MS Detours - GetTickCount上的DetourAttach失败,出现ERROR_INVALID_BLOCK

时间:2015-09-16 07:15:10

标签: winapi hook detours

我现在已经反对这一段时间了。除了这个案例之外,我一直在成功使用Microsoft Detours。

我试图从Kernel32.dll挂钩WINBASEAPI DWORD WINAPI GetTickCount(VOID);。 DetourAttach总是返回ERROR_INVALID_BLOCK。

来自文档:

ERROR_INVALID_BLOCK 
  The function referenced is too small to be detoured.

我已经看到很多其他人成功地将这个功能与Detours挂钩但是我无法得到它。绕道后我不在乎调用原来的功能。

我在Windows 7 x64上使用Detours Express 3.0和32位应用程序。

有人有什么想法吗?

完整代码:

#include <windows.h>
#include <stdio.h>
#include "include\detours.h"

#pragma comment( lib, "detours.lib" )

BOOL(WINAPI *Orig_QueryPerformanceCounter)(LARGE_INTEGER *lpPerformanceCount) = QueryPerformanceCounter;
BOOL WINAPI New_QueryPerformanceCounter(LARGE_INTEGER *lpPerformanceCount) {
    printf("QueryPerformanceCounter()\n");
    return 0;
}

DWORD(WINAPI * Orig_GetTickCount)() = GetTickCount;
DWORD WINAPI New_GetTickCount() {
    printf("GetTickCount()\n");
    return 0;
}

BOOL WINAPI DllMain(HINSTANCE, DWORD dwReason, LPVOID) {
    switch (dwReason) {
    case DLL_PROCESS_ATTACH:
    {
        LONG error = DetourTransactionBegin();
        if (error != NO_ERROR) {
            printf("DetourTransactionBegin failed with error: %d.\n", error);
            return FALSE;
        }

        error = DetourUpdateThread(::GetCurrentThread());
        if (error != NO_ERROR) {
            printf("DetourUpdateThread failed with error: %d.\n", error);
            return FALSE;
        }

        //DetourSetIgnoreTooSmall(TRUE); // Doesn't help

        // Works fine
        error = DetourAttach(&(PVOID &)Orig_QueryPerformanceCounter, New_QueryPerformanceCounter);
        if (error != NO_ERROR) {
            printf("DetourAttach QueryPerformanceCounter failed with error: %d.\n", error);
            return FALSE;
        }

        // Fails here, with error = 9
        error = DetourAttach(&(PVOID &)Orig_GetTickCount, New_GetTickCount);
        if (error != NO_ERROR) {
        printf("DetourAttach GetTickCount failed with error: %d.\n", error); 
        return FALSE;
        }

        error = DetourTransactionCommit();
        if (error != NO_ERROR) {
            printf("DetourTransactionCommit failed with error: %d.\n", error);
            return FALSE;
        }

        break;
    }
    case DLL_PROCESS_DETACH:
    {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID &)Orig_QueryPerformanceCounter, New_QueryPerformanceCounter);
        DetourDetach(&(PVOID &)Orig_GetTickCount, New_GetTickCount);
        DetourTransactionCommit();
        break;
    }
    }

    return TRUE;
}

0 个答案:

没有答案
相关问题
最新问题