系统环境为Windows7,X64,注入程序,DLL,目标程序为VS2013生成的Win32项目
代码再回复中贴出
Detours 拦截API导致目标程序崩溃
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
6条回答 默认 最新
- chfyjy 2016-05-13 02:09关注
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include "detours.h"
#include
#include
#include
#include
#include#pragma comment(lib, "detours.lib")
static BOOL(WINAPI*system_BitBlt)(HDC hdcDest, int nXDest, int nYDest,
int nWidth, int nHeight, HDC hdcSrc, int nXSrc, int nYSrc, DWORD dwRop) = BitBlt;
BOOL hook_BitBlt(HDC hdcDest, int nXDest, int nYDest, int nWidth, int nHeight,
HDC hdcSrc, int nXSrc, int nYSrc, DWORD dwRop)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[2560] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_BitBlt\r\nhdcDest %s\r\nnXDest %d\r\nnYDest %d\r\nnWidth %d\r\nnHeight %d\r\nhdcSrc %s\r\nnXsrc %d\r\nnySrc %d \r\ndwRop %d",
GetCurrentProcessId(), szProcessPathname, hdcDest, nXDest, nYDest, nWidth, nHeight, hdcSrc, nXSrc, nYSrc, dwRop);//StringCchPrintfW(sz, _countof(sz), //L"\r\nProcess: (%d) %s\r\nhook_BitBlt", //GetCurrentProcessId(), szProcessPathname); FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_BitBlt(hdcDest, nXDest, nYDest, nWidth, nHeight, hdcSrc, nXSrc, nYSrc, dwRop);}
static BOOL(WINAPI*system_OpenPrinterA)(LPSTR pPrinterName, LPHANDLE phPrinter, LPPRINTER_DEFAULTSA pDefault) = OpenPrinterA;
BOOL hook_OpenPrinterA(LPSTR pPrinterName, LPHANDLE phPrinter, LPPRINTER_DEFAULTSA pDefault)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_OpenPrinter",
GetCurrentProcessId(), szProcessPathname);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_OpenPrinterA(pPrinterName, phPrinter, pDefault);}
static BOOL(WINAPI*system_GetTextExtentPoint32A)(HDC hdc, LPCSTR lpstring, int c, LPSIZE lpSize) = GetTextExtentPoint32A;
BOOL hook_GetTextExtentPoint32A(HDC hdc, LPCSTR lpstring, int c, LPSIZE lpSize)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
/*StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_GetTextExtentPoint32A\r\nhdc:%s\r\nlpstring:%s\r\nc:%d\r\nlpSize:%d",
GetCurrentProcessId(), szProcessPathname, hdc, lpstring, c, lpSize);*/
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_GetTextExtentPoint32A\r\nlpstring:%s\r\nc:%d\r\nlpSizex:%d\r\nlpSizey:%d",
GetCurrentProcessId(), szProcessPathname, lpstring, c, lpSize->cx, lpSize->cy);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_GetTextExtentPoint32A(hdc, lpstring, c, lpSize);}
static HFONT(WINAPI*system_CreateFontA)(int cHeight, int cWidth, int cEscapement, int cOrientation, int cWeight, DWORD bItalic,
DWORD bUnderline, DWORD bStrikeOut, DWORD iCharSet, DWORD iOutPrecision, DWORD iClipPrecision,
DWORD iQuality, DWORD iPitchAndFamily, LPCSTR pszFaceName) = CreateFontA;
static HFONT(WINAPI*system_CreateFontW)(int cHeight, int cWidth, int cEscapement, int cOrientation, int cWeight, DWORD bItalic,
DWORD bUnderline, DWORD bStrikeOut, DWORD iCharSet, DWORD iOutPrecision, DWORD iClipPrecision,
DWORD iQuality, DWORD iPitchAndFamily, LPCWSTR pszFaceName) = CreateFontW;
HFONT hook_CreateFontA(int cHeight, int cWidth, int cEscapement, int cOrientation, int cWeight, DWORD bItalic,
DWORD bUnderline, DWORD bStrikeOut, DWORD iCharSet, DWORD iOutPrecision, DWORD iClipPrecision,
DWORD iQuality, DWORD iPitchAndFamily, LPCSTR pszFaceName)
{
//MessageBoxA(NULL, "Hook This!", "My hook", MB_OK);
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_CreateFontA\r\n%s",
GetCurrentProcessId(), szProcessPathname, pszFaceName);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_CreateFontA(cHeight, cWidth, cEscapement, cOrientation, cWeight, bItalic, bUnderline, bStrikeOut, iCharSet, iOutPrecision, iClipPrecision, iQuality, iPitchAndFamily, pszFaceName);}
HFONT hook_CreateFontW(int cHeight, int cWidth, int cEscapement, int cOrientation, int cWeight, DWORD bItalic,
DWORD bUnderline, DWORD bStrikeOut, DWORD iCharSet, DWORD iOutPrecision, DWORD iClipPrecision,
DWORD iQuality, DWORD iPitchAndFamily, LPCWSTR pszFaceName)
{
//MessageBoxA(NULL, "Hook This!", "My hook", MB_OK);
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_CreateFontW\r\n%s",
GetCurrentProcessId(), szProcessPathname, pszFaceName);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_CreateFontW(cHeight, cWidth, cEscapement, cOrientation, cWeight, bItalic, bUnderline, bStrikeOut, iCharSet, iOutPrecision, iClipPrecision, iQuality, iPitchAndFamily, pszFaceName);}
static int(WINAPI*system_StartPage)(HDC hdc) = StartPage;
int hook_StartPage(HDC hdc)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_StartPage",
GetCurrentProcessId(), szProcessPathname);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_StartPage(hdc);}
static int(WINAPI*system_EndPage)(HDC hdc) = EndPage;
int hook_EndPage(HDC hdc)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_CreateFontA\r\n%s",
GetCurrentProcessId(), szProcessPathname, hdc);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_EndPage(hdc);}
static BOOL(WINAPI*system_TextOutA)(HDC hdc, int x, int y, LPCSTR lpString, int c) = TextOutA;
static BOOL(WINAPI*system_TextOutW)(HDC hdc, int x, int y, LPCWSTR lpString, int c) = TextOutW;
BOOL hook_TextOutA(HDC hdc, int x, int y, LPCSTR lpString, int c)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_TextOutA\r\nHDC:%s\r\n%s",
GetCurrentProcessId(), szProcessPathname, hdc, lpString);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_TextOutA(hdc, x, y, lpString, c);}
BOOL hook_TextOutW(HDC hdc, int x, int y, LPCWSTR lpString, int c)
{
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
wchar_t sz[256] = { 0 };
StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_TextOutW\r\nHDC:%s\r\n%s",
GetCurrentProcessId(), szProcessPathname, hdc, lpString);FILE *fp; fopen_s(&fp, "C:\\PosLabel.txt", "a"); fwrite(sz, sizeof(char), sizeof(sz), fp); fclose(fp); return system_TextOutW(hdc, x, y, lpString, c);}
static int(WINAPI* system_GetDeviceCaps)(HDC hdc, int index) = GetDeviceCaps;
int hook_GetDeviceCaps(HDC hdc, int index)
{
int ret = system_GetDeviceCaps(hdc, index);
wchar_t szProcessPathname[MAX_PATH];
::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
//wchar_t sz[256] = { 0 };
char sz[256] = { 0 };
/*StringCchPrintfW(sz, _countof(sz),
L"\r\nProcess: (%d) %s\r\n\r\nhook_GetDeviceCaps",
GetCurrentProcessId(), szProcessPathname);
StringCchPrintfA(sz, _countof(sz),
"\r\nhook_GetDeviceCaps\r\nhdc:%s\r\nindex:%d\r\nret %d", hdc, index, ret);*/
StringCchPrintfA(sz, _countof(sz),
"\r\nhook_GetDeviceCaps\r\nret %d", ret);
FILE *fp;
fopen_s(&fp, "C:\PosLabel.txt", "a");
fwrite(sz, sizeof(char), sizeof(sz), fp);
fclose(fp);
return ret;
}//typedef int (WINAPI *PfuncMessageBoxA)(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType);
//typedef int (WINAPI *PfuncMessageBoxW)(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType);
//
//PVOID system_MessageBoxA = DetourFindFunction("User32.dll", "MessageBoxA");
//PVOID system_MessageBoxW = DetourFindFunction("User32.dll", "MessageBoxW");
//
//int WINAPI hook_MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
//{
// wchar_t szProcessPathname[MAX_PATH];
// ::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
// wchar_t sz[256] = { 0 };
// StringCchPrintfW(sz, _countof(sz),
// L"\r\nProcess: (%d) %s\r\n\r\nHook_MessageBoxWsss\r\n\r\nhWnd %s\r\nlpText %s\r\nlpCaption %s\r\nuType %d",
// GetCurrentProcessId(), szProcessPathname, hWnd, lpText, lpCaption, uType);
//
// FILE *fp;
// fopen_s(&fp, "C:\notepad.txt", "a");
// fwrite(sz, sizeof(char), sizeof(sz), fp);
// fclose(fp);
// return ((PfuncMessageBoxA)system_MessageBoxA)(hWnd, "Hook This!", "My hook", uType);
//}
//
//int WINAPI hook_MessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType)
//{
// wchar_t szProcessPathname[MAX_PATH];
// ::GetModuleFileName(NULL, szProcessPathname, MAX_PATH);
// wchar_t sz[256] = { 0 };
// StringCchPrintfW(sz, _countof(sz),
// L"\r\nProcess: (%d) %s\r\n\r\nHook_MessageBoxWsss\r\n\r\nhWnd %s\r\nlpText %s\r\nlpCaption %s\r\nuType %d",
// GetCurrentProcessId(), szProcessPathname, hWnd, lpText, lpCaption, uType);
//
// FILE *fp;
// fopen_s(&fp, "C:\notepad.txt", "a");
// fwrite(sz, sizeof(char), sizeof(sz), fp);
// fclose(fp);
// return ((PfuncMessageBoxW)system_MessageBoxW)(hWnd, L"Hook This!", L"My hook", uType);
//}BOOL APIENTRY InstallHook()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
//DetourAttach((PVOID*)&system_OpenPrinterA, hook_OpenPrinterA);//引起崩溃的函数
//DetourAttach((PVOID*)&system_StartPage, hook_StartPage);//引起崩溃的函数
//DetourAttach((PVOID*)&system_EndPage, hook_EndPage);//引起崩溃的函数
//DetourAttach((PVOID*)&system_BitBlt, hook_BitBlt);//引起崩溃的函数
//DetourAttach((PVOID*)&system_GetTextExtentPoint32A, hook_GetTextExtentPoint32A);//引起崩溃的函数
//DetourAttach((PVOID*)&system_GetDeviceCaps, hook_GetDeviceCaps);//引起崩溃的函数DetourAttach((PVOID*)&system_TextOutA, hook_TextOutA); //没有引起崩溃的函数 DetourAttach((PVOID*)&system_TextOutW, hook_TextOutW); //没有引起崩溃的函数 /*DetourAttach((PVOID*)&system_CreateFontA, hook_CreateFontA); //没有引起崩溃的函数 DetourAttach((PVOID*)&system_CreateFontW, hook_CreateFontW);*/ //没有引起崩溃的函数 LONG ret = DetourTransactionCommit(); return ret == NO_ERROR;}
BOOL APIENTRY UnInstallHook()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());//DetourDetach((PVOID*)&system_StartPage, hook_StartPage); //DetourDetach((PVOID*)&system_EndPage, hook_EndPage); //DetourDetach((PVOID*)&system_BitBlt, hook_BitBlt); //DetourDetach((PVOID*)&system_GetTextExtentPoint32A, hook_GetTextExtentPoint32A); //DetourDetach((PVOID*)&system_GetDeviceCaps, hook_GetDeviceCaps); //DetourDetach((PVOID*)&system_OpenPrinterA, hook_OpenPrinterA); DetourDetach((PVOID*)&system_TextOutA, hook_TextOutA); DetourDetach((PVOID*)&system_TextOutW, hook_TextOutW); /*DetourDetach((PVOID*)&system_CreateFontA, hook_CreateFontA); DetourDetach((PVOID*)&system_CreateFontW, hook_CreateFontW);*/ LONG ret = DetourTransactionCommit(); return ret == NO_ERROR;}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
OutputDebugString(L"DLL_PROCESS_ATTACH\n");
if (!InstallHook())
MessageBoxA(NULL, "No InstallHook Failed", "DllMain", MB_OK);
break;case DLL_THREAD_ATTACH:break; case DLL_THREAD_DETACH:break; case DLL_PROCESS_DETACH: OutputDebugString(L"DLL_PROCESS_DETACH\n"); if (!UnInstallHook()) MessageBoxA(NULL, "No UnInstallHook Failed", "DllMain", MB_OK); break; } return TRUE;}
//注入程序
// createhook.cpp : 定义控制台应用程序的入口点。
//#include "stdafx.h"
#include
#include
#include
#include
#include
#include
#includevoid ErrorExit(LPTSTR lpszFunction)
{
LPVOID lpMsgBuf;
LPVOID lpDisplayBuf;
DWORD dw = GetLastError();
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
dw,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&lpMsgBuf,
0, NULL);
lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT,
(lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)lpszFunction) + 40)*sizeof(TCHAR));
StringCchPrintf((LPTSTR)lpDisplayBuf,
LocalSize(lpDisplayBuf),
TEXT("\r\n%s failed with error %d: %s"),
lpszFunction, dw, lpMsgBuf);
MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK);FILE *fp; fopen_s(&fp, "C:\\errorlog.txt", "a "); fwrite(lpDisplayBuf, sizeof(char), sizeof(lpDisplayBuf), fp); fclose(fp); LocalFree(lpMsgBuf); LocalFree(lpDisplayBuf); //ExitProcess(dw);}
int EnableDebugPrivilege(const char* name)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
//打开进程令牌环
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken);
//ErrorExit("OpenProcessToken ");
//查看系统权限的特权值,返回信息到一个LUID结构体里
LookupPrivilegeValueA(NULL, name, &luid);
//ErrorExit("LookupPrivilegeValueA ");
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid = luid;
//调整权限
AdjustTokenPrivileges(hToken, 0, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
ErrorExit("AdjustTokenPrivileges ");return 0;}
BOOL InjectDll(const char* dll_absolute_path, const DWORD dwRemoteProcessID)
{
HANDLE hRemoteProcess;
EnableDebugPrivilege(SE_DEBUG_NAME);
//打开远程线程
hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwRemoteProcessID);
//ErrorExit("OpenProcess ");
//printf_s("hRemoteProcess:%d", hRemoteProcess);
if (hRemoteProcess == NULL)
MessageBox(NULL, "No hRemoteProcess Failed", TEXT("InjectDll"), MB_OK);char* pszLibFileRemote; //使用VirtualAllocEx函数在远程进程的内存地址空间分配dll文件名空间 pszLibFileRemote = (char *)VirtualAllocEx(hRemoteProcess, NULL, lstrlen(dll_absolute_path) + 1, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (pszLibFileRemote == NULL) MessageBox(NULL, "No pszLibFileRemote Failed", TEXT("VirtualAllocEx"), MB_OK); //ErrorExit("VirtualAllocEx "); //使用WriteProcessMemory函数将DLL的路径名写入到远程进程的内存空间 if (WriteProcessMemory(hRemoteProcess, pszLibFileRemote, (void*)dll_absolute_path, lstrlen(dll_absolute_path) + 1, NULL) != TRUE) { MessageBox(NULL, "No WriteProcessMemory Failed", TEXT("WriteProcessMemory"), MB_OK); } //ErrorExit("WriteProcessMemory "); //printf_s("WriteProcessMemory:%d", GetLastError()); //计算LoadLibarayA的入口地址 PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)GetProcAddress (GetModuleHandleA("Kernel32.dll"), "LoadLibraryA"); if (pfnStartAddr == NULL) { MessageBox(NULL, "No GetProcAddress Failed", TEXT("GetProcAddress"), MB_OK); } //ErrorExit("GetProcAddress "); //启动远程线程LoadLibraryA,通过远程线程创建新线程 HANDLE hRemoteThread; if ((hRemoteThread = CreateRemoteThread(hRemoteProcess, NULL, 0, pfnStartAddr, pszLibFileRemote, 0, NULL)) == NULL) { MessageBox(NULL, "No CreateRemoteThread Failed", TEXT("CreateRemoteThread"), MB_OK); return FALSE; } WaitForSingleObject(hRemoteThread, INFINITE); if (pszLibFileRemote != NULL) VirtualFreeEx(hRemoteProcess, pszLibFileRemote,0, MEM_COMMIT); //ErrorExit("CreateRemoteThread "); //释放句柄 CloseHandle(hRemoteProcess); CloseHandle(hRemoteThread); return TRUE;}
DWORD GetProcessID(char* targetFile)//获取exe执行时的进程ID
{
DWORD pid = -1;//创建系统快照 HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); //ErrorExit("CreateToolhelp32Snapshot "); PROCESSENTRY32 lprs; //取得系统快照中的第一个进程信息,判断是否为目标exe的运行进程 Process32First(hSnap, &lprs); //ErrorExit("Process32First "); if (strstr(targetFile, lprs.szExeFile)) { pid = lprs.th32ProcessID; return pid; } while (1) { ZeroMemory(&lprs, sizeof(lprs)); lprs.dwSize = (&lprs, sizeof(lprs)); if (!Process32Next(hSnap, &lprs)) { pid = -1; break; } if (strstr(targetFile, lprs.szExeFile)) { pid = lprs.th32ProcessID; break; } } printf_s("pid:%d", pid); //MessageBox(NULL, (LPCTSTR)&pid, TEXT("Error"), MB_OK); return pid;}
int _tmain(int argc, _TCHAR* argv[])
{
if (InjectDll("E:\chf_yjy's_work\work5\0503\detourlib\Release\detourlib.dll",
GetProcessID("printtest.exe")))
MessageBox(NULL, "Yes InjectDll Successed", TEXT("InjectDll"), MB_OK);
else
MessageBox(NULL, "No InjectDll Failed", TEXT("InjectDll"), MB_OK);return 0;}
解决 无用评论 打赏举报 分享
- 2021-10-30 07:58回答 3 已采纳 注意区分32位/64位?
- 2017-10-15 11:06回答 1 已采纳 http://www.doc88.com/p-9252322583844.html
- 2021-08-30 16:24Dennis F的博客 API HOOK技术是一种用于改变API执行结果的技术。API HOOK技术能够在控制流将要进入某些API函数时,将控制流转到自定义的函数上。在这个自定义的函数中,API HOOK技术使用者能够获取传入API函数的参数,并根据这些...
- 2016-12-22 14:37xcw_user的博客 在我们的样例库中,Divide()函数是有bug的,因为如果除0就会导致程序崩溃(假设我们的程序并没有做异常处理),现在我们的目标就是来修补这个漏洞。 代理DLL 为了修补BlackBox.dll中的漏洞,我们接下来需要创建...
- 2013-10-25 15:02chen_chun_guang的博客 我们截获函数执行最直接的目的就是为函数增添功能,修改返回值,或者为调试以及性能测试加入...通过访 问源代码,我们可以轻而易举的使用重建(Rebuilding)操作系统或者应用程序的方法在它们中间插入新的功能或者做
- 2013-04-01 14:11chinabinlang的博客 Detours是微软开发的一个函数库,可用于捕获系统API。在用其进行程序开发之前,得做一些准备工作: 一.下载Detours 在http://research.microsoft.com/sn/detours 可免费下载Detours,当前的最新版本是 Detours...
- 2015-10-20 10:59linuxheik的博客 Detours 使用方法 HOOK API [复制链接] liuyuxi 发表于 2015-1-11 00:03:26 | 显示全部楼层 一、Detours库的...
- 2019-09-19 11:29chubaisheng8627的博客 我们截获函数执行最直接的目的就是为函数增添功能,修改...通过访 问源代码,我们可以轻而易举的使用重建(Rebuilding)操作系统或者应用程序的方法在它们中间插入新的功能或者做功能扩展。然而,在今天这个商业 化...
- 2021-06-29 09:38顺其自然~的博客 Detours 是Microsoft开发一个库,下载地址...Detours替换目标API最前面的几条指令,使其无条件的跳转到用户提供的拦截函数。被替换的API函数的前几条指令被保存到tram
- 2015-03-09 17:46lx624909677的博客 拦截win32 API 调用对于多数windows开发人员来说一直都是很有挑战性的课题,但我承认,这也是我喜欢的课题之一。钩子机制表现为用一种底层技术控制特定代码段的执行,它也提供了一种直观的机制,可以很容易改变操作...
- 2012-01-18 14:50GWeruo的博客 拦截win32 API 调用对于多数windows开发人员来说都一直是很有挑战性的课题,我承认,这也是我感兴趣的一个课题。钩子机制就是用一种底层技术控制特定代码段的执行,它同时提供了一种直观的方法,很容易就能改变操作...
- 2012-05-05 18:36Hustudent20080101的博客 拦截win32 API 调用对于多数windows开发人员来说都一直是很有挑战性的课题,我承认,这也是我感兴趣的一个课题。钩子机制就是用一种底层技术控制特定代码段的执行,它同时提供了一种直观的方法,很容易就能改变...
- 2009-07-13 09:58ljz888666555的博客 原文出处:http://www.codeproject.com/system/hooksys.asp 拦截win32 API 调用对于多数windows开发人员来说都一直是很有挑战性的课题,我承认,这也是我感兴趣的一个课题。钩子机制就是用一种底层技术控制特定...
- 2013-01-26 14:07donglinshengan的博客 在做网页静音功能时,接触了Detours.lib捕获系统API。从网上找的1.5版本Detours.lib在Vista以上版本的系统无效。网上找了些资料,转到自己空间,以备学习。 文章来自: ... ...
- 2014-01-14 11:16Monkey_Online的博客 我们截获函数执行最直接的目的就是为函数增添功能,修改返回值,或者为...通过访问源代码,我们可以轻而易举的使用重建(Rebuilding)操作系统或者应用程序的方法在它们中间插入新的功能或者做功能扩展。然而,在今
- 2017-10-15 20:09iihacker_cat的博客 转载地址 ... Detour工具包作用:拦截API函数 先用一个简单的例子说明问题: //dll.cpp #include #include "detours.h" static LONG dwSlept = 0; static VOID (WINAPI * Tr
- 没有解决我的问题, 去提问
悬赏问题
- ¥20 delta降尺度方法,未来数据怎么降尺度
- ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
- ¥15 再不同版本的系统上,TCP传输速度不一致
- ¥15 高德地图点聚合中Marker的位置无法实时更新
- ¥15 DIFY API Endpoint 问题。
- ¥20 sub地址DHCP问题
- ¥15 delta降尺度计算的一些细节,有偿
- ¥15 Arduino红外遥控代码有问题
- ¥15 数值计算离散正交多项式
- ¥30 数值计算均差系数编程