Deviare2是MS Windows上的专业API Hook库。它易于使用且功能强大。但是当我想使用C#虚拟编写器挂钩WrtieFile时,我发现它连接了两次WriteFile。我试图起诉API Monitor对于Hook虚拟编写器,我发现API Monitor只为每次写入调用挂了一个。那就是有线!
钩码:
spyMgr = new NktSpyMgr();
NktProcess _process = GetProcess("DummyWriter.exe");
while (_process == null)
{
Console.WriteLine("wait for process start...");
System.Threading.Thread.Sleep(10);
_process = GetProcess("DummyWriter.exe");
}
hookDllGetClassObj = spyMgr.CreateHook("kernel32.dll!WriteFile", (int)(eNktHookFlags.flgOnlyPreCall));
hookDllGetClassObj.Attach(_process, true);
hookDllGetClassObj.Hook(true);
hookDllGetClassObj.OnFunctionCalled += OnDllGetClassObjectCalled;
虚拟写:
string key = "";
Task.Factory.StartNew(() => {
int index=1;
while (key == "")
{
using (StreamWriter sw = new StreamWriter("d:\\dummy.txt",true))
{
string str = string.Format("{0}:oh gotcha!", index);
Console.WriteLine(str);
sw.WriteLine(str);
index++;
}
Thread.Sleep(500);
}
});
key = Console.ReadLine();
答案 0 :(得分:0)
API没有挂钩两次,但回调被调用两次。在调用原始API之前然后调用之后。
您必须检查NktHookCallInfo参数,看看您是否在pre或postCall中,以便对参数和结果进行修改。