16,466
社区成员
发帖
与我相关
我的任务
分享
HANDLE WINAPI NEW_CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess,
DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition, DWORD dwFlagAndAttributes, HANDLE hTemplateFile)
{
if(lpFileName != "C:\\dlllog.log"){
switch(dwCreationDisposition){
case CREATE_ALWAYS:;
case CREATE_NEW:;
case OPEN_ALWAYS:AppendMessageToLog("创建新文件:","C:\\dlllog.log");
AppendMessageToLog((char *)lpFileName,"C:\\dlllog.log");
break;
case OPEN_EXISTING:;
case TRUNCATE_EXISTING:AppendMessageToLog("打开文件:","C:\\dlllog.log");
AppendMessageToLog((char *)lpFileName,"C:\\dlllog.log");
break;
}
}
HANDLE ret = OLD_CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagAndAttributes, hTemplateFile);
//MessageBoxW(NULL,lpFileName,L"[测试]",MB_OK);
return ret;
}
BOOL WINAPI NEW_WriteFile(HANDLE hFile,LPCVOID lpBuffer,DWORD nNumberOfBytesToWrite,
LPDWORD lpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)
{
AppendWMessageToLog(L"修改文件:",L"C:\\dlllog.log");
AppendWMessageToLog((wchar_t *)hFile,L"C:\\dlllog.log");
BOOL ret=OLD_WriteFile(hFile,lpBuffer,nNumberOfBytesToWrite,lpNumberOfBytesWritten,lpOverlapped);
return ret;
}
DetourAttach(&(PVOID&)OLD_WriteFile,NEW_WriteFile);
DetourAttach(&(PVOID&)OLD_ReadFile,NEW_ReadFile);
这两行之后,生成的dll再注入到进程里的时候,就不能记录结果了...不加这个的时候就是可以记录的...不知道是不是这个NEW_WriteFile写的有问题啊还是哪里出了问题...求大牛帮忙分析..