Detour框架的主要功能为hook、注入,百度上多数的信息是hook的,而我没有找到注入的完整代码,在尝试自己写的过程中,发生了致命错误
查看官方文档:
错误原因是dll中没有导出函数:__declspec
可以参考官方提供的sampleeinstedll系列中的代码进行修改
官方dll代码如下:
1 #include <stdio.h> 2 #include <Windows.h> 3 #include <detours.h> 4 5 #pragma comment(lib, "detours.lib") 6 7 typedef struct _CPrivateStuff 8 { 9 DETOUR_SECTION_HEADER header; 10 DETOUR_SECTION_RECORD record; 11 CHAR szMessage[32]; 12 }CPrivateStuff; 13 14 #pragma data_seg(".detour") 15 16 static CPrivateStuff private_stuff = { 17 DETOUR_SECTION_HEADER_DECLARE(sizeof(CPrivateStuff)), 18 { 19 (sizeof(CPrivateStuff) - sizeof(DETOUR_SECTION_HEADER)), 20 0, 21 { /* d9ab8a40-f4cc-11d1-b6d7-006097b010e3 */ 22 0xd9ab8a40, 23 0xf4cc, 24 0x11d1, 25 { 0xb6, 0xd7, 0x00, 0x60, 0x97, 0xb0, 0x10, 0xe3 } 26 } 27 }, 28 "The First Dll!" 29 }; 30 #pragma data_seg() 31 32 __declspec(dllexport) VOID WINAPI EDll1Function(VOID) 33 { 34 return; 35 } 36 37 __declspec(dllexport) ULONG WINAPI 38 DllMain(HINSTANCE hInstance, DWORD dwReason, PVOID lpReserved) 39 { 40 (void)hInstance; 41 (void)dwReason; 42 (void)lpReserved; 43 return TRUE; 44 }
注入代码:
#include <stdio.h> #include <windows.h> #include <detours.h> #pragma comment(lib, "detours.lib") int main() { char DirPath[MAX_PATH]; char DLLPath[MAX_PATH]; STARTUPINFO si = { 0 }; PROCESS_INFORMATION pi = { 0 }; ZeroMemory(&si, sizeof(STARTUPINFO)); ZeroMemory(&pi, sizeof(PROCESS_INFORMATION)); si.cb = sizeof(STARTUPINFO); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = SW_SHOW; GetCurrentDirectory(MAX_PATH, DirPath); sprintf_s(DLLPath, MAX_PATH, "%s\dll32.dll", DirPath); DetourCreateProcessWithDllEx(NULL, "C:\Windows\System32\notepad.exe", NULL, NULL, TRUE, CREATE_DEFAULT_ERROR_MODE, NULL, NULL, &si, &pi, DLLPath, NULL); return 0; }