C++ DLL源代码中的函数钩子
我有 C++ DLL 的源代码。该 DLL 是应用程序的一部分。我想挂钩由另一个 DLL 加载到内存中的函数,以便所有其他 DLL 而不是原始函数调用我的挂钩函数。我将这段代码放入我的代码中:
#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
//Function prototype
int (__stdcall* OriginalFunction)();
//Our hook function
int FunctionHook()
{
//Return the real function
return OriginalFunction();
}
//On attach set the hooks
OriginalFunction = (int (__stdcall*)())DetourFunction((PBYTE)0x0100344C, (PBYTE)FunctionHook);
问题是:如果我在一个 DLL 中搜索偏移量并按此偏移量修补该函数,这不是错误的吗(我认为这更复杂,因为我在另一个 DLL 中并且想要挂钩所有 DLL 的函数)?顺便问一下,有人知道如何在 IDA PRO 中获取标准(fex.0x0100344C)偏移量吗?
I have the source code from a C++ DLL. This DLL is part of an applicaton. I want to hook a function loaded in memory by another DLL, so that my hooked function gets called by all other DLL's instead of the original function. I put this code in my code:
#include <windows.h>
#include "detours.h"
#pragma comment(lib, "detours.lib")
//Function prototype
int (__stdcall* OriginalFunction)();
//Our hook function
int FunctionHook()
{
//Return the real function
return OriginalFunction();
}
//On attach set the hooks
OriginalFunction = (int (__stdcall*)())DetourFunction((PBYTE)0x0100344C, (PBYTE)FunctionHook);
The question is: Isn't it wrong if I search in ONE DLL for an offset and patch the function by this offset(I think it's more complicated because I'm in another DLL and want to hook the function for all DLL's)? By the way, does somebody know how I can get the standard(fex. 0x0100344C) offsets in IDA PRO?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
看来你是想走微软的弯路,微软是windows平台上的一个hook系统。
Detours 使用的是“trampline hook”。简单来说,它会尝试“重写”函数前面的几条ASM指令,并将真正的调用重定向到您的特定函数,类似的事情。绕道可以帮助你处理这些细节。但我没有看到任何关于detours的代码,所以我认为你需要学习一些关于detours基本用法的文档。
对于您的问题:
OriginalFunction只是一个指向特定地址的变量。重写这个变量不会影响真正的调用。因为你的程序仍然会使用原始地址调用,你只需更改一个变量,而不是你的内部程序。当你将内存重写为钩子函数时,这种正常情况只会影响当前进程,因为Windows NT下的程序使用的是虚拟地址,而不是真实的内存地址。
It seems that you are trying to use detours of Microsoft, which is a hook system on windows platform.
Detours is using a "trampline hook". Simply speaking, it will try to "rewrite" function's front several ASM instruction, and redirect the real call to you specific function, something like that. Detours can help you to handle these detail. But I don't see any code about detours, so I think you need to learn some documentation about detours basic usage.
For your question:
OriginalFunctionis just a variable point to a specific address. Rewrite this variable cannot affect the real call. Cause you program will still call using original address, you just change a variable, not your internal program.When you rewrite the memory to hook function, this normal just affect the current process because the program under windows NT is using virtual address, not the real memory address.