系统范围的钩子与MHook [英] System-wide hooks with MHook

问题描述

我有这个项目，我挂钩一些Windows函数（GetOpenFileNameA，GetOpenFileNameW，GetSaveFileNameA，GetSaveFileNameW）与MHook库。这是我用来安装钩子的代码。

  for（size_t i = 0; i< FunctionsCount; ++ i ）
 {
 HMODULE hModule = GetModuleHandleA（Function [i] .ModuleName）; 
 
 // [1] 
 if（！hModule）
 return FALSE; 
 
 * Function [i] .Original = GetProcAddress（hModule，Function [i] .Name）; 
 
 if（* Function [i] .Original == NULL）
 return FALSE; 
 
 if（！Mhook_SetHook（Function [i] .Original，Function [i] .Hooked））
 return FALSE; 
} 
  

从 DllMain DLL_PROCESS_ATTACH 原因。

现在，当我注入我的Dll使用 CreateRemoteThread 方法它工作相当不错，但是当我想使用 LoadAppInit_DLLs 机制设置系统范围的钩子我的钩子不工作。调试后我发现，原因是我的Dll加载BEFORE comdlg32.dll （这是这些函数的模块），然后语句 [1] 返回false，那么我的Dll没有加载。

我到目前为止的解决方案是调用 LoadLibrary 如果 [1] 返回false。

  HMODULE hModule = GetModuleHandleA（Function [i] .ModuleName）; 
 
 // [2] 
 if（！hModule）
 {
 LoadLibraryA（Function [i] .ModuleName）; 
 hModule = GetModuleHandleA（Function [i] .ModuleName）; 
} 
  

我发现很多网站说这是邪恶的，我同意即使工作正常）。另外，如果一个进程根本不使用公共对话框，我挂钩的函数永远不会被调用。

如果任何人可以帮助，也许一个解决方法或解释另一种方式来设置全局钩子，将不胜感激。提前感谢

解决方案

您需要挂钩 LoadLibraryXXX 它们的执行检查您的模块是否已经加载（调用 GetModuleHandle ），如果加载，则挂载它。

这是一个好主意，挂钩dll，以便他们不会卸载了。

I have this project where I hook some Windows functions (GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetSaveFileNameW) with MHook library. This is the code I use to install the hooks.

for(size_t i = 0; i < FunctionsCount; ++i)
{
    HMODULE hModule = GetModuleHandleA(Function[i].ModuleName);

    //[1]
    if( !hModule )
        return FALSE;

    *Function[i].Original = GetProcAddress(hModule, Function[i].Name);

    if(*Function[i].Original == NULL)
        return FALSE;

    if(!Mhook_SetHook(Function[i].Original, Function[i].Hooked))
        return FALSE;
}

It is called from DllMain on DLL_PROCESS_ATTACH reason.

Now, when I inject my Dll using the CreateRemoteThread approach it works pretty well, but when I want to set up the system-wide hooks using LoadAppInit_DLLs mechanism my hooks doesn't works. After hours debugging I found that the reason is that my Dll is loaded BEFORE comdlg32.dll (which is the module where these functions are), and then the statement [1] returns false, then my Dll is not loaded.

The solution I've so far is to call LoadLibrary if [1] returns false.

HMODULE hModule = GetModuleHandleA(Function[i].ModuleName);

//[2]
if( !hModule )
{
    LoadLibraryA(Function[i].ModuleName);
    hModule = GetModuleHandleA(Function[i].ModuleName);
}

I've found many site where is said this is evil and I agree (even when works fine). Also if a process doesn't use common dialogs at all I'm hooking functions that will never be called.

If anybody could help, maybe a workaround or an explanation of another way to set-up global hooks it will be appreciated. Thanks in advance

解决方案

You need to hook LoadLibraryXXX functions and after successful their execution check whether your module has been loaded (calling GetModuleHandle) and hook it if it is loaded.

Also it is a good idea to pin hooked dlls so they are not unloaded anymore.

这篇关于系统范围的钩子与MHook的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！