none
急!detours hook api的问题,无法截获操作! RRS feed

  • 常规讨论

  • 这是代码,照detours帮助文档写的,用来实现文件操作的截获,在另外一个程序中通过LoadLibrary(),FreeLibrary()来导入该DLL,attach和detach都显示成功了,但就是无法截获文件的操作,我还特地的写了一个DeleteFileW的程序,但文件还是照删不误,请问这是什么原因呢?

    #include <windows.h>
    #include <detours.h>
    #include <tchar.h>

    //BOOL (WINAPI * SysDeleteFileA)(LPCTSTR lpFileName)= DeleteFile;
    //BOOL WINAPI MyHookDeleteFileA(LPCTSTR lpFileName);

    BOOL (WINAPI * SysDeleteFileW)(LPCTSTR lpFileName)= DeleteFileW;
    BOOL WINAPI MyHookDeleteFileW(LPCTSTR lpFileName);

    BOOL (WINAPI *SysMoveFileExW)(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName,DWORD dwFlags)=MoveFileExW;
    BOOL WINAPI MyHookMoveFileExW(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName,DWORD dwFlags);

    HANDLE (WINAPI *SysCreateFileW)(
      LPCTSTR lpFileName,          // pointer to name of the file
      DWORD dwDesiredAccess,       // access (read-write) mode
      DWORD dwShareMode,           // share mode
      LPSECURITY_ATTRIBUTES lpSecurityAttributes,
                                   // pointer to security attributes
      DWORD dwCreationDisposition,  // how to create
      DWORD dwFlagsAndAttributes,  // file attributes
      HANDLE hTemplateFile         // handle to file with attributes to
                                   // copy
    )=CreateFileW;

    HANDLE MyHookCreateFileW(
      LPCTSTR lpFileName,          // pointer to name of the file
      DWORD dwDesiredAccess,       // access (read-write) mode
      DWORD dwShareMode,           // share mode
      LPSECURITY_ATTRIBUTES lpSecurityAttributes,
                                   // pointer to security attributes
      DWORD dwCreationDisposition,  // how to create
      DWORD dwFlagsAndAttributes,  // file attributes
      HANDLE hTemplateFile         // handle to file with attributes to
                                   // copy
    );

    __declspec(dllexport) void ExportFunc(void)
    {
    }

    BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
    {
        switch(fdwReason)
        {
        case DLL_PROCESS_ATTACH:
            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourAttach(&(PVOID&)SysDeleteFileW,MyHookDeleteFileW);

            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourAttach(&(PVOID&)SysMoveFileExW,MyHookMoveFileExW);

            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourAttach(&(PVOID&)SysCreateFileW,MyHookCreateFileW);

            if(DetourTransactionCommit()==NO_ERROR)
            {
                MessageBox(NULL,_T("Attach Successfully!"),_T("Successful"),MB_OK);
            }

        //    DetourTransactionBegin();
        //    DetourUpdateThread(GetCurrentThread());
        //    DetourAttach(&(PVOID&)SysDeleteFileW,MyHookDeleteFileW);
           
            break;
        case DLL_PROCESS_DETACH:
            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourDetach(&(PVOID&)SysDeleteFileW, MyHookDeleteFileW);

            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourDetach(&(PVOID&)SysMoveFileExW, MyHookMoveFileExW);

            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourDetach(&(PVOID&)SysCreateFileW, MyHookCreateFileW);

            if(DetourTransactionCommit()==NO_ERROR)
            {
                MessageBox(NULL,_T("Detach Successfully!"),_T("Successful"),MB_OK);
            }

            break;

        }

        return true;
    }

    BOOL WINAPI MyHookDeleteFileW(LPCTSTR lpFileName)
    {
        MessageBox(NULL,_T("You Can Not Delete This File!"),_T("ERROR"),MB_OK);
        return true;
    }

    BOOL WINAPI MyHookMoveFileExW(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName,DWORD dwFlags)
    {
        MessageBox(NULL,_T("You Can Not Move This File!"),_T("ERROR"),MB_OK);
        return true;
    }


    HANDLE MyHookCreateFileW(
      LPCTSTR lpFileName,          // pointer to name of the file
      DWORD dwDesiredAccess,       // access (read-write) mode
      DWORD dwShareMode,           // share mode
      LPSECURITY_ATTRIBUTES lpSecurityAttributes,
                                   // pointer to security attributes
      DWORD dwCreationDisposition,  // how to create
      DWORD dwFlagsAndAttributes,  // file attributes
      HANDLE hTemplateFile         // handle to file with attributes to
                                   // copy
                                   ){
        MessageBox(NULL,_T("You Can Not Create File!"),_T("ERROR"),MB_OK);
        return NULL;

    }

    2010年4月22日 11:59

全部回复