我正在尝试使用Easyhook RhInstallLibrary钩住winspool.drv中存在的WritePrinter函数。
Injector.cpp
NTSTATUS nt = RhInjectLibrary(
processId, // The process to inject into
0, // ThreadId to wake up upon injection
EASYHOOK_INJECT_DEFAULT,
NULL, // 32-bit
dllToInject, // hook.dll
NULL, // data to send to injected DLL entry point
0// size of data to send
);
在hook.ddl中,创建了以下函数来挂钩打印机功能
BOOL MyWritePrinter(HANDLE hPrinter, LPVOID pBuf, DWORD cbBuf, LPDWORD pcWritten)
{
//Some Code
return WritePrinter(hPrinter, pBuf, cbBuf, pcWritten);//
}
pBuf中存在传递到打印机的数据流。但是我无法获取该数据。 如何从pBuf中读取数据
WritePrinter函数参考:https://msdn.microsoft.com/en-us/library/windows/desktop/dd145226(v=vs.85).aspx