我的系统:Microsoft Windows XP Professional 32位
IDE /编译器:Microsoft Visual C ++ 2010 Express Edition
图书馆:Detours 3.0 Express
目标:编写简单的数据包记录器。
我的代码:
mydll.cpp
#include <cstdio>
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")
int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
FILE* pSendLogFile;
FILE* pRecvLogFile;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s\n", buf);
fclose(pSendLogFile);
return pSend(s, buf, len, flags);
}
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
fprintf(pRecvLogFile, "%s\n", buf);
fclose(pRecvLogFile);
return pRecv(s, buf, len, flags);
}
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
if (DetourIsHelperProcess()) {
return TRUE;
}
if (dwReason == DLL_PROCESS_ATTACH) {
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
}
return TRUE;
}
injector.cpp
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
int main(int argc, char *argv[])
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
if(!DetourCreateProcessWithDllEx("C:\\Program Files\\Internet Explorer\\iexplore.exe",
NULL, NULL, NULL, TRUE,
CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
NULL, NULL, &si, &pi,
"C:\\Documents and Settings\\Dawid\\Pulpit\\detours_test\\Detours_test\\Release\\Detours_test.dll", NULL))
MessageBox(0, "failed", 0, 0);
else
MessageBox(0, "success", 0, 0);
ResumeThread(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(&si);
CloseHandle(&pi);
return EXIT_SUCCESS;
}
错误讯息:
(iexplore.exe)应用程序
问题: 我的代码出了什么问题?为什么我会收到此错误?
答案 0 :(得分:1)
<强>解决强>
我删除了功能:
DetourRestoreAfterWith();
从DLL获取并添加到DLL函数:
extern "C" __declspec(dllexport) void dummy(void){
return;
}
现在,它有效!
<强> mydll.cpp 强>
#include <cstdio>
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")
int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
FILE* pSendLogFile;
FILE* pRecvLogFile;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s\n", buf);
fclose(pSendLogFile);
return pSend(s, buf, len, flags);
}
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
fprintf(pRecvLogFile, "%s\n", buf);
fclose(pRecvLogFile);
return pRecv(s, buf, len, flags);
}
extern "C" __declspec(dllexport) void dummy(void){
return;
}
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
if (DetourIsHelperProcess()) {
return TRUE;
}
if (dwReason == DLL_PROCESS_ATTACH) {
//DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
}
else if (dwReason == DLL_PROCESS_DETACH) {
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
}
return TRUE;
}
<强> injector.cpp 强>
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
int main(int argc, char *argv[])
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
if(!DetourCreateProcessWithDllEx("C:\\client.exe",
NULL, NULL, NULL, TRUE,
CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
NULL, NULL, &si, &pi,
"C:\\Documents and Settings\\Dawid\\Pulpit\\detours_test\\Detours_test\\Release\\Detours_test.dll", NULL))
MessageBox(0, "failed", 0, 0);
else
MessageBox(0, "success", 0, 0);
ResumeThread(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(&si);
CloseHandle(&pi);
return EXIT_SUCCESS;
}