系统范围的钩子与MHook [英] System-wide hooks with MHook
问题描述
我有这个项目,我挂钩一些Windows函数(GetOpenFileNameA,GetOpenFileNameW,GetSaveFileNameA,GetSaveFileNameW)
与MHook库。这是我用来安装钩子的代码。
for(size_t i = 0; i< FunctionsCount; ++ i )
{
HMODULE hModule = GetModuleHandleA(Function [i] .ModuleName);
// [1]
if(!hModule)
return FALSE;
* Function [i] .Original = GetProcAddress(hModule,Function [i] .Name);
if(* Function [i] .Original == NULL)
return FALSE;
if(!Mhook_SetHook(Function [i] .Original,Function [i] .Hooked))
return FALSE;
}
从 DllMain
DLL_PROCESS_ATTACH
原因。
现在,当我注入我的Dll使用
CreateRemoteThread
方法它工作相当不错,但是当我想使用 LoadAppInit_DLLs
机制设置系统范围的钩子我的钩子不工作。调试后我发现,原因是我的Dll加载BEFORE comdlg32.dll
(这是这些函数的模块),然后语句 [1]
返回false,那么我的Dll没有加载。 我到目前为止的解决方案是调用 LoadLibrary
如果 [1]
返回false。
HMODULE hModule = GetModuleHandleA(Function [i] .ModuleName);
// [2]
if(!hModule)
{
LoadLibraryA(Function [i] .ModuleName);
hModule = GetModuleHandleA(Function [i] .ModuleName);
}
我发现很多网站说这是邪恶的,我同意即使工作正常)。另外,如果一个进程根本不使用公共对话框,我挂钩的函数永远不会被调用。
如果任何人可以帮助,也许一个解决方法或解释另一种方式来设置全局钩子,将不胜感激。提前感谢
您需要挂钩 LoadLibraryXXX
它们的执行检查您的模块是否已经加载(调用 GetModuleHandle
),如果加载,则挂载它。
这是一个好主意,挂钩dll,以便他们不会卸载了。
I have this project where I hook some Windows functions (GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW)
with MHook library. This is the code I use to install the hooks.
for(size_t i = 0; i < FunctionsCount; ++i)
{
HMODULE hModule = GetModuleHandleA(Function[i].ModuleName);
//[1]
if( !hModule )
return FALSE;
*Function[i].Original = GetProcAddress(hModule, Function[i].Name);
if(*Function[i].Original == NULL)
return FALSE;
if(!Mhook_SetHook(Function[i].Original, Function[i].Hooked))
return FALSE;
}
It is called from DllMain
on DLL_PROCESS_ATTACH
reason.
Now, when I inject my Dll using the CreateRemoteThread
approach it works pretty well, but when I want to set up the system-wide hooks using LoadAppInit_DLLs
mechanism my hooks doesn't works. After hours debugging I found that the reason is that my Dll is loaded BEFORE comdlg32.dll
(which is the module where these functions are), and then the statement [1]
returns false, then my Dll is not loaded.
The solution I've so far is to call LoadLibrary
if [1]
returns false.
HMODULE hModule = GetModuleHandleA(Function[i].ModuleName);
//[2]
if( !hModule )
{
LoadLibraryA(Function[i].ModuleName);
hModule = GetModuleHandleA(Function[i].ModuleName);
}
I've found many site where is said this is evil and I agree (even when works fine). Also if a process doesn't use common dialogs at all I'm hooking functions that will never be called.
If anybody could help, maybe a workaround or an explanation of another way to set-up global hooks it will be appreciated. Thanks in advance
You need to hook LoadLibraryXXX
functions and after successful their execution check whether your module has been loaded (calling GetModuleHandle
) and hook it if it is loaded.
Also it is a good idea to pin hooked dlls so they are not unloaded anymore.
这篇关于系统范围的钩子与MHook的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!