16,548
社区成员
发帖
与我相关
我的任务
分享新手问题
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // number of bytes written
);
DETOUR_TRAMPOLINE(BOOL WINAPI CopyWriteProcessMemory(HANDLE, LPVOID, LPVOID, DWORD, LPDWORD), WriteProcessMemory);
BOOL WINAPI MyWriteProcessMemory(
HANDLE hProcess, // handle to process
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to write
LPDWORD lpNumberOfBytesWritten) // number of bytes written
{
BOOL nResult=CopyWriteProcessMemory(hProcess,lpBaseAddress,lpBaseAddress,nSize,lpNumberOfBytesWritten);
MessageBoxA(NULL,(LPCTSTR)lpBaseAddress,"Hook!",MB_OK);
return nResult;
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
OutputDebugString("Detour dll Load!");
DetourFunctionWithTrampoline((PBYTE)CopyWriteProcessMemory, (PBYTE)MyWriteProcessMemory);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
OutputDebugString("Detour dll Exit!");
DetourRemove((PBYTE)CopyWriteProcessMemory, (PBYTE)MyWriteProcessMemory);
break;
}
return TRUE;
}
请问这段代码为何注入之后 我用EXE程序调用了WriteProcessMemory 拦截不了。。。
而我照着拦截 MessageBox函数改也拦截不了。。代码如下:
#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "detoured.lib")
BOOL (WINAPI *pWriteProcessMemory)(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize,SIZE_T * lpNumberOfBytesWritten)
=WriteProcessMemory;
BOOL WINAPI HookWriteProcessMemory(HANDLE hProcess,LPVOID lpBaseAddress,LPCVOID lpBuffer,SIZE_T nSize,SIZE_T * lpNumberOfBytesWritten)
{
return pWriteProcessMemory(hProcess,(LPVOID)0x00170000,lpBuffer,nSize,lpNumberOfBytesWritten);
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pWriteProcessMemory, HookWriteProcessMemory);
DetourTransactionCommit();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pWriteProcessMemory, HookWriteProcessMemory);
DetourTransactionCommit();
break;
}
return TRUE;
}
...全文
请发表友善的回复…
发表回复
jingzhongrong 2010-05-31
- 打赏
- 举报
你要把你的钩子dll加载进进程中。
rockago 2010-05-31
- 打赏
- 举报
[Quote=引用 1 楼 mcaok 的回复:]
加个空钩子试试。
VOID SetAPIHook()
{
g_ShellHook=SetWindowsHookEx(WH_SHELL,(HOOKPROC)ShellProc,hInst,0);
}
[/Quote]
请问空钩子需要EXE调用么。。
to 2#:
确实是刚玩嘛- -
加个空钩子试试。
VOID SetAPIHook()
{
g_ShellHook=SetWindowsHookEx(WH_SHELL,(HOOKPROC)ShellProc,hInst,0);
}
[/Quote]
请问空钩子需要EXE调用么。。
to 2#:
确实是刚玩嘛- -
jyh_baoding 2010-05-31
- 打赏
- 举报
这 能是新手 的问题吗,够谦虚的!
mcaok 2010-05-31
- 打赏
- 举报
加个空钩子试试。
VOID SetAPIHook()
{
g_ShellHook=SetWindowsHookEx(WH_SHELL,(HOOKPROC)ShellProc,hInst,0);
}
VOID SetAPIHook()
{
g_ShellHook=SetWindowsHookEx(WH_SHELL,(HOOKPROC)ShellProc,hInst,0);
}
lzjdlsl 2010-05-31
- 打赏
- 举报
没分配内存吧?
surf515 2010-05-31
- 打赏
- 举报
标题党。。。
finder_zhang 2010-05-31
- 打赏
- 举报
拦的是 MessageBox 还是 MessageBoxW ?
标题党,新手问题是引我们进来的.
标题党,新手问题是引我们进来的.
