16,472
社区成员
发帖
与我相关
我的任务
分享
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved )
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
MessageBox(NULL,L"dll已加载",NULL,0);
// DetourTransactionBegin();
// DetourUpdateThread(GetCurrentThread());
// DetourAttach(&(PVOID&)Sys_CreateFileW, Hook_CreateFileW);
// DetourTransactionCommit();
//
// DetourTransactionBegin();
// DetourUpdateThread(GetCurrentThread());
// DetourAttach(&(PVOID&)Sys_ReadFile, Hook_ReadFile);
// DetourTransactionCommit();
break;
}
case DLL_PROCESS_DETACH:
{
// DetourTransactionBegin();
// DetourUpdateThread(GetCurrentThread());
// DetourDetach((PVOID *)&Sys_CreateFileW, Hook_CreateFileW);
// DetourTransactionCommit();
// DetourDetach((PVOID *)&Sys_ReadFile, Hook_ReadFile);
break;
}
}
return TRUE;
}
这样就没问题,放开注释部分就不行,但是我要HOOK目标进程的 createfile和readfile这两个api,该怎么办
bool CHookTestDlg::PutDllIntoProcess( LPCTSTR lpProcessName,LPCSTR lpDllPath )
{
//根据进程名称查找进程pid
DWORD dwProcessId = GetProcessId(lpProcessName);
if (dwProcessId == 0)
{
MessageBoxW(L"获取进程id失败");
return false;
}
// 根据进程ID得到进程句柄
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);
if(hProcess == NULL)
{
MessageBoxW(L"获取进程句柄错误");
return false;
}
size_t iSize = strlen(lpDllPath)+1;
SIZE_T iHasWrite;
// 在宿主进程中为线程体开辟一块存储区域
// 拷贝注入DLL内容到宿主空间
LPVOID lpRemoteBuf = VirtualAllocEx(hProcess,NULL,iSize,MEM_COMMIT,PAGE_READWRITE);
if(WriteProcessMemory(hProcess,lpRemoteBuf,lpDllPath,iSize,&iHasWrite))
{
if(iHasWrite != iSize)
{
MessageBoxW(L"写入远程进程内存空间出错");
VirtualFreeEx(hProcess,lpRemoteBuf,iSize,MEM_COMMIT);
CloseHandle(hProcess);
return false;
}
}
else
{
MessageBoxW(L"写入远程进程内存空间出错");
CloseHandle(hProcess);
return false;
}
DWORD dwNewThreadId;
LPVOID lpLoadDll = LoadLibraryA;
//在宿主进程中创建线程
HANDLE hNewRemoteThread = CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)lpLoadDll,lpRemoteBuf,0,&dwNewThreadId);
if(hNewRemoteThread == NULL)
{
MessageBoxW(L"建立远程线程失败");
CloseHandle(hProcess);
return false;
}
// 等待LoadLibraryA加载完毕
WaitForSingleObject(hNewRemoteThread,INFINITE);
return true;
}
dllmain:
BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved )
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
{
MessageBox(NULL,L"dll已加载",NULL,0);////////////////////////////////////////////////调用上面的注入时没有弹出来啊???
StartHook();
break;
}
case DLL_PROCESS_DETACH:
{
StopHook();
break;
}
}
return TRUE;
}
还有,动态库中有两个输出函数,我该怎么调用呢,谢谢