MS Detours Express 3.0没有正确地挂接CreateFile win32 API函数

本文介绍了MS Detours Express 3.0没有正确地挂接CreateFile win32 API函数的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我试图钩住Win32 API函数的CreateFile使用MS走弯路，但是当我打开使用微软的Word，将调用的CreateFile通过MS Word中加载的DLL和字体文件和目录* .doc文件测试它被重定向我绕道功能，但不适用于* .doc文件，但是当我打开使用记事本的CreateFile呼吁为* .txt文件一个* .txt文件来我绕道功能。

我使用下面的代码挂钩的CreateFile：

 静态手柄（WINAPI * Real_CreateFile）（LPCWSTR lpFileName的对象，DWORD dwDesiredAccess ，DWORD dwShareMode，LPSECURITY_ATTRIBUTES lpSecurityAttributes，DWORD CREATE_NEW标志，DWORD dwFlagsAndAttributes，HANDLE hTemplateFile）=的CreateFile; 
 
 HANDLE WINAPI Routed_CreateFile（LPCWSTR lpFileName的对象，DWORD dwDesiredAccess，DWORD dwShareMode，LPSECURITY_ATTRIBUTES lpSecurityAttributes，DWORD CREATE_NEW标志，DWORD dwFlagsAndAttributes，HANDLE hTemplateFile）
 {
的OutputDebugString（lpFileName的对象）; 
返回Real_CreateFile（lpFileName的对象，dwDesiredAccess，dwShareMode，lpSecurityAttributes，CREATE_NEW标志，dwFlagsAndAttributes，hTemplateFile）; 
} 
 
 BOOL APIENTRY DllMain（HMODULE hModule，DWORD ul_reason_for_call，LPVOID lpReserved）
 {
 LONG错误; 
 switch（ul_reason_for_call）
 {
 case DLL_PROCESS_ATTACH：
 
 OutputDebugString（L附加MyDLL.dll）; 
 OutputDebugString（strInfo）; 
 DetourRestoreAfterWith（）; 
 DetourTransactionBegin（）; 
 DetourUpdateThread（GetCurrentThread（））; 
 DetourAttach（&（PVOID&）Real_CreateFile，Routed_CreateFile）; 
 Error = DetourTransactionCommit（）; 
 
 if（Error == NO_ERROR）
 OutputDebugString（LHooked Success）; 
 else 
 OutputDebugString（LHook Error）; 
 
 break; 
情况下DLL_THREAD_ATTACH：
情况下DLL_THREAD_DETACH：
情况下DLL_PROCESS_DETACH：
的OutputDebugString（L德连接MYDLL.DLL）; 
 DetourTransactionBegin（）; 
 DetourUpdateThread（GetCurrentThread（））; 
 DetourDetach（&（PVOID&）Real_CreateFile，Routed_CreateFile）; 
 Error = DetourTransactionCommit（）; 
 
 if（Error == NO_ERROR）
 OutputDebugString（LUn Hooked Success）; 
 else 
 OutputDebugString（LUn-Hook Error）; 
 
 break; 
} 
 return TRUE; 
}

提前感谢。

解决方案

我认为你在这之后缺少 break ：

  case DLL_THREAD_ATTACH：
 case DLL_THREAD_DETACH：
 break; //对线程消息不感兴趣
 case DLL_PROCESS_DETACH：

它叫什么？也许打开 .doc 创建一个新线程，但是 .txt 不会触发此代码路径。 p>

I am trying to hook win32 API function "CreateFile" using MS Detours, but when I test it by opening a *.doc file using MS Word, The CreateFile call for DLLs and font files and directories loaded by MS Word are redirected to my detoured function but not for that *.doc file, but when I open a *.txt file using notepad the CreateFile call for that *.txt file comes to my detoured function.

I am using following code for hooking CreateFile:

static HANDLE (WINAPI *Real_CreateFile)(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) = CreateFile;

HANDLE WINAPI Routed_CreateFile(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile)
{
OutputDebugString(lpFileName);
return Real_CreateFile(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}

BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved )
{
LONG Error;
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:

    OutputDebugString(L"Attaching MyDLL.dll");
    OutputDebugString(strInfo);
    DetourRestoreAfterWith();
    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourAttach(&(PVOID&)Real_CreateFile, Routed_CreateFile);
    Error = DetourTransactionCommit();

    if (Error == NO_ERROR)
        OutputDebugString(L"Hooked Success");
    else
        OutputDebugString(L"Hook Error");

    break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
    OutputDebugString(L"De-Attaching MyDLL.dll");
    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourDetach(&(PVOID&)Real_CreateFile, Routed_CreateFile);
    Error = DetourTransactionCommit();

    if (Error == NO_ERROR)
        OutputDebugString(L"Un-Hooked Success");
    else
        OutputDebugString(L"Un-Hook Error");

    break;
}
return TRUE;
}

Thanks in advance.

解决方案

I think you are missing a break after this:

case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
    break;  // Not interested in thread messages
case DLL_PROCESS_DETACH:

Are you just detaching the detour before it is called? Maybe opening a .doc creates a new thread but a .txt doesn't, triggering this code path.

这篇关于MS Detours Express 3.0没有正确地挂接CreateFile win32 API函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！