使用MinHook挂钩windows explorer copyFile2函数不起作用

时间:2017-05-04 12:13:26

标签: c++ c hook dll-injection

我尝试挂钩CopyFile2函数,因为我写了这个dll:

#include "..\..\..\minhook-1.3.3\include\MinHook.h"

WCHAR msgbuf[1024];

#define DbgPrint(format, ...) wsprintf(msgbuf, format, __VA_ARGS__); \
                              OutputDebugString(msgbuf);

#if defined _M_X64
#pragma comment(lib, "libMinHook.x64.lib")
#elif defined _M_IX86
#pragma comment(lib, "libMinHook.x86.lib")
#endif

typedef HRESULT(WINAPI *COPY_FILE_2)(
    _In_      PCWSTR                          pwszExistingFileName,
    _In_      PCWSTR                          pwszNewFileName,
    _In_opt_  COPYFILE2_EXTENDED_PARAMETERS   *pExtendedParameters
    );

COPY_FILE_2 fpCopyFile2 = NULL;

HRESULT WINAPI DetourCopyFile2(
    _In_      PCWSTR                          pwszExistingFileName,
    _In_      PCWSTR                          pwszNewFileName,
    _In_opt_  COPYFILE2_EXTENDED_PARAMETERS   *pExtendedParameters
)
{
    DbgPrint(L"=> DetourCopyFile2\n");
    DbgPrint(L"DetourCopyFile2.pwszExistingFileName = %ws\n", pwszExistingFileName);
    DbgPrint(L"DetourCopyFile2.pwszNewFileName      = %ws\n", pwszNewFileName);

    return fpCopyFile2(pwszExistingFileName, pwszNewFileName, pExtendedParameters);
}


void InstallHook()
{    
    DbgPrint(L"=> InstallHook\n");

    // Initialize MinHook.
    if (MH_Initialize() != MH_OK)
    {
        DbgPrint(L"failed MH_Initialize\n");
        return;
    }

    if (MH_CreateHook(&CopyFile2, &DetourCopyFile2, (LPVOID*)&fpCopyFile2) != MH_OK)
    {
        DbgPrint(L"failed MH_CreateHook\n");
    }
    else
    {
        if (MH_EnableHook(&CopyFile2) != MH_OK)
        {
            DbgPrint(L"failed MH_EnableHook\n");
        }
    }
}

HINSTANCE hInstance = NULL;

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason)
    {
    case DLL_PROCESS_ATTACH:
        DbgPrint(L"DLL_PROCESS_ATTACH");
        hInstance = hinstDLL;
        DisableThreadLibraryCalls(hInstance);
        InstallHook();
        break;
    }
    return TRUE;
}

当我注入这个dll来测试prograg它的工作时,DebugView显示了Messages:

int main()
{
    OutputDebugString(L"=> main");
    printf("inject now");
    getchar();

    CopyFile2(L"", L"", NULL);

    system("pause");
    return 0;
}

我从Deviare2项目运行CSharpConsole64.exe,我看到资源管理器使用CopyFile2函数来复制文件。

我的问题是为什么当我将这个DLL注入到Windows资源管理器中时,我得到的只是钩子成功的第一条消息,但是当我复制文件时,DebugView中的detour函数没有消息?我该如何解决这个问题?

我正在使用Visual Studio 2017操作系统Windows 10 64位。

我也尝试过Hook ReadFile函数,我在debugview中收到了消息,但不是每次复制文件时,这里的内容都不清楚我在资源管理器中有什么不同,任何帮助都会非常感激。

0 个答案:

没有答案
相关问题
最新问题