将GetTickCount与C ++挂钩 [英] Hooking GetTickCount with C++

问题描述

我不太擅长C ++，更不是C#和PHP专家.我被分配了一个项目，该项目需要我使用GetTickCount并挂接到应用程序中.我需要一些帮助，因为某些原因它无法按计划运行...这是挂钩的代码，我知道它可以正常工作，因为我以前在项目中使用过它.我不确定的唯一一件事是它的GetTickCount部分.我尝试GetTickCount64认为这是解决我的问题的方法(它没有使我注入的内容崩溃)，但发现它根本没有用，因此也没有崩溃.

I'm not great at C++, more of a C# and PHP guy. I've been assigned a project that requires me to use GetTickCount and hooking into an application. I need some help as for some reason it's not working as planned... Here is the code for hooking, I know it works because i've used it in projects before. The only thing i'm not so sure about is the GetTickCount part of it. I tried GetTickCount64 thinking that was a fix to my problem (It didn't crash what i was injecting it into) but found out that instead it just wasn't working at all so it didn't crash it.

bool APIENTRY DllMain(HINSTANCE hDll, DWORD dwReason, LPVOID lpReserved)
{
 switch(dwReason)
 {
 case DLL_PROCESS_ATTACH:

  DisableThreadLibraryCalls(hDll);
  CreateThread(0,0, (LPTHREAD_START_ROUTINE)KeyHooks, 0, 0, 0);
  GetTickCount_orig = (DWORD (__stdcall *)(void))DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetTickCount"), (PBYTE)GetTickCount_hooked);

 case DLL_PROCESS_DETACH:
  DetourRemove((PBYTE)GetProcAddress(GetModuleHandle("kernel32.dll"), "GetTickCount"), (PBYTE)GetTickCount_hooked);

  break;
 }
 return true;
}

以下是用于GetTickCount

DWORD oldtick=0;
DWORD (WINAPI *GetTickCount_orig)(void);
DWORD WINAPI GetTickCount_hooked(void)
{ 
 if(oldtick==0)
 {
  oldtick=(*GetTickCount_orig)();
  return oldtick;
 }
 DWORD factor;
 DWORD ret;

 ret = (*GetTickCount_orig)();
 factor = 3.0;
 DWORD newret;

 newret = ret+((oldtick-ret)*(factor-1));

 oldtick=ret;
 return newret; 
}

您能看到不正确或应更改的内容吗?任何帮助表示赞赏.谢谢！

Can you see something that is incorrect or that should be changed? Any help is appreciated. Thank you!

推荐答案

什么是"KeyHooks"线程?如果希望调用绕行的API，则应该在创建线程之前绕行.

What's the "KeyHooks" thread? If it's expecting to be calling detoured APIs, you ought to detour before creating the thread.

GetTickCount_orig是否已设置好?

Is GetTickCount_orig getting set at all?

GetTickCount可能是一个非常非常短的API，会导致Detours出现问题(只是没有足够的字节来进行挂接).

GetTickCount is likely a very, very short API causing problems for Detours (just not enough bytes to do the hooking in).

您的DetourRemove将删除GetTickCount64，而不是GetTickCount.

Your DetourRemove is removing for GetTickCount64, not GetTickCount.

另外，如果Detours无法解决问题，那么mhook库的许可要简单得多.

Separately, if Detours isn't working out, there's the mhook library which has far simpler licensing.

这篇关于将GetTickCount与C ++挂钩的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！