我已为memcpy编程了钩子,但它只在程序结束时调用。
不是每次都被称为函数。地址也不同。
这是钩子:
#include <windows.h>
#include<iostream>
#include "detours\detours.h"
#pragma comment( lib, "msvcrt.lib" )
#pragma comment( lib, "detours.lib" )
//#pragma comment( lib, "detoured.lib" )
//int (WINAPI *Real_Send)(SOCKET s, const char *buf, int len, int flags) = send;
//int WINAPI Mine_Send(SOCKET s, const char* buf, int len, int flags);
//void *memcpy(void *dest,const void *src,size_t count);
void *(*Real_Memcpy)(void *dest, const void *src, size_t count) = memcpy;
void *(*Real_Memcpy_add)(void *dest, const void *src, size_t count) = &memcpy;
void * Mine_Memcpy(void *dest, const void *src, size_t count);
void* Mine_Memcpy(void *dest, const void *src, size_t count) {
HANDLE hFile;
BOOL bErrorFlag = FALSE;
DWORD dwBytesWritten = 0;
char cislo[24]; // just big enough
sprintf(cislo,"0x%08x", Real_Memcpy_add);
MessageBoxA(0, cislo, cislo, 0);
MessageBoxA(0, (char *)src, (char *)src, 0);
/*hFile = CreateFileA("C:\\Users\\edit\\Documents\\test.txt", // name of the write
FILE_APPEND_DATA, // open for writing
0, // do not share
NULL, // default security
OPEN_ALWAYS, // create new file only
FILE_ATTRIBUTE_NORMAL, // normal file
NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
MessageBoxA(0, "Canot open file", "Error", 0);
}
bErrorFlag = WriteFile(
hFile, // open file handle
src, // start of data to write
count, // number of bytes to write
&dwBytesWritten, // number of bytes that were written
NULL); // no overlapped structure
if (FALSE == bErrorFlag)
{
MessageBoxA(0, "canot write to file", "Error", 0);
}
const char * str = "\r\n";
bErrorFlag = WriteFile(
hFile, // open file handle
str, // start of data to write
strlen(str) + 1, // number of bytes to write
&dwBytesWritten, // number of bytes that were written
NULL); // no overlapped structure
if (FALSE == bErrorFlag)
{
MessageBoxA(0, "canot write to file", "Error", 0);
}
CloseHandle(hFile);
return Real_Memcpy(dest, src, count);*/
return 0x0;
}
BOOL WINAPI DllMain(HINSTANCE, DWORD dwReason, LPVOID) {
switch (dwReason) {
case DLL_PROCESS_ATTACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID &)Real_Memcpy, Mine_Memcpy);
DetourTransactionCommit();
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID &)Real_Memcpy, Mine_Memcpy);
DetourTransactionCommit();
break;
}
return TRUE;
}
这是一个我想挂钩的程序,但钩子只在程序结束时工作,只发生一次:
#include<iostream>
#include<cstring>
#include<stdio.h>
using namespace std;
int main(){
char asd[20];
cout << "copy" << endl;
cin.get();
cin.get();
int a = strlen("Neviem co mam");
cout << a << endl;
void *(*p_fun)(void *dest, const void *src, size_t count) = &memcpy;
printf("0x%p\n",p_fun);
memcpy(asd,"Neviem co mam",a+1);
cout << "after" << endl;
cout << asd << endl;
memcpy(asd,"Neviem co mam",a+1);
cout << "after" << endl;
cout << asd << endl;
memcpy(asd,"Neviem co mam",a+1);
cout << "after" << endl;
cout << asd << endl;
cin.get();
cin.get();
}
我想在每次调用memcpy时调用钩子并显示goof值。