带有Detours 3.0 Express的简单数据包记录器

时间:2012-11-23 15:32:50

标签: c++ detours

我的系统:Microsoft Windows XP Professional 32位

IDE /编译器:Microsoft Visual C ++ 2010 Express Edition

图书馆:Detours 3.0 Express

目标:编写简单的数据包记录器。

我的代码:

mydll.cpp

#include <cstdio>
#include <windows.h>
#include <detours.h>

#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")

int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);

FILE* pSendLogFile;
FILE* pRecvLogFile;

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
    fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
    fprintf(pSendLogFile, "%s\n", buf);
    fclose(pSendLogFile);
    return pSend(s, buf, len, flags);
}

int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
    fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
    fprintf(pRecvLogFile, "%s\n", buf);
    fclose(pRecvLogFile);
    return pRecv(s, buf, len, flags);
}

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
    if (DetourIsHelperProcess()) {
        return TRUE;
    }

    if (dwReason == DLL_PROCESS_ATTACH) {
        DetourRestoreAfterWith();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)pRecv, MyRecv);
        DetourTransactionCommit();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)pSend, MySend);
        DetourTransactionCommit();

    }
    else if (dwReason == DLL_PROCESS_DETACH) {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)pRecv, MyRecv);
        DetourTransactionCommit();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)pSend, MySend);
        DetourTransactionCommit();

    }
    return TRUE;
}

injector.cpp

#include <windows.h>
#include <detours.h>

#pragma comment(lib,"detours.lib")

int main(int argc, char *argv[])
{
    STARTUPINFO si;
    PROCESS_INFORMATION pi;

    ZeroMemory(&si, sizeof(si));
    ZeroMemory(&pi, sizeof(pi));
    si.cb = sizeof(si);
    si.dwFlags = STARTF_USESHOWWINDOW;
    si.wShowWindow = SW_SHOW;

    if(!DetourCreateProcessWithDllEx("C:\\Program Files\\Internet Explorer\\iexplore.exe", 
                                        NULL, NULL, NULL, TRUE, 
                                        CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
                                        NULL, NULL, &si, &pi, 
                                        "C:\\Documents and Settings\\Dawid\\Pulpit\\detours_test\\Detours_test\\Release\\Detours_test.dll", NULL))
        MessageBox(0, "failed", 0, 0);
    else
        MessageBox(0, "success", 0, 0);

    ResumeThread(pi.hThread);

    WaitForSingleObject(pi.hProcess, INFINITE);

    CloseHandle(&si);
    CloseHandle(&pi);

    return EXIT_SUCCESS;
}

错误讯息:

  

(iexplore.exe)应用程序

问题: 我的代码出了什么问题?为什么我会收到此错误?

1 个答案:

答案 0 :(得分:1)

<强>解决

我删除了功能:

DetourRestoreAfterWith();
从DLL获取

并添加到DLL函数:

extern "C" __declspec(dllexport) void dummy(void){
    return;
}

现在,它有效!

<强> mydll.cpp

#include <cstdio>
#include <windows.h>
#include <detours.h>

#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")

int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);

FILE* pSendLogFile;
FILE* pRecvLogFile;

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
    fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
    fprintf(pSendLogFile, "%s\n", buf);
    fclose(pSendLogFile);
    return pSend(s, buf, len, flags);
}

int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
    fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
    fprintf(pRecvLogFile, "%s\n", buf);
    fclose(pRecvLogFile);
    return pRecv(s, buf, len, flags);
}

extern "C" __declspec(dllexport) void dummy(void){
    return;
}

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
    if (DetourIsHelperProcess()) {
        return TRUE;
    }

    if (dwReason == DLL_PROCESS_ATTACH) {
        //DetourRestoreAfterWith();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)pSend, MySend);
        DetourTransactionCommit();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourAttach(&(PVOID&)pRecv, MyRecv);
        DetourTransactionCommit();
    }
    else if (dwReason == DLL_PROCESS_DETACH) {
        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)pSend, MySend);
        DetourTransactionCommit();

        DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
        DetourDetach(&(PVOID&)pRecv, MyRecv);
        DetourTransactionCommit();
    }
    return TRUE;
}

<强> injector.cpp

#include <windows.h>
#include <detours.h>

#pragma comment(lib,"detours.lib")

int main(int argc, char *argv[])
{
    STARTUPINFO si;
    PROCESS_INFORMATION pi;

    ZeroMemory(&si, sizeof(si));
    ZeroMemory(&pi, sizeof(pi));
    si.cb = sizeof(si);
    si.dwFlags = STARTF_USESHOWWINDOW;
    si.wShowWindow = SW_SHOW;

    if(!DetourCreateProcessWithDllEx("C:\\client.exe", 
                                        NULL, NULL, NULL, TRUE, 
                                        CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
                                        NULL, NULL, &si, &pi, 
                                        "C:\\Documents and Settings\\Dawid\\Pulpit\\detours_test\\Detours_test\\Release\\Detours_test.dll", NULL))
        MessageBox(0, "failed", 0, 0);
    else
        MessageBox(0, "success", 0, 0);

    ResumeThread(pi.hThread);

    WaitForSingleObject(pi.hProcess, INFINITE);

    CloseHandle(&si);
    CloseHandle(&pi);

    return EXIT_SUCCESS;
}