NtCreateFile挂钩问题 [英] Problem With NtCreateFile Hook

查看:221
本文介绍了NtCreateFile挂钩问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在挂接NtCreateFile函数,但是我不是因为某些错误.我的代码如下.am遇到两个错误,分别是:
1)无法解析的外部符号_NtCreateFile和
2)1个未解决的外部组件.请帮助我

I am Hooking to NtCreateFile Function but i am not because of some errors. my code is as below .am getting two errors that are:
1)unresolved external symbol _NtCreateFile and
2)1 unresolved externals . please help me

#include "stdafx.h"
#include "MinHook.h"
#include <Winternl.h>

#if defined _M_X64
#pragma comment(lib, "libMinHook.x64.lib")
#elif defined _M_IX86
#pragma comment(lib, "libMinHook.x86.lib")
#endif

typedef NTSTATUS(WINAPI *NtCreateFileNext)( PHANDLE FileHandle,ACCESS_MASK    DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock,PLARGE_INTEGER AllocationSize,ULONG FileAttributes,ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer,ULONG EaLength );

NtCreateFileNext Real_NtCreateFileData = NULL;

NTSTATUS WINAPI NtCreateFileCallback (PHANDLE FileHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,PIO_STATUS_BLOCK IoStatusBlock,PLARGE_INTEGER AllocationSize,ULONG FileAttributes,ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer,ULONG EaLength)
{

   MessageBoxA(NULL,"NtCreateFile Called","Info",MB_OK);
   return(FileHandle, DesiredAccess, bjectAttributes,IoStatusBlock,AllocationSize, FileAttributes,ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength);
}

BOOL APIENTRY DllMain(HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
                        if(MH_CreateHook(&NtCreateFile,&NtCreateFileCallback,reinterpret_cast<void**>(&Real_NtCreateFileData)) != MH_OK)
{
       MessageBoxW(NULL,L"FailedCreateHookNtCreateFile",L"Info!",MB_ICONWARNING|MB_OK);
}
if (MH_EnableHook(&NtCreateFile) != MH_OK)
{             MessageBoxW(NULL,L"FailedEnableHookNtCreateFile",L"Info!",MB_ICONWARNING|MB_OK);
}
 break;

case DLL_PROCESS_DETACH:
                        if (MH_Uninitialize() != MH_OK)
                        {               
                        }
                        if (MH_DisableHook(&NtCreateFile) != MH_OK)
                        {
                        }
                        break;
}
return TRUE;
}

推荐答案

您是否在项目的链接器部分中包含了NtDll,如
Did you include NtDll in your project''s linker section, as described here[^]?


这篇关于NtCreateFile挂钩问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆