15,471
社区成员
发帖
与我相关
我的任务
分享Detours Hook的问题
DLL中写了如下代码:
HANDLE (WINAPI *SysCreateFile)(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
= CreateFileW;
HANDLE WINAPI MyCreateFile(
LPCWSTR lpFileName,
DWORD dwDesiredAccess,
DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile
)
{
MessageBox(NULL, L"asdf", L"asdf", MB_OK);
return CreateFile(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
// 安装HOOK
DWORD WINAPI ThreadHookCreateFile(LPVOID lpParam)
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)SysCreateFile, MyCreateFile);
DetourTransactionCommit();
return 0;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
// 创建监控线程
HANDLE hThread = CreateThread(NULL, 0, ThreadHookCreateFile, NULL, 0, NULL);
if(hThread != INVALID_HANDLE_VALUE){
CloseHandle(hThread);
}
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)SysCreateFile, MyCreateFile);
DetourTransactionCommit();
}
break;
}
return TRUE;
}
注入之后,目标进程打开文件没有任何反应,感觉是注入失败了。测试环境:Win764
...全文
请发表友善的回复…
发表回复
mygame0302 2014-03-21
- 打赏
- 举报
为什么不调试下呢
myjisgreat 2014-03-14
- 打赏
- 举报
第一个问题如2楼所言,不可以这样写,否则thread attach时就解除了
还有你确定DLL注入成功了?
64位的DLL只能给64位的进程注入
「已注销」 2014-03-14
- 打赏
- 举报
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
这几个这样写确定没问题吗?
u012997273 2014-03-14
- 打赏
- 举报
可以先用(cmd)
tasklist /m /FI "Pid eq 目标进程ID"
看看dll是否注入成功,如果成功了,添加日志,看看是否被Hook了
添加日志可以用outputdebugstring,用debug view可以查看
