使用Detours截获CoGetClassObjectFromURL失败的问题

matrix2009 2009-08-19 06:12:22
我用用Detours截获CoGetClassObjectFromURL函数,想在IE安装插件截获并先做一些处理,
但是知道插件安装完毕,都没有截获到。

我自己做了Detours的DLL,代码如下:

#include "stdafx.h"
#include "HtHook.h"
#include "detours.h"
#include "BindCBHttpCallback.h"

HMODULE g_hDll = NULL;
HHOOK g_hHook = NULL;

#pragma comment(lib, "detours.lib")
#pragma comment(lib, "urlmon.lib")


typedef HRESULT (WINAPI *MY_FakeCoGetClassObjectFromURL)( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv);


MY_FakeCoGetClassObjectFromURL s_pFakeCoGetClassObjectFromURL = NULL;
MY_FakeCoGetClassObjectFromURL s_pReal_FakeCoGetClassObjectFromURL = NULL;


HRESULT WINAPI Replace_FakeCoGetClassObjectFromURL( REFCLSID rCLASSID,
LPCWSTR szCODE, DWORD dwFileVersionMS,
DWORD dwFileVersionLS, LPCWSTR szTYPE,
LPBINDCTX pBindCtx, DWORD dwClsContext,
LPVOID pvReserved, REFIID riid, LPVOID * ppv)
{

MessageBox(NULL,"run into Replace_FakeCoGetClassObjectFromURL",NULL,MB_OK);
int ret = 0;
HRESULT hr;
CBindCBHttpCallback *httpcallback =NULL;

if(httpcallback==NULL)
httpcallback = new CBindCBHttpCallback();

MessageBox(NULL,"after new CBindCBHttpCallback()",NULL,MB_OK);

IBindStatusCallback *pPre = NULL;
hr = RegisterBindStatusCallback(pBindCtx, httpcallback, &pPre, 0);

MessageBox(NULL,"after RegisterBindStatusCallback",NULL,MB_OK);

if (SUCCEEDED(hr))
httpcallback->SetPreInterface(pPre);

MessageBox(NULL,"after httpcallback->SetPreInterface",NULL,MB_OK);

hr = s_pReal_FakeCoGetClassObjectFromURL(
rCLASSID, szCODE, dwFileVersionMS, dwFileVersionLS, szTYPE, pBindCtx, //(LPBINDCTX)callback,
dwClsContext, pvReserved, riid, ppv);
if (S_OK == hr)
{
// 下载完毕通知
MessageBox(NULL, "下载完毕", "Replace_FakeCoGetClassObjectFromURL", MB_OK);
}

return hr;
}

BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hDll = (HMODULE)hModule;

s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));

if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}

s_pReal_FakeCoGetClassObjectFromURL
= (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
(PBYTE)Replace_FakeCoGetClassObjectFromURL);

MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);

break;

case DLL_THREAD_ATTACH:
if(s_pReal_FakeCoGetClassObjectFromURL)
DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;

case DLL_THREAD_DETACH:
break;

case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}


LRESULT CALLBACK MyShellProc (int nCode, WPARAM wParam, LPARAM lParam)
{
return 0;
}

bool InstallHook(BOOL bInstall)
{
return true;
}

void UninstallHook()
{

}


我然后做了BHO程序,在BHO程序的DllMain里加载Detours的DLL,代码如下,

BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID /*lpReserved*/)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
TCHAR pszLoader[MAX_PATH];
GetModuleFileName(NULL, pszLoader, MAX_PATH);
_tcslwr(pszLoader);
if (_tcsstr(pszLoader, _T("explorer.exe")))
return FALSE;

hDllHook = LoadLibrary("HtHook.dll");
if (!hDllHook)
{
MessageBox(NULL,"加载HtHook.dll失败",NULL,MB_OK);
return FALSE;
}
MessageBox(NULL,"加载HtHook.dll成功",NULL,MB_OK);

INSTALLHOOK dllInstallHook = (INSTALLHOOK)GetProcAddress(hDllHook, "InstallHook");
if (!dllInstallHook)
{
MessageBox(NULL,"寻址失败",NULL,MB_OK);
return FALSE;
}
dllInstallHook();


_Module.Init(ObjectMap, hInstance, &LIBID_GETOCXLib);
DisableThreadLibraryCalls(hInstance);
}

大家给看看是怎么回事?



...全文
215 点赞 收藏 6
写回复
6 条回复
切换为时间正序
当前发帖距今超过3年,不再开放新的回复
发表回复
matrix2009 2009-08-20
搞定了
回复
MoXiaoRab 2009-08-20
虽然我没用做过,但是你这么拦截ActiveX是不可取的
回复
matrix2009 2009-08-20
我上午用Detours 2.1,重写了一下DLL程序,发现Detours加载上了,但是IE打开一个网页很慢,查看本地连接,收到了很多的数据包,但是网页几乎打不开。后来修改了一下代码,勉强可以打开网页,代码如下:
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
int error = 0;
long err = 0;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
g_hDll = (HMODULE)hModule;
s_pFakeCoGetClassObjectFromURL
= ((MY_FakeCoGetClassObjectFromURL)
DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
if (!s_pFakeCoGetClassObjectFromURL)
{
MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
}


err = DetourTransactionBegin();
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourTransactionBegin",MB_OK);
}
else if (ERROR_INVALID_OPERATION)
{
MessageBox(NULL,"error","DetourTransactionBegin",MB_OK);
}

err = DetourUpdateThread(::GetCurrentThread());
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourUpdateThread",MB_OK);
}
else
{
MessageBox(NULL,"error","DetourUpdateThread",MB_OK);
}

err = DetourAttach(&(PVOID&)s_pFakeCoGetClassObjectFromURL, Replace_FakeCoGetClassObjectFromURL);
if (NO_ERROR == err)
{
MessageBox(NULL,"success","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_BLOCK == err)
{
MessageBox(NULL,"ERROR_INVALID_BLOCK","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_HANDLE == err)
{
MessageBox(NULL,"ERROR_INVALID_HANDLE","DetourAttach",MB_OK);
}
else if (ERROR_INVALID_OPERATION == err)
{
MessageBox(NULL,"ERROR_INVALID_OPERATION","DetourAttach",MB_OK);
}
else if (ERROR_NOT_ENOUGH_MEMORY == err)
{
MessageBox(NULL,"ERROR_NOT_ENOUGH_MEMORY","DetourAttach",MB_OK);
}

error = DetourTransactionCommit();
if(NO_ERROR == error)
{
//::MessageBox(NULL,"Error!","Error in Detours!",MB_OK);
MessageBox(NULL,"success!","Detours!",MB_OK);
}
else if (ERROR_INVALID_DATA == error)
{
MessageBox(NULL,"ERROR_INVALID_DATA",NULL,MB_OK);
}
else if (ERROR_INVALID_OPERATION == error)
{
MessageBox(NULL,"ERROR_INVALID_OPERATION",NULL,MB_OK);
}
else
{
MessageBox(NULL,"Other",NULL,MB_OK);
}
//MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);

// s_pFakeCoGetClassObjectFromURL
// = ((MY_FakeCoGetClassObjectFromURL)
// DetourFindFunction("UrlMon.dll", "CoGetClassObjectFromURL"));
//
// if (!s_pFakeCoGetClassObjectFromURL)
// {
// MessageBox(NULL,"DetourFindFunction失败",NULL,MB_OK);
// }
//
// s_pReal_FakeCoGetClassObjectFromURL
// = (MY_FakeCoGetClassObjectFromURL)DetourFunction((PBYTE)s_pFakeCoGetClassObjectFromURL,
// (PBYTE)Replace_FakeCoGetClassObjectFromURL);
//
// MessageBox(NULL,"设置Detours完毕",NULL,MB_OK);

break;

}

case DLL_THREAD_ATTACH:
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)s_pFakeCoGetClassObjectFromURL, Replace_FakeCoGetClassObjectFromURL);
error = DetourTransactionCommit();
::MessageBox(NULL,"Detour ends","Prompt!",MB_OK);

// if(s_pReal_FakeCoGetClassObjectFromURL)
// DetourRemove((PBYTE)s_pReal_FakeCoGetClassObjectFromURL,(PBYTE)Replace_FakeCoGetClassObjectFromURL);
break;
}

case DLL_THREAD_DETACH:
break;

case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
网页打开还是很慢,而且不停的弹出Detour ends这个消息框,
请问是怎么回事?
回复
Yofoo 2009-08-20
先确定 插件安装 是否一定会调用 CoGetClassObjectFromURL 这个API, 如果是其他方法实现, 你Hook也没用

跟踪看你的Hook是否成功
回复
matrix2009 2009-08-20
怎样才能成功截获呢?
大家帮帮忙
回复
MoXiaoRab 2009-08-19
首先,Detours不是成功率100%
第二,很多情况下Detours都无效
回复
相关推荐
发帖
进程/线程/DLL
创建于2007-09-28

1.5w+

社区成员

VC/MFC 进程/线程/DLL
申请成为版主
帖子事件
创建了帖子
2009-08-19 06:12
社区公告
暂无公告