问题
I'm trying to do some basic hooking with microsoft detours and I can't get it to work. I've used essentially the code that was posted in this thread:
How can I hook Windows functions in C/C++?
but no dice. I updated the send/receive functions in the DLL code to simply log the data to a file, and I tried having the main program hook into the "internet checkers" program, but a log file never gets created, so it appears that the dll wasn't injected.
I'm running Windows 7 64-bit, Visual Studio 10.0, Detours 3.0 (my environment appears to be set up correctly, no issues building or anything). I created a DLL project, pasted in the DLL code from the link above, with send/recv updated as such:
FILE * pSendLogFile;
fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s\n", buf);
fclose(pSendLogFile);
and compiled. Then created another project, pasted in the main code from the link above, set it to look for the chkrzm.exe
program (checkers), and hardcoded the DLL path to:
fullPath = "C:\\Users\\PM\\Documents\\Programs\\C Code\\Test\\DLLTester2\\Debug\\DLLTester2.dll";
and ran it, but no dice. Any idea why I can't get this to work?
回答1:
FYI got this solved. To see which processes are 32-bit, just ctrl-alt-delete and go to the task manager; 32-bit processes are listed with *32 next to them. Also got my hook working; here is the code. I abandoned the CreateRemoteThread approach and just used a system-wide hook. I stitched the code together from:
How to hook external process with SetWindowsHookEx and WH_KEYBOARD http://www.codingthewheel.com/archives/how-i-built-a-working-online-poker-bot-4 http://www.codingthewheel.com/archives/how-i-built-a-working-online-poker-bot-7
This program simply reverses text in 32-bit processes (as shown in the last link above). Eg. open up textpad and hover over menus; their text should get reversed.
The dll:
#include <windows.h>
#include <detours.h>
#include <stdio.h>
#include <iostream>
using namespace std;
// Initial stuff
#ifdef _MANAGED
#pragma managed(push, off)
#endif
#pragma comment( lib, "Ws2_32.lib" )
#pragma comment( lib, "detours.lib" )
#pragma data_seg("Shared")
HHOOK g_hHook = NULL;
#pragma data_seg()
// Globals
HINSTANCE g_hInstance = NULL;
// ExtTextOut - original
BOOL (WINAPI * Real_ExtTextOut)(HDC hdc, int X, int Y, UINT options, const RECT* lprc, LPCTSTR text, UINT cbCount, const INT* lpSpacingValues) = ExtTextOut;
// ExtTextOut - overridden
BOOL WINAPI Mine_ExtTextOut(HDC hdc, int X, int Y, UINT options, const RECT* lprc, LPCTSTR text, UINT cbCount, const INT* lpSpacingValues)
{
if (!text)
return TRUE;
// Make a copy of the supplied string..safely
LPWSTR szTemp = (LPWSTR)LocalAlloc(0, (cbCount+1) * 2);
memcpy(szTemp, text, cbCount*2); // can't use strcpy here
szTemp[cbCount] = L'\0'; // append terminating null
// Reverse it..
wcsrev(szTemp);
// Pass it on to windows...
BOOL rv = Real_ExtTextOut(hdc, X, Y, options, lprc, szTemp, cbCount, lpSpacingValues);
// Cleanup
LocalFree(szTemp);
return TRUE;
}
// DLLMain
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
g_hInstance = (HINSTANCE) hModule;
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)Real_ExtTextOut, Mine_ExtTextOut); // <- magic
DetourTransactionCommit();
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)Real_ExtTextOut, Mine_ExtTextOut);
DetourTransactionCommit();
break;
}
return TRUE;
}
// CBT Hook - dll is hooked into all processes (only 32 bit processes on my machine)
LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode < 0)
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
// Return 0 to allow window creation/destruction/activation to proceed as normal.
return 0;
}
// Install hook
extern "C" __declspec(dllexport) bool install()
{
g_hHook = SetWindowsHookEx(WH_CBT, (HOOKPROC) CBTProc, g_hInstance, 0);
return g_hHook != NULL;
}
// Uninstall hook
extern "C" __declspec(dllexport) void uninstall()
{
if (g_hHook)
{
UnhookWindowsHookEx(g_hHook);
g_hHook = NULL;
}
}
The main program:
#include <Windows.h>
#include <stdio.h>
#include <tchar.h>
#include <iostream>
using namespace std;
// Main
int _tmain(int argc, _TCHAR* argv[])
{
// Load dll
HINSTANCE hinst = LoadLibrary(_T("C:\\Users\\PM\\Documents\\Programs\\C Code\\Test\\DLLTesterFinal\\Debug\\DLLTesterFinal.dll"));
if (hinst)
{
// Get functions
typedef bool (*Install)();
typedef void (*Uninstall)();
Install install = (Install) GetProcAddress(hinst, "install");
Uninstall uninstall = (Uninstall) GetProcAddress(hinst, "uninstall");
cout << "GetLastError1: " << GetLastError () << endl << endl;
// Install hook
bool hookInstalledSuccessfully = install ();
cout << "GetLastError2: " << GetLastError () << endl;
cout << "Hook installed successfully? " << hookInstalledSuccessfully << endl << endl;
// At this point, go to a 32-bit process (eg. textpad, chrome) and hover over menus; their text should get reversed
cout << "Text should now be reversed in 32-bit processes" << endl;
system ("Pause");
// Uninstall hook
uninstall();
cout << endl << "GetLastError3: " << GetLastError () << endl;
cout << "Done" << endl;
system ("Pause");
}
return 0;
}
However upon trying to detour ExtTextOut in a java application, the java app crashes; need to investigate that.
回答2:
I'm running Windows 7 64-bit, Visual Studio 10.0
You have to run the MS DETOUR INJECT as administrator user on WIN7. To validate the working detour code use the samples for detour 3.0 use make target test.
cmd>$Path/Detours Express 3.0>nmake test
来源:https://stackoverflow.com/questions/8624096/having-trouble-with-microsoft-detours