如何正确使用C ++中的Detour库来对具有已知内存地址的函数进行简单钩子？ [英] How to use the Detour library in C++ properly for a simple hook of a function with known memory adress?

问题描述

我很难绕道而行。我正在使用Detour 3.0。

I am having trouble to get my first hook using detour to work. I am using Detour 3.0.

我的代码可以正常编译，并且可以使用 Winject 注入DLL，但是我想使用的功能钩似乎没有被钩住。我试图在记事本中挂钩函数InsertDateTime。

http://www.9injector.com/winject-injector/

My code compiles fine and I can inject the DLL using Winject , however, the function which I am suppose to hook doesnt seem to be hooked. I am trying to hook the function InsertDateTime in notepad.
http://www.9injector.com/winject-injector/

我使用 IDA以十六进制表示法找到了InsertDateTime的地址免费版。

下面的代码中是否存在一些根本性的错误，或者在每次调用时进程中的内存不是同一时间？

Is there anything fundmatal misstakes in the code below or is the memory in the process not ceratinaly at the same time at every call?

我注入的DLL的代码如下所示：

My code for the injected DLL can be seen below:

 // dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"

#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
//

int(__stdcall* InsertDateTime)(int) = (int(__stdcall*)(int))(0x0100978A);
int MyInsertDateTime(int x) //Our function
{
//Messagebox
MessageBox(NULL, TEXT("InsertDateTime Just Got Called"), TEXT("InsertDateTime"), MB_OK);
return InsertDateTime(x); //Return the origional function
}

BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call) //Decide what to do
{
case DLL_PROCESS_ATTACH: //On dll attach
    //InsertDateTime = (int (__stdcall*)(int))DetourAttach((PVOID*)0x0100978A, MyInsertDateTime);
    //MessageBox(NULL, TEXT("InsertDateTime Just Got Called"), TEXT("InsertDateTime"), MB_OK);
    DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
    //if(!errorCode) {
    //Detour successful

break;
case DLL_THREAD_ATTACH: //On thread attach
        DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
break;
case DLL_THREAD_DETACH: //On thread detach
break;
case DLL_PROCESS_DETACH: //on process detach
    DetourDetach((PVOID*)0x0100978A, InsertDateTime);
break;
}
return TRUE;
}

此外，代码大多来自使用Detour 1.5的旧教程。
参考： http://www.moddb.com/groups/ibepex / tutorials / function-hooking

Also the code is mostly taken from an old tutorial using Detour 1.5. Reference: http://www.moddb.com/groups/ibepex/tutorials/function-hooking

推荐答案

Detours使用的交易系统类似于数据库。您必须先启动事务，然后更改才仅在提交事务时应用。

Detours is using a transaction system similar to databases. Before you can call Attach or Detach you have to start a transaction and the changes will only apply when you commit the transaction.

DetourTransactionBegin();
DetourAttach(...);
DetourAttach(...);
DetourTransactionCommit();

我认为这是在2.0中引入的，这可以解释为什么1.5的教程代码不包含

I think this was introduced in 2.0, which would explain why your tutorial code for 1.5 doesn't include it.

这篇关于如何正确使用C ++中的Detour库来对具有已知内存地址的函数进行简单钩子？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！