为啥win8.1下 HOOK CreateProcessInternalW 不成功呢?
其他系统都没问题。。。。 为什么呢!百思不得其解啊!
typedef BOOL (WINAPI* PCreateProcessInternalW)(
HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken);
PCreateProcessInternalW TrueCreateProcessInternalW = 0;
BOOL
WINAPI
HookCreateProcessInternalW(
HANDLE hToken,
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation,
PHANDLE hNewToken
)
{
MessageBox(NULL,L"TrueCreateProcessInternalW",L"111111",MB_ICONINFORMATION);
return 0;
}
HMODULE hModule3=0;
BOOL InitDll()
{
hModule3=::LoadLibrary(TEXT("kernel32.dll"));
if( hModule3 == NULL)
{
MessageBox(NULL,"kernel32.dll","111111",MB_ICONINFORMATION);
}
TrueCreateProcessInternalW =(_CreateProcessInternalW)GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), "CreateProcessInternalW");
if(!TrueCreateProcessInternalW)
{
MessageBox(NULL,"00000","111111",MB_ICONINFORMATION);
if(hModule3)::FreeLibrary(hModule3);
return FALSE;
}
return TRUE;
}
BOOL WINAPI DllMain(HINSTANCE hinstModule, DWORD dwReason, LPVOID lpvReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
if(InitDll())//先检查DLL的加载情况,如果加载失败,只能放弃HOOK
{
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
// 这里可以连续多次调用DetourAttach,表明Hook多个函数
DetourAttach(&(PVOID&)TrueCreateProcessInternalW, HookCreateProcessInternalW ) ;
DetourTransactionCommit();
}
else
{
MessageBox(NULL,"加载DLL失败","提示",MB_ICONINFORMATION);
}
}
return true;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
