关于用Detours拦截API的求助

Cccmm002 2013-04-18 01:31:37
我是个新手,以前从来没拦截过API。因为需要,所以今天在研究这个,想拦截rasapi32.dll里的RasDialW函数。在网上看了不少文章,但代码大多都不能用。可能我下的是Detours3.0,而Detours2.1在我的电脑上无法成功编译。在尝试了一些例子后,写了这么一段代码。使用用国外的一个人用Detours写的注入器把生成的dll与希望拦截的程序一起运行。从记录的结果来看,dll注入成功,并且Detours的函数返回了执行成功的值。但是API没有被截获。我又把dll注入到rasdial.exe中运行,还是不行。

懂行的帮解答一下。
或者有什么简便方法能拦截这个API,我只是需要得到参数。



#include "stdafx.h"

#include <stdio.h>

#include <iostream>

#include <fstream>



#include <windows.h>

#include "detours.h"

#pragma comment(lib, "detours.lib")



#include <Ras.h>

#pragma comment(lib, "rasapi32.lib")



#include "atlconv.h" 



//Define of origin and modified APIs

DWORD WINAPI MyRasDialA(

  LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data

  LPCSTR lpszPhonebook,   // pointer to full path and file name of phone-book file

  LPRASDIALPARAMSA lpRasDialParams, // pointer to calling parameters data

  DWORD dwNotifierType,   // specifies type of RasDial event handler

  LPVOID lpvNotifier,     // specifies a handler for RasDial events

  LPHRASCONN lphRasConn   // pointer to variable to receive connection handle

);



DWORD (WINAPI *OriginRasDialA)(

  LPRASDIALEXTENSIONS, // pointer to function extensions data

  LPCSTR,   // pointer to full path and file name of phone-book file

  LPRASDIALPARAMSA, // pointer to calling parameters data

  DWORD,   // specifies type of RasDial event handler

  LPVOID,     // specifies a handler for RasDial events

  LPHRASCONN   // pointer to variable to receive connection handle

)=RasDialA;



DWORD WINAPI MyRasDialW(

  LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data

  LPCWSTR lpszPhonebook,   // pointer to full path and file name of phone-book file

  LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data

  DWORD dwNotifierType,   // specifies type of RasDial event handler

  LPVOID lpvNotifier,     // specifies a handler for RasDial events

  LPHRASCONN lphRasConn   // pointer to variable to receive connection handle

);



DWORD (WINAPI *OriginRasDialW)(

  LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data

  LPCWSTR lpszPhonebook,   // pointer to full path and file name of phone-book file

  LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data

  DWORD dwNotifierType,   // specifies type of RasDial event handler

  LPVOID lpvNotifier,     // specifies a handler for RasDial events

  LPHRASCONN lphRasConn   // pointer to variable to receive connection handle

)=RasDialW;



DWORD (WINAPI *OriginRasSetEntryDialParamsA)(

  LPCSTR lpszPhonebook,

  LPRASDIALPARAMSA lprasdialparams,

  BOOL fRemovePassword

)=RasSetEntryDialParamsA;



DWORD WINAPI MyRasSetEntryDialParamsA(

  LPCSTR lpszPhonebook,

  LPRASDIALPARAMSA lprasdialparams,

  BOOL fRemovePassword

);



DWORD (WINAPI *OriginRasSetEntryDialParamsW)(

  LPCWSTR lpszPhonebook,

  LPRASDIALPARAMSW lprasdialparams,

  BOOL fRemovePassword

)=RasSetEntryDialParamsW;



DWORD WINAPI MyRasSetEntryDialParamsW(

  LPCWSTR lpszPhonebook,

  LPRASDIALPARAMSW lprasdialparams,

  BOOL fRemovePassword

);



void record(CHAR *str)

{

	std::ofstream myfile ("D:\\out.txt", std::ios::out | std::ios::app);

	if (myfile.is_open())

	{

		int l=strlen(str);

		//myfile << str << std::endl;

		for(int i=0;i<l;i++)

			myfile<<(*(str+i));

		myfile<<std::endl;

		myfile.close();

	}

}



BOOL APIENTRY DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)

{

    LONG error;

    (void)hinst;

    (void)reserved;



    if (DetourIsHelperProcess()) {

        return TRUE;

    }



    if (dwReason == DLL_PROCESS_ATTACH) {

		record("DLL attached.");



        DetourRestoreAfterWith();



        DetourTransactionBegin();

        DetourUpdateThread(GetCurrentThread());

        //DetourAttach(&(PVOID&)OriginRasDialA, MyRasDialA);

		DetourAttach(&(PVOID&)OriginRasDialW, MyRasDialW);

        error = DetourTransactionCommit();



        if (error == NO_ERROR) {

            record("simple");

        }

        else {

			std::ofstream myfile ("D:\\out.txt", std::ios::out | std::ios::app);

			if (myfile.is_open())

			{

				myfile<<"Error code: "<<error<<std::endl;

				myfile.close();

			}

        }

    }

    else if (dwReason == DLL_PROCESS_DETACH) {

        DetourTransactionBegin();

        DetourUpdateThread(GetCurrentThread());

        //DetourDetach(&(PVOID&)OriginRasDialA, MyRasDialA);

		DetourDetach(&(PVOID&)OriginRasDialW, MyRasDialW);

        error = DetourTransactionCommit();

		record("DLL dettached.");

    }

    return TRUE;

}



//Modified functions

void hooked(CHAR szUserName[], CHAR szPassword[])

{

	record("Function hooked.");

	record(szUserName);

	record(szPassword);

}



DWORD WINAPI MyRasDialA(

  LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data

  LPCSTR lpszPhonebook,   // pointer to full path and file name of phone-book file

  LPRASDIALPARAMSA lpRasDialParams, // pointer to calling parameters data

  DWORD dwNotifierType,   // specifies type of RasDial event handler

  LPVOID lpvNotifier,     // specifies a handler for RasDial events

  LPHRASCONN lphRasConn   // pointer to variable to receive connection handle

)

{

	hooked(lpRasDialParams->szUserName, lpRasDialParams->szPassword);

	return OriginRasDialA(lpRasDialExtensions,lpszPhonebook,lpRasDialParams,dwNotifierType,lpvNotifier,lphRasConn);

}



DWORD WINAPI MyRasDialW(

  LPRASDIALEXTENSIONS lpRasDialExtensions, // pointer to function extensions data

  LPCWSTR lpszPhonebook,   // pointer to full path and file name of phone-book file

  LPRASDIALPARAMS lpRasDialParams, // pointer to calling parameters data

  DWORD dwNotifierType,   // specifies type of RasDial event handler

  LPVOID lpvNotifier,     // specifies a handler for RasDial events

  LPHRASCONN lphRasConn   // pointer to variable to receive connection handle

)

{

	USES_CONVERSION;

	CHAR *user = W2A(lpRasDialParams->szUserName);

	CHAR *pass = W2A(lpRasDialParams->szPassword);

	hooked(user,pass);

	return OriginRasDialW(lpRasDialExtensions,lpszPhonebook,lpRasDialParams,dwNotifierType,lpvNotifier,lphRasConn);

}



DWORD WINAPI MyRasSetEntryDialParamsA(

  LPCSTR lpszPhonebook,

  LPRASDIALPARAMSA lprasdialparams,

  BOOL fRemovePassword

)

{

	hooked(lprasdialparams->szUserName, lprasdialparams->szPassword);

	return OriginRasSetEntryDialParamsA(lpszPhonebook, lprasdialparams,fRemovePassword);

}



DWORD WINAPI MyRasSetEntryDialParamsW(

  LPCWSTR lpszPhonebook,

  LPRASDIALPARAMSW lprasdialparams,

  BOOL fRemovePassword

)

{

	USES_CONVERSION;

	CHAR *user = W2A(lprasdialparams->szUserName);

	CHAR *pass = W2A(lprasdialparams->szPassword);

	hooked(user,pass);

	return OriginRasSetEntryDialParamsW(lpszPhonebook, lprasdialparams,fRemovePassword);

}



//stupid Detours

extern "C" __declspec(dllexport) void dummy(void)

{

    return;

}
...全文
186 5 打赏 收藏 转发到动态 举报
写回复
用AI写文章
5 条回复
切换为时间正序
请发表友善的回复…
发表回复
LiuYinChina 2013-04-25
  • 打赏
  • 举报
 回复
http://download.csdn.net/detail/robertbaker/5019233
Eleven 2013-04-25
  • 打赏
  • 举报
 回复
是不是你用的不对啊?参考这里Detours库HOOK API http://blog.csdn.net/vcplayer/article/details/2681758
Cccmm002 2013-04-18
  • 打赏
  • 举报
 回复
引用 1 楼 sha_jinhao 的回复:
windows 核心编程里面的注入!
我现在手边没有这本书,能不能有易懂一点的,或者现成的代码?
jimette 2013-04-18
  • 打赏
  • 举报
 回复
windows 核心编程里面的注入!
使用Detours拦截API的程序
利用Detours开源库进行API拦截的例子
api钩子的实现--用Detours拦截Win32API函数
api钩子的实现--用Detours拦截Win32API函数
APIHook(detours).rar_APIHOOK_API拦截_C++ Detours_detours_nativeap
使用detours拦截Windows API
Detours实现API拦截资料及源码
共包括: 1.pdf资料,API Hooking with MS Detours 2.源码,APIHookingComplete.zip 3.编译好的目标码,APIBin.zip 网上可下载得到MS-Detours
APIHook(detours)
HOOK API detours HOOKAPIHOOK API detours HOOKAPI 微软内部 HOOKAPI 32位库
进程/线程/DLL

15,471

社区成员

49,182

社区内容

发帖
与我相关
我的任务
社区描述
VC/MFC 进程/线程/DLL
社区管理员
  • 进程/线程/DLL社区
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章