如何正确使用C ++中的Detour库来对具有已知内存地址的函数进行简单钩子? [英] How to use the Detour library in C++ properly for a simple hook of a function with known memory adress?
问题描述
我很难绕道而行。我正在使用Detour 3.0。
I am having trouble to get my first hook using detour to work. I am using Detour 3.0.
我的代码可以正常编译,并且可以使用 Winject 注入DLL,但是我想使用的功能钩似乎没有被钩住。我试图在记事本中挂钩函数InsertDateTime。
http://www.9injector.com/winject-injector/
My code compiles fine and I can inject the DLL using Winject , however, the function which I am suppose to hook doesnt seem to be hooked. I am trying to hook the function InsertDateTime in notepad.
http://www.9injector.com/winject-injector/
我使用 IDA以十六进制表示法找到了InsertDateTime的地址免费版。
下面的代码中是否存在一些根本性的错误,或者在每次调用时进程中的内存不是同一时间?
Is there anything fundmatal misstakes in the code below or is the memory in the process not ceratinaly at the same time at every call?
我注入的DLL的代码如下所示:
My code for the injected DLL can be seen below:
// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
//
int(__stdcall* InsertDateTime)(int) = (int(__stdcall*)(int))(0x0100978A);
int MyInsertDateTime(int x) //Our function
{
//Messagebox
MessageBox(NULL, TEXT("InsertDateTime Just Got Called"), TEXT("InsertDateTime"), MB_OK);
return InsertDateTime(x); //Return the origional function
}
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call) //Decide what to do
{
case DLL_PROCESS_ATTACH: //On dll attach
//InsertDateTime = (int (__stdcall*)(int))DetourAttach((PVOID*)0x0100978A, MyInsertDateTime);
//MessageBox(NULL, TEXT("InsertDateTime Just Got Called"), TEXT("InsertDateTime"), MB_OK);
DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
//if(!errorCode) {
//Detour successful
break;
case DLL_THREAD_ATTACH: //On thread attach
DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
break;
case DLL_THREAD_DETACH: //On thread detach
break;
case DLL_PROCESS_DETACH: //on process detach
DetourDetach((PVOID*)0x0100978A, InsertDateTime);
break;
}
return TRUE;
}
此外,代码大多来自使用Detour 1.5的旧教程。
参考: http://www.moddb.com/groups/ibepex / tutorials / function-hooking
Also the code is mostly taken from an old tutorial using Detour 1.5. Reference: http://www.moddb.com/groups/ibepex/tutorials/function-hooking
推荐答案
Detours使用的交易系统类似于数据库。您必须先启动事务,然后更改才仅在提交事务时应用。
Detours is using a transaction system similar to databases. Before you can call Attach or Detach you have to start a transaction and the changes will only apply when you commit the transaction.
DetourTransactionBegin();
DetourAttach(...);
DetourAttach(...);
DetourTransactionCommit();
我认为这是在2.0中引入的,这可以解释为什么1.5的教程代码不包含
I think this was introduced in 2.0, which would explain why your tutorial code for 1.5 doesn't include it.
这篇关于如何正确使用C ++中的Detour库来对具有已知内存地址的函数进行简单钩子?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!