急detours hook api的有关问题,推荐API HOOK的教程
急!detours hook api的问题,推荐API HOOK的教程!
这是代码,照detours帮助文档写的,用来实现文件操作的截获,在另外一个程序中通过LoadLibrary(),FreeLibrary()来导入该DLL,attach和detach都显示成功了,但就是无法截获文件的操作,我还特地的写了一个DeleteFileW的程序,但文件还是照删不误,请问这是什么原因呢?
有什么学习API HOOK比较好的教程么?(《windows核心编程》?),我想系统学一下,现在基本上半查半编的写着程序~麻烦诸位推荐一下,谢谢了!
这是代码,照detours帮助文档写的,用来实现文件操作的截获,在另外一个程序中通过LoadLibrary(),FreeLibrary()来导入该DLL,attach和detach都显示成功了,但就是无法截获文件的操作,我还特地的写了一个DeleteFileW的程序,但文件还是照删不误,请问这是什么原因呢?
有什么学习API HOOK比较好的教程么?(《windows核心编程》?),我想系统学一下,现在基本上半查半编的写着程序~麻烦诸位推荐一下,谢谢了!
- C/C++ code
#include <windows.h>
#include <detours.h>
#include <tchar.h>
//BOOL (WINAPI * SysDeleteFileA)(LPCTSTR lpFileName)= DeleteFile;
//BOOL WINAPI MyHookDeleteFileA(LPCTSTR lpFileName);
BOOL (WINAPI * SysDeleteFileW)(LPCTSTR lpFileName)= DeleteFileW;
BOOL WINAPI MyHookDeleteFileW(LPCTSTR lpFileName);
BOOL (WINAPI *SysMoveFileExW)(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName,DWORD dwFlags)=MoveFileExW;
BOOL WINAPI MyHookMoveFileExW(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName,DWORD dwFlags);
HANDLE (WINAPI *SysCreateFileW)(
LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
// pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to
// copy
)=CreateFileW;
HANDLE MyHookCreateFileW(
LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
// pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to
// copy
);
__declspec(dllexport) void ExportFunc(void)
{
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
{
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)SysDeleteFileW,MyHookDeleteFileW);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)SysMoveFileExW,MyHookMoveFileExW);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)SysCreateFileW,MyHookCreateFileW);
if(DetourTransactionCommit()==NO_ERROR)
{
MessageBox(NULL,_T("Attach Successfully!"),_T("Successful"),MB_OK);
}
// DetourTransactionBegin();
// DetourUpdateThread(GetCurrentThread());
// DetourAttach(&(PVOID&)SysDeleteFileW,MyHookDeleteFileW);
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)SysDeleteFileW, MyHookDeleteFileW);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)SysMoveFileExW, MyHookMoveFileExW);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)SysCreateFileW, MyHookCreateFileW);
if(DetourTransactionCommit()==NO_ERROR)
{
MessageBox(NULL,_T("Detach Successfully!"),_T("Successful"),MB_OK);
}
break;
}
return true;
}
BOOL WINAPI MyHookDeleteFileW(LPCTSTR lpFileName)
{
MessageBox(NULL,_T("You Can Not Delete This File!"),_T("ERROR"),MB_OK);
return true;
}
BOOL WINAPI MyHookMoveFileExW(LPCTSTR lpExistingFileName,LPCTSTR lpNewFileName,DWORD dwFlags)
{
MessageBox(NULL,_T("You Can Not Move This File!"),_T("ERROR"),MB_OK);
return true;
}
HANDLE MyHookCreateFileW(
LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode
DWORD dwShareMode, // share mode
LPSECURITY_ATTRIBUTES lpSecurityAttributes,
// pointer to security attributes
DWORD dwCreationDisposition, // how to create
DWORD dwFlagsAndAttributes, // file attributes
HANDLE hTemplateFile // handle to file with attributes to
// copy
){
MessageBox(NULL,_T("You Can Not Create File!"),_T("ERROR"),MB_OK);
return NULL;
}