使用UnhookWindowsHookEx()脱钩时，几个程序崩溃 [英] Several programs crash when unhooking with UnhookWindowsHookEx()

问题描述

我正在做一个全局钩子，将我的DLL添加到钩子链中:

I am doing a global hook to add my DLL to the hook chain:

HHOOK handle = SetWindowsHookEx(WH_CALLWNDPROC, addr, dll, 0);

在我的DLL中，我正在使用Detours拦截几个WINAPI函数调用.一切正常，除了WaitForSingleObject调用.每当我将WaitForSingleObject添加到绕行的函数时，当我解开DLL(Chrome，Skype等)时，几个程序就会崩溃. DLL的外观如下:

Inside my DLL I am using Detours to intercept several WINAPI function calls. Everything works fine, except for WaitForSingleObject calls. Whenever I add WaitForSingleObject to the detoured functions, several programs crash when I unhook my DLL (Chrome, Skype, ...). Here is how the DLL looks:

DWORD (WINAPI* Real_WaitForSingleObject)( HANDLE hHandle, DWORD dwMilliseconds) = WaitForSingleObject;
DWORD WINAPI Mine_WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds);
INT APIENTRY DllMain(HMODULE hDLL, DWORD Reason, LPVOID Reserved) {

    switch(Reason) {
        case DLL_PROCESS_ATTACH: 
            DetourTransactionBegin();
            DetourUpdateThread(GetCurrentThread());
            DetourAttach(&(PVOID&)Real_WaitForSingleObject, Mine_WaitForSingleObject);
            DetourTransactionCommit();
            break;
        case DLL_PROCESS_DETACH: 
            DetourTransactionBegin(); 
            DetourUpdateThread(GetCurrentThread());
            DetourDetach(&(PVOID&)Real_WaitForSingleObject, Mine_WaitForSingleObject);
            DetourTransactionCommit();
            break;
        case DLL_THREAD_ATTACH:

            break;
        case DLL_THREAD_DETACH:

            break;
    }
    return TRUE;
}
DWORD WINAPI Mine_WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds) {

    return Real_WaitForSingleObject(hHandle, dwMilliseconds);
}

extern "C" __declspec(dllexport) int meconnect(int code, WPARAM wParam, LPARAM lParam) {

    return CallNextHookEx(NULL, code, wParam, lParam);
}

有人可以帮助我了解为什么会发生这种情况以及如何解决该问题吗?谢谢！

Could someone help me to understand why this is happening and how I can get around that Problem? Thanks!

推荐答案

您正在绕开几乎所有进程都使用的函数.这特别危险，因为这样的过程很可能会激活该函数.几乎在任何情况下都将阻止呼叫.一旦解除阻止，该代码将恢复到不再存在的弯路.

You are detouring a function that almost any process uses. And it is particularly dangerous since it is very likely that such a process has a call on that function active. A blocking call in almost any case. As soon as it unblocks, the code will resume into your detour that is no longer there.

Kaboom.

实际上，卸载弯路的唯一方法是注销，这样就可以避免绕弯的每个进程都不再运行.

Realistically, the only way to unload your detour is by logging out so that every process that could have been detoured is no longer running.

这篇关于使用UnhookWindowsHookEx()脱钩时，几个程序崩溃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！