15,473
社区成员
发帖
与我相关
我的任务
分享使用Detours截获CoGetClassObjectFromURL失败的问题
我用用Detours截获CoGetClassObjectFromURL函数,想在IE安装插件截获并先做一些处理,
但是知道插件安装完毕,都没有截获到。
我自己做了Detours的DLL,代码如下:
#include "stdafx.h"
#include "HtHook.h"
#include "detours.h"
#include "BindCBHttpCallback.h"
HMODULE g_hDll = NULL;
HHOOK g_hHook = NULL;
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "urlmon.lib")
typedef HRESULT (WINAPI *MY_FakeCoGetClassObjectFromURL)( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv);
MY_FakeCoGetClassObjectFromURL s_pFakeCoGetClassObjectFromURL = NULL;
MY_FakeCoGetClassObjectFromURL s_pReal_FakeCoGetClassObjectFromURL = NULL;
HRESULT WINAPI Replace_FakeCoGetClassObjectFromURL( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv)
{
MessageBox(NULL,"run into Replace_FakeCoGetClassObjectFromURL",NULL,MB_OK);
int ret = 0;
HRESULT hr;
CBindCBHttpCallback *httpcallback =NULL;
if(httpcallback==NULL)
httpcallback = new CBindCBHttpCallback();
MessageBox(NULL,"after new CBindCBHttpCallback()",NULL,MB_OK);
IBindStatusCallback *pPre = NULL;
hr = RegisterBindStatusCallback(pBindCtx, httpcallback, &pPre, 0);
MessageBox(NULL,"after RegisterBindStatusCallback",NULL,MB_OK);
if (SUCCEEDED(hr))
httpcallback->SetPreInterface(pPre);
MessageBox(NULL,"after httpcallback->SetPreInterface",NULL,MB_OK);
hr = s_pReal_FakeCoGetClassObjectFromURL(
rCLASSID, szCODE, dwFileVersionMS, dwFileVersionLS, szTYPE, pBindCtx, //(LPBINDCTX)callback,
dwClsContext, pvReserved, riid, ppv);
if (S_OK == hr)
{
// 下载完毕通知
MessageBox(NULL, "下载完毕", "Replace_FakeCoGetClassObjectFromURL", MB_OK);
}
return hr;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hDll = (HMODULE)hModule;
s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}
s_pReal_FakeCoGetClassObjectFromURL
= (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
(PBYTE)Replace_FakeCoGetClassObjectFromURL);
MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
break;
case DLL_THREAD_ATTACH:
if(s_pReal_FakeCoGetClassObjectFromURL)
DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK MyShellProc (int nCode, WPARAM wParam, LPARAM lParam)
{
return 0;
}
bool InstallHook(BOOL bInstall)
{
return true;
}
void UninstallHook()
{
}
我然后做了BHO程序,在BHO程序的DllMain里加载Detours的DLL,代码如下,
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID /*lpReserved*/)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
TCHAR pszLoader[MAX_PATH];
GetModuleFileName(NULL, pszLoader, MAX_PATH);
_tcslwr(pszLoader);
if (_tcsstr(pszLoader, _T("explorer.exe")))
return FALSE;
hDllHook = LoadLibrary("HtHook.dll");
if (!hDllHook)
{
MessageBox(NULL,"加载HtHook.dll失败",NULL,MB_OK);
return FALSE;
}
MessageBox(NULL,"加载HtHook.dll成功",NULL,MB_OK);
INSTALLHOOK dllInstallHook = (INSTALLHOOK)GetProcAddress(hDllHook, "InstallHook");
if (!dllInstallHook)
{
MessageBox(NULL,"寻址失败",NULL,MB_OK);
return FALSE;
}
dllInstallHook();
_Module.Init(ObjectMap, hInstance, &LIBID_GETOCXLib);
DisableThreadLibraryCalls(hInstance);
}
大家给看看是怎么回事?
但是知道插件安装完毕,都没有截获到。
我自己做了Detours的DLL,代码如下:
#include "stdafx.h"
#include "HtHook.h"
#include "detours.h"
#include "BindCBHttpCallback.h"
HMODULE g_hDll = NULL;
HHOOK g_hHook = NULL;
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "urlmon.lib")
typedef HRESULT (WINAPI *MY_FakeCoGetClassObjectFromURL)( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv);
MY_FakeCoGetClassObjectFromURL s_pFakeCoGetClassObjectFromURL = NULL;
MY_FakeCoGetClassObjectFromURL s_pReal_FakeCoGetClassObjectFromURL = NULL;
HRESULT WINAPI Replace_FakeCoGetClassObjectFromURL( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv)
{
MessageBox(NULL,"run into Replace_FakeCoGetClassObjectFromURL",NULL,MB_OK);
int ret = 0;
HRESULT hr;
CBindCBHttpCallback *httpcallback =NULL;
if(httpcallback==NULL)
httpcallback = new CBindCBHttpCallback();
MessageBox(NULL,"after new CBindCBHttpCallback()",NULL,MB_OK);
IBindStatusCallback *pPre = NULL;
hr = RegisterBindStatusCallback(pBindCtx, httpcallback, &pPre, 0);
MessageBox(NULL,"after RegisterBindStatusCallback",NULL,MB_OK);
if (SUCCEEDED(hr))
httpcallback->SetPreInterface(pPre);
MessageBox(NULL,"after httpcallback->SetPreInterface",NULL,MB_OK);
hr = s_pReal_FakeCoGetClassObjectFromURL(
rCLASSID, szCODE, dwFileVersionMS, dwFileVersionLS, szTYPE, pBindCtx, //(LPBINDCTX)callback,
dwClsContext, pvReserved, riid, ppv);
if (S_OK == hr)
{
// 下载完毕通知
MessageBox(NULL, "下载完毕", "Replace_FakeCoGetClassObjectFromURL", MB_OK);
}
return hr;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hDll = (HMODULE)hModule;
s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}
s_pReal_FakeCoGetClassObjectFromURL
= (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
(PBYTE)Replace_FakeCoGetClassObjectFromURL);
MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
break;
case DLL_THREAD_ATTACH:
if(s_pReal_FakeCoGetClassObjectFromURL)
DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK MyShellProc (int nCode, WPARAM wParam, LPARAM lParam)
{
return 0;
}
bool InstallHook(BOOL bInstall)
{
return true;
}
void UninstallHook()
{
}
我然后做了BHO程序,在BHO程序的DllMain里加载Detours的DLL,代码如下,
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID /*lpReserved*/)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
TCHAR pszLoader[MAX_PATH];
GetModuleFileName(NULL, pszLoader, MAX_PATH);
_tcslwr(pszLoader);
if (_tcsstr(pszLoader, _T("explorer.exe")))
return FALSE;
hDllHook = LoadLibrary("HtHook.dll");
if (!hDllHook)
{
MessageBox(NULL,"加载HtHook.dll失败",NULL,MB_OK);
return FALSE;
}
MessageBox(NULL,"加载HtHook.dll成功",NULL,MB_OK);
INSTALLHOOK dllInstallHook = (INSTALLHOOK)GetProcAddress(hDllHook, "InstallHook");
if (!dllInstallHook)
{
MessageBox(NULL,"寻址失败",NULL,MB_OK);
return FALSE;
}
dllInstallHook();
_Module.Init(ObjectMap, hInstance, &LIBID_GETOCXLib);
DisableThreadLibraryCalls(hInstance);
}
大家给看看是怎么回事?
...全文
请发表友善的回复…
发表回复
matrix2009 2009-08-20
- 打赏
- 举报
搞定了
MoXiaoRab 2009-08-20
- 打赏
- 举报
虽然我没用做过,但是你这么拦截ActiveX是不可取的
matrix2009 2009-08-20
- 打赏
- 举报
我上午用Detours 2.1,重写了一下DLL程序,发现Detours加载上了,但是IE打开一个网页很慢,查看本地连接,收到了很多的数据包,但是网页几乎打不开。后来修改了一下代码,勉强可以打开网页,代码如下:
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
int error = 0;
long err = 0;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
g_hDll = (HMODULE)hModule;
s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}
err = DetourTransactionBegin();
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourTransactionBegin",MB_OK);
}
else if (ERROR_INVALID_OPERATION)
{
MessageBox(NULL,"error","DetourTransactionBegin",MB_OK);
}
err = DetourUpdateThread(::GetCurrentThread());
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourUpdateThread",MB_OK);
}
else
{
MessageBox(NULL,"error","DetourUpdateThread",MB_OK);
}
err = DetourAttach(&(PVOID&)s_pFakeCoGetClassObjectFromURL, Replace_FakeCoGetClassObjectFromURL);
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_BLOCK == err)
{
MessageBox(NULL,"ERROR_INVALID_BLOCK","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_HANDLE == err)
{
MessageBox(NULL,"ERROR_INVALID_HANDLE","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_OPERATION == err)
{
MessageBox(NULL,"ERROR_INVALID_OPERATION","DetourAttach",MB_OK);
}
else if (ERROR_NOT_ENOUGH_MEMORY == err)
{
MessageBox(NULL,"ERROR_NOT_ENOUGH_MEMORY","DetourAttach",MB_OK);
}
error = DetourTransactionCommit();
if(NO_ERROR == error)
{
//::MessageBox(NULL,"Error!","Error in Detours!",MB_OK);
MessageBox(NULL,"success!","Detours!",MB_OK);
}
else if (ERROR_INVALID_DATA == error)
{
MessageBox(NULL,"ERROR_INVALID_DATA",NULL,MB_OK);
}
else if (ERROR_INVALID_OPERATION == error)
{
MessageBox(NULL,"ERROR_INVALID_OPERATION",NULL,MB_OK);
}
else
{
MessageBox(NULL,"Other",NULL,MB_OK);
}
//MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
// s_pFakeCoGetClassObjectFromURL
// = ((MY_FakeCoGetClassObjectFromURL)
// DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
//
// if (!s_pFakeCoGetClassObjectFromURL)
// {
// MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
// }
//
// s_pReal_FakeCoGetClassObjectFromURL
// = (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
// (PBYTE)Replace_FakeCoGetClassObjectFromURL);
//
// MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
break;
}
case DLL_THREAD_ATTACH:
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)s_pFakeCoGetClassObjectFromURL, Replace_FakeCoGetClassObjectFromURL);
error = DetourTransactionCommit();
::MessageBox(NULL,"Detour ends","Prompt!",MB_OK);
// if(s_pReal_FakeCoGetClassObjectFromURL)
// DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;
}
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
网页打开还是很慢,而且不停的弹出Detour ends这个消息框,
请问是怎么回事?
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
int error = 0;
long err = 0;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
g_hDll = (HMODULE)hModule;
s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}
err = DetourTransactionBegin();
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourTransactionBegin",MB_OK);
}
else if (ERROR_INVALID_OPERATION)
{
MessageBox(NULL,"error","DetourTransactionBegin",MB_OK);
}
err = DetourUpdateThread(::GetCurrentThread());
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourUpdateThread",MB_OK);
}
else
{
MessageBox(NULL,"error","DetourUpdateThread",MB_OK);
}
err = DetourAttach(&(PVOID&)s_pFakeCoGetClassObjectFromURL, Replace_FakeCoGetClassObjectFromURL);
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_BLOCK == err)
{
MessageBox(NULL,"ERROR_INVALID_BLOCK","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_HANDLE == err)
{
MessageBox(NULL,"ERROR_INVALID_HANDLE","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_OPERATION == err)
{
MessageBox(NULL,"ERROR_INVALID_OPERATION","DetourAttach",MB_OK);
}
else if (ERROR_NOT_ENOUGH_MEMORY == err)
{
MessageBox(NULL,"ERROR_NOT_ENOUGH_MEMORY","DetourAttach",MB_OK);
}
error = DetourTransactionCommit();
if(NO_ERROR == error)
{
//::MessageBox(NULL,"Error!","Error in Detours!",MB_OK);
MessageBox(NULL,"success!","Detours!",MB_OK);
}
else if (ERROR_INVALID_DATA == error)
{
MessageBox(NULL,"ERROR_INVALID_DATA",NULL,MB_OK);
}
else if (ERROR_INVALID_OPERATION == error)
{
MessageBox(NULL,"ERROR_INVALID_OPERATION",NULL,MB_OK);
}
else
{
MessageBox(NULL,"Other",NULL,MB_OK);
}
//MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
// s_pFakeCoGetClassObjectFromURL
// = ((MY_FakeCoGetClassObjectFromURL)
// DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
//
// if (!s_pFakeCoGetClassObjectFromURL)
// {
// MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
// }
//
// s_pReal_FakeCoGetClassObjectFromURL
// = (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
// (PBYTE)Replace_FakeCoGetClassObjectFromURL);
//
// MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
break;
}
case DLL_THREAD_ATTACH:
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)s_pFakeCoGetClassObjectFromURL, Replace_FakeCoGetClassObjectFromURL);
error = DetourTransactionCommit();
::MessageBox(NULL,"Detour ends","Prompt!",MB_OK);
// if(s_pReal_FakeCoGetClassObjectFromURL)
// DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;
}
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
网页打开还是很慢,而且不停的弹出Detour ends这个消息框,
请问是怎么回事?
Yofoo 2009-08-20
- 打赏
- 举报
先确定 插件安装 是否一定会调用 CoGetClassObjectFromURL 这个API, 如果是其他方法实现, 你Hook也没用
跟踪看你的Hook是否成功
跟踪看你的Hook是否成功
matrix2009 2009-08-20
- 打赏
- 举报
怎样才能成功截获呢?
大家帮帮忙
大家帮帮忙
MoXiaoRab 2009-08-19
- 打赏
- 举报
首先,Detours不是成功率100%
第二,很多情况下Detours都无效
第二,很多情况下Detours都无效
