我试图使用Detours通过全局钩子来钩挂注册表调用,我使用此代码,但是当我运行其他C ++ Builder应用程序时,它总是给我例外。
我不知道到底该将什么作为钩子类型传递给SetWindowsHookEx
。
这里的想法是我想捕获任何打开特定注册表键的exe,例如SOFTWARE\\CloudBackendServices
,所以我在这里创建此钩子,并且从另一个应用程序打开此注册表键,但是每当我运行另一个应用程序时,因DllHook.dll中的访问冲突而崩溃。当我附加RegOpenKeyEx的widechar“ RegOpenKeyExW”版本时,会引发错误,但是当我使用ansistring版本时,根本没有任何错误,但是钩子无法捕获任何东西。
我在这里做什么错了?
代码如下:
Dll代码:
#include <vcl.h>
#include <windows.h>
#include <System.Win.Registry.hpp>
#include "DDetours.hpp"
#include "ClangCpp.h"
#pragma hdrstop
#pragma argsused
#define DLLExport __stdcall __declspec(dllexport)
unique_ptr<TStringList> str(new TStringList);
TMemo *Logger = NULL;
HHOOK hKeyHook;
//---------------------------------------------------------------------------
typedef LSTATUS (*THookedRegOpenKeyExA)(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
typedef LSTATUS (*THookedRegOpenKeyExW)(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
typedef LSTATUS (*THookedRegOpenKeyEx)(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
THookedRegOpenKeyExA HookedRegOpenKeyExA;
THookedRegOpenKeyExW HookedRegOpenKeyExW;
THookedRegOpenKeyEx HookedRegOpenKeyEx;
LSTATUS MyRegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyEx(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) void InstallDetour()
{
//BeginHooks();
if (HookedRegOpenKeyEx == nullptr)
HookedRegOpenKeyEx = (THookedRegOpenKeyEx)InterceptCreate(&RegOpenKeyEx, &MyRegOpenKeyEx);
//if (HookedRegOpenKeyExA == nullptr)
// HookedRegOpenKeyExA = (THookedRegOpenKeyExA)InterceptCreate(&RegOpenKeyExA, &MyRegOpenKeyExA);
//
//if (HookedRegOpenKeyExW == nullptr)
// HookedRegOpenKeyExW = (THookedRegOpenKeyExW)InterceptCreate(&RegOpenKeyExW, &MyRegOpenKeyExW);
//
//EndHooks();
str->Add("Reg Hook Installed");
str->SaveToFile("logfile.txt");
}
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) void UninstallDetour()
{
//BeginUnHooks();
if (HookedRegOpenKeyExA != nullptr)
{
InterceptRemove(HookedRegOpenKeyExA);
HookedRegOpenKeyExA = nullptr;
}
if (HookedRegOpenKeyExW != nullptr)
{
InterceptRemove(HookedRegOpenKeyExW);
HookedRegOpenKeyExW = nullptr;
}
//EndUnHooks();
str->Add("Reg Hook Uninstalled");
str->SaveToFile("logfile.txt");
}
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult)
{
//String Key = lpSubKey;
//if (Pos("SOFTWARE\\CloudBackendServices",Key) != 0)
Logger->Lines->Add(lpSubKey);
//Application->ProcessMessages();
//return RegOpenKeyExA(hKey,lpSubKey,ulOptions,samDesired,phkResult);
}
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult)
{
//String Key = lpSubKey;
//if (Pos("SOFTWARE\\CloudBackendServices",Key) != 0)
Logger->Lines->Add(lpSubKey);
//Application->ProcessMessages();
//return RegOpenKeyExW(hKey,lpSubKey,ulOptions,samDesired,phkResult);
}
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyEx(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult)
{
//String Key = lpSubKey;
//if (Pos("SOFTWARE\\CloudBackendServices",Key) != 0)
Logger->Lines->Add(lpSubKey);
//return RegOpenKeyExW(hKey,lpSubKey,ulOptions,samDesired,phkResult);
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) LRESULT CALLBACK KeyEvent(int nCode, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) void SetControl(TMemo* aLogger, HHOOK aKeyHook)
{
Logger = aLogger;
Logger->Lines->Add("Logger Assigned");
hKeyHook = aKeyHook;
}
//---------------------------------------------------------------------------
/*extern "C" __stdcall __declspec(dllexport) */int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{
if (DLL_PROCESS_ATTACH == reason)
{
str->Clear();
InstallDetour();
}
else if (DLL_PROCESS_DETACH == reason)
{
UninstallDetour();
}
return 1;
}
主钩子应用程序:
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include "MainU.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TMain *Main;
//---------------------------------------------------------------------------
__fastcall TMain::TMain(TComponent* Owner)
: TForm(Owner)
{
hDll = LoadLibrary(L"DllHook.dll");
if (hDll == NULL)
throw Exception("Load dll error");
KeyEvent = (HOOKPROC) GetProcAddress(hDll, "KeyEvent");
if (KeyEvent == NULL)
throw Exception("KeyEvent function error");
DoSetControl = (TSetControl)GetProcAddress(hDll, "SetControl");
if (DoSetControl == NULL)
throw Exception("SetControl function error");
hKeyHook = SetWindowsHookEx(WH_CBT,(HOOKPROC) KeyEvent, hDll, 0);
DoSetControl(Logger, hKeyHook);
}
//---------------------------------------------------------------------------
void __fastcall TMain::FormDestroy(TObject *Sender)
{
UnhookWindowsHookEx(hKeyHook);
FreeLibrary(hDll);
}
//---------------------------------------------------------------------------
void __fastcall TMain::Button1Click(TObject *Sender)
{
SetRootKey(HKEY_LOCAL_MACHINE);
OpenKey("SOFTWARE\\CloudBackendServices",false);
CloseKey();
}
//---------------------------------------------------------------------------