Как применить простой крюк объезда?
I'm attempting to make Detours hooking on CreateFile() by calling notepad.exe. Starting
withdll /d:HookProject.dll "C:\Windows\System32\notepad.exe"
in command prompt, I don't see any traceable dll hook application, but only DLLMain() call from ntdll.dll module (my tracing tool is API Monitor x64). Most likely, something is profoundly wrong with my code, but what is it? So far my complete program looks out like that (whole code belongs an only source file):
#undef UNICODE
#include<windows.h>
#include<cstdio>
#include "C:\Detours\Detours-4.0.1\include\detours.h"
static HANDLE(WINAPI* TrueCreateFileW)(LPCWSTR lpFileName, DWORD
dwDesiredAccess, DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile) = CreateFileW;
__declspec(dllexport) HANDLE WINAPI MyCreateFileW(LPCTSTR lpFileName,
DWORD dwDesiredAccess, DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
{
if ((LPCTSTR)lpFileName == (LPCTSTR)L"C:\TestHook\file.txt")
{
return TrueCreateFileW((LPCWSTR)L"C:\TestHook\file.txt", dwDesiredAccess, dwShareMode, lpSecurityAttributes,
dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
return TrueCreateFileW((LPCWSTR)lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes,
dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
BOOL APIENTRY DLLMain(HMODULE hModule, DWORD reason_for_call, LPVOID
lpReserved)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(STARTUPINFO));
ZeroMemory(&pi, sizeof(PROCESS_INFORMATION));
si.cb = sizeof(STARTUPINFO);
char* DirPath = new char[MAX_PATH];
char* DLL_Path = new char[MAX_PATH];
char* DetourPath = new char[MAX_PATH];
GetCurrentDirectory(MAX_PATH, DirPath);
sprintf_s(DLL_Path, MAX_PATH, "%s\\testdll.dll", DirPath);
sprintf_s(DLL_Path, MAX_PATH, "%s\\detoured.dll", DirPath);
DetourCreateProcessWithDll(NULL, (LPSTR)L"C:\Windows\System32\notepad.exe", NULL, NULL, FALSE,
CREATE_DEFAULT_ERROR_MODE, NULL, NULL, &si, &pi, DLL_Path, NULL);
delete[] DirPath;
delete[] DLL_Path;
delete[] DetourPath;
LONG error;
switch (reason_for_call)
{
case DLL_PROCESS_ATTACH:
OutputDebugString((LPSTR)L"Attaching HookingDLL.dll");
//OutputDebugString(strInfo);
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueCreateFileW, MyCreateFileW);
error = DetourTransactionCommit();
if (error == NO_ERROR)
{
OutputDebugString((LPCTSTR)"Hooking attempt succeeded");
}
else
{
OutputDebugString((LPCTSTR)"Hooking attempt failed");
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
OutputDebugString((LPCTSTR)"Detaching HookingDLL.dll");
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueCreateFileW, MyCreateFileW);
error = DetourTransactionCommit();
if (error == NO_ERROR)
{
OutputDebugString((LPCTSTR)"Successfully detached hook");
}
else
{
OutputDebugString((LPCTSTR)L"Hook removal has failed");
}
break;
}
return TRUE;
}
Что я уже пробовал:
Я искал любой удобный для начинающих учебник, который описывает, как сделать крюк, но все, что мне удалось,-это этот код, в котором я не уверен. Может быть, вы знаете, где можно получить доступ к такому пошаговому объяснению.
Richard MacCutchan
Вероятно, вам нужно спросить человека, который написал оригинальную систему withdll и связанную с ней библиотеку.