使用Detours截获CoGetClassObjectFromURL失败的问题
我用用Detours截获CoGetClassObjectFromURL函数,想在IE安装插件截获并先做一些处理,
但是知道插件安装完毕,都没有截获到。
我自己做了Detours的DLL,代码如下:
#include "stdafx.h"
#include "HtHook.h"
#include "detours.h"
#include "BindCBHttpCallback.h"
HMODULE g_hDll = NULL;
HHOOK g_hHook = NULL;
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "urlmon.lib")
typedef HRESULT (WINAPI *MY_FakeCoGetClassObjectFromURL)( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv);
MY_FakeCoGetClassObjectFromURL s_pFakeCoGetClassObjectFromURL = NULL;
MY_FakeCoGetClassObjectFromURL s_pReal_FakeCoGetClassObjectFromURL = NULL;
HRESULT WINAPI Replace_FakeCoGetClassObjectFromURL( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv)
{
MessageBox(NULL,"run into Replace_FakeCoGetClassObjectFromURL",NULL,MB_OK);
int ret = 0;
HRESULT hr;
CBindCBHttpCallback *httpcallback =NULL;
if(httpcallback==NULL)
httpcallback = new CBindCBHttpCallback();
MessageBox(NULL,"after new CBindCBHttpCallback()",NULL,MB_OK);
IBindStatusCallback *pPre = NULL;
hr = RegisterBindStatusCallback(pBindCtx, httpcallback, &pPre, 0);
MessageBox(NULL,"after RegisterBindStatusCallback",NULL,MB_OK);
if (SUCCEEDED(hr))
httpcallback->SetPreInterface(pPre);
MessageBox(NULL,"after httpcallback->SetPreInterface",NULL,MB_OK);
hr = s_pReal_FakeCoGetClassObjectFromURL(
rCLASSID, szCODE, dwFileVersionMS, dwFileVersionLS, szTYPE, pBindCtx, //(LPBINDCTX)callback,
dwClsContext, pvReserved, riid, ppv);
if (S_OK == hr)
{
// 下载完毕通知
MessageBox(NULL, "下载完毕", "Replace_FakeCoGetClassObjectFromURL", MB_OK);
}
return hr;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hDll = (HMODULE)hModule;
s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}
s_pReal_FakeCoGetClassObjectFromURL
= (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
(PBYTE)Replace_FakeCoGetClassObjectFromURL);
MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);
break;
case DLL_THREAD_ATTACH:
if(s_pReal_FakeCoGetClassObjectFromURL)
DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK MyShellProc (int nCode, WPARAM wParam, LPARAM lParam)
{
return 0;
}
bool InstallHook(BOOL bInstall)
{
return true;
}
void UninstallHook()
{
}
我然后做了BHO程序,在BHO程序的DllMain里加载Detours的DLL,代码如下,
BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID /*lpReserved*/)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
TCHAR pszLoader[MAX_PATH];
GetModuleFileName(NULL, pszLoader, MAX_PATH);
_tcslwr(pszLoader);
if (_tcsstr(pszLoader, _T("explorer.exe")))
return FALSE;
hDllHook = LoadLibrary("HtHook.dll");
if (!hDllHook)
{
MessageBox(NULL,"加载HtHook.dll失败",NULL,MB_OK);
return FALSE;
}
MessageBox(NULL,"加载HtHook.dll成功",NULL,MB_OK);
INSTALLHOOK dllInstallHook = (INSTALLHOOK)GetProcAddress(hDllHook, "InstallHook");
if (!dllInstallHook)
{
MessageBox(NULL,"寻址失败",NULL,MB_OK);
return FALSE;
}
dllInstallHook();
_Module.Init(ObjectMap, hInstance, &LIBID_GETOCXLib);
DisableThreadLibraryCalls(hInstance);
}
大家给看看是怎么回事?