WINAPI MyRasDialW(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCWSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
)
{
USES_CONVERSION;
CHAR *user = W2A(lpRasDialParams->szUserName);
CHAR *pass = W2A(lpRasDialParams->szPassword);
hooked(user,pass);
return OriginRasDialW(lpRasDialExtensions,lpszPhonebook,lpRasDialParams,dwNotifierType,lpvNotifier,lphRasConn);
}DWORD WINAPI MyRasSetEntryDialParamsA(
LPCSTR lpszPhonebook,
LPRASDIALPARAMSA lprasdialparams,
BOOL fRemovePassword
)
{
hooked(lprasdialparams->szUserName, lprasdialparams->szPassword);
return OriginRasSetEntryDialParamsA(lpszPhonebook, lprasdialparams,fRemovePassword);
}DWORD WINAPI MyRasSetEntryDialParamsW(
LPCWSTR lpszPhonebook,
LPRASDIALPARAMSW lprasdialparams,
BOOL fRemovePassword
)
{
USES_CONVERSION;
CHAR *user = W2A(lprasdialparams->szUserName);
CHAR *pass = W2A(lprasdialparams->szPassword);
hooked(user,pass);
return OriginRasSetEntryDialParamsW(lpszPhonebook, lprasdialparams,fRemovePassword);
}//stupid Detours
extern "C" __declspec(dllexport) void dummy(void)
{
return;
}
或者有什么简便方法能拦截这个API,我只是需要得到参数。
#include "stdafx.h"
#include <stdio.h>
#include <iostream>
#include <fstream>#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")#include <Ras.h>
#pragma comment(lib, "rasapi32.lib")#include "atlconv.h" //Define of origin and modified APIs
DWORD WINAPI MyRasDialA(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMSA lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
);DWORD (WINAPI *OriginRasDialA)(
LPRASDIALEXTENSIONS, // pointer to function extensions data
LPCSTR, // pointer to full path and file name of phone-book file
LPRASDIALPARAMSA, // pointer to calling parameters data
DWORD, // specifies type of RasDial event handler
LPVOID, // specifies a handler for RasDial events
LPHRASCONN // pointer to variable to receive connection handle
)=RasDialA;DWORD WINAPI MyRasDialW(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCWSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
);DWORD (WINAPI *OriginRasDialW)(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCWSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
)=RasDialW;DWORD (WINAPI *OriginRasSetEntryDialParamsA)(
LPCSTR lpszPhonebook,
LPRASDIALPARAMSA lprasdialparams,
BOOL fRemovePassword
)=RasSetEntryDialParamsA;DWORD WINAPI MyRasSetEntryDialParamsA(
LPCSTR lpszPhonebook,
LPRASDIALPARAMSA lprasdialparams,
BOOL fRemovePassword
);DWORD (WINAPI *OriginRasSetEntryDialParamsW)(
LPCWSTR lpszPhonebook,
LPRASDIALPARAMSW lprasdialparams,
BOOL fRemovePassword
)=RasSetEntryDialParamsW;DWORD WINAPI MyRasSetEntryDialParamsW(
LPCWSTR lpszPhonebook,
LPRASDIALPARAMSW lprasdialparams,
BOOL fRemovePassword
);void record(CHAR *str)
{
std::ofstream myfile ("D:\\out.txt", std::ios::out | std::ios::app);
if (myfile.is_open())
{
int l=strlen(str);
//myfile << str << std::endl;
for(int i=0;i<l;i++)
myfile<<(*(str+i));
myfile<<std::endl;
myfile.close();
}
}BOOL APIENTRY DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
LONG error;
(void)hinst;
(void)reserved; if (DetourIsHelperProcess()) {
return TRUE;
} if (dwReason == DLL_PROCESS_ATTACH) {
record("DLL attached."); DetourRestoreAfterWith(); DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//DetourAttach(&(PVOID&)OriginRasDialA, MyRasDialA);
DetourAttach(&(PVOID&)OriginRasDialW, MyRasDialW);
error = DetourTransactionCommit(); if (error == NO_ERROR) {
record("simple");
}
else {
std::ofstream myfile ("D:\\out.txt", std::ios::out | std::ios::app);
if (myfile.is_open())
{
myfile<<"Error code: "<<error<<std::endl;
myfile.close();
}
}
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//DetourDetach(&(PVOID&)OriginRasDialA, MyRasDialA);
DetourDetach(&(PVOID&)OriginRasDialW, MyRasDialW);
error = DetourTransactionCommit();
record("DLL dettached.");
}
return TRUE;
}//Modified functions
void hooked(CHAR szUserName[], CHAR szPassword[])
{
record("Function hooked.");
record(szUserName);
record(szPassword);
}DWORD WINAPI MyRasDialA(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMSA lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
)
{
hooked(lpRasDialParams->szUserName, lpRasDialParams->szPassword);
return OriginRasDialA(lpRasDialExtensions,lpszPhonebook,lpRasDialParams,dwNotifierType,lpvNotifier,lphRasConn);
}DWORD WINAPI MyRasDialW(
LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data
LPCWSTR lpszPhonebook, // pointer to full path and file name of phone-book file
LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data
DWORD dwNotifierType, // specifies type of RasDial event handler
LPVOID lpvNotifier, // specifies a handler for RasDial events
LPHRASCONN lphRasConn // pointer to variable to receive connection handle
)
{
USES_CONVERSION;
CHAR *user = W2A(lpRasDialParams->szUserName);
CHAR *pass = W2A(lpRasDialParams->szPassword);
hooked(user,pass);
return OriginRasDialW(lpRasDialExtensions,lpszPhonebook,lpRasDialParams,dwNotifierType,lpvNotifier,lphRasConn);
}DWORD WINAPI MyRasSetEntryDialParamsA(
LPCSTR lpszPhonebook,
LPRASDIALPARAMSA lprasdialparams,
BOOL fRemovePassword
)
{
hooked(lprasdialparams->szUserName, lprasdialparams->szPassword);
return OriginRasSetEntryDialParamsA(lpszPhonebook, lprasdialparams,fRemovePassword);
}DWORD WINAPI MyRasSetEntryDialParamsW(
LPCWSTR lpszPhonebook,
LPRASDIALPARAMSW lprasdialparams,
BOOL fRemovePassword
)
{
USES_CONVERSION;
CHAR *user = W2A(lprasdialparams->szUserName);
CHAR *pass = W2A(lprasdialparams->szPassword);
hooked(user,pass);
return OriginRasSetEntryDialParamsW(lpszPhonebook, lprasdialparams,fRemovePassword);
}//stupid Detours
extern "C" __declspec(dllexport) void dummy(void)
{
return;
}
核心编程里面的注入!
http://blog.csdn.net/vcplayer/article/details/2681758