最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

c++ - WithDLL can't inject my hook into the target process - Stack Overflow

programmeradmin1浏览0评论

I have implemented a DLL for hooking functions in a target process using Microsoft Detours. However, when I run withdll.exe, which comes with Detours, I get the following error:

B:>withdll.exe /d:[...]\IniHook.dll HookTarget.exe
withdll.exe: Error: [...]\IniHook.dll does not export ordinal #1.
             See help entry DetourCreateProcessWithDllEx in Detours.chm.

However, I can't find any Detours.chm in order to look up what to do.

What could the problem be, and how to fix it?

My hook code is

#include "pch.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <detours.h>
#include <iostream>

#pragma comment(lib, "detours.lib")

typedef DWORD(WINAPI* GetPrivateProfileStringW_t)(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name);

GetPrivateProfileStringW_t TrueGetPrivateProfileStringW = nullptr;

DWORD WINAPI HookedGetPrivateProfileStringW(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name)
{
    std::wcout << L"GetPrivateProfileStringW called." << L"\n";
    return TrueGetPrivateProfileStringW(app, key, def, result, size, file_name);
}

BOOL APIENTRY DllMain(HMODULE module, DWORD  reason, LPVOID _)
{
    switch (reason)
    {
    case DLL_THREAD_ATTACH:
    case DLL_PROCESS_ATTACH:
        DetourTransactionBegin();
        TrueGetPrivateProfileStringW = (GetPrivateProfileStringW_t)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetPrivateProfileStringW");
        DetourAttach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        DetourTransactionBegin();
        DetourDetach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    }
    return TRUE;
}

I have implemented a DLL for hooking functions in a target process using Microsoft Detours. However, when I run withdll.exe, which comes with Detours, I get the following error:

B:>withdll.exe /d:[...]\IniHook.dll HookTarget.exe
withdll.exe: Error: [...]\IniHook.dll does not export ordinal #1.
             See help entry DetourCreateProcessWithDllEx in Detours.chm.

However, I can't find any Detours.chm in order to look up what to do.

What could the problem be, and how to fix it?

My hook code is

#include "pch.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <detours.h>
#include <iostream>

#pragma comment(lib, "detours.lib")

typedef DWORD(WINAPI* GetPrivateProfileStringW_t)(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name);

GetPrivateProfileStringW_t TrueGetPrivateProfileStringW = nullptr;

DWORD WINAPI HookedGetPrivateProfileStringW(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name)
{
    std::wcout << L"GetPrivateProfileStringW called." << L"\n";
    return TrueGetPrivateProfileStringW(app, key, def, result, size, file_name);
}

BOOL APIENTRY DllMain(HMODULE module, DWORD  reason, LPVOID _)
{
    switch (reason)
    {
    case DLL_THREAD_ATTACH:
    case DLL_PROCESS_ATTACH:
        DetourTransactionBegin();
        TrueGetPrivateProfileStringW = (GetPrivateProfileStringW_t)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetPrivateProfileStringW");
        DetourAttach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        DetourTransactionBegin();
        DetourDetach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    }
    return TRUE;
}
Share Improve this question edited Jan 18 at 18:19 Thomas Weller asked Jan 18 at 15:53 Thomas WellerThomas Weller 59.7k23 gold badges137 silver badges253 bronze badges 6
  • 1 DetourUpdateThread(GetCurrentThread()) senseless code. TrueGetPrivateProfileStringW - with __imp_GetPrivateProfileStringW code was more native – RbMm Commented Jan 18 at 18:11
  • @RbMm: I get the first one (see also stackoverflow/a/2637105/480982) but I don't quite get the second one. Is it just a naming issue? – Thomas Weller Commented Jan 18 at 18:23
  • No, you can use EXTERN_C extern PVOID __imp_GetPrivateProfileStringW; and call GetPrivateProfileStringW in native way. Also will be not need use GetProcAddress in this case for intit pointer. You can simply import it ( in some case possible better not unconditionally import some api, but not in concrete case ). – RbMm Commented Jan 18 at 18:28
  • Code with TrueGetPrivateProfileStringW also correct, but here you need not native names, typedefs, etc. also about #1 ordinal is documented. Dll simply must export it. It never will be called. But it need for load dll – RbMm Commented Jan 18 at 18:31
  • @RbMm: it seems you know a lot more about this than I do. If you write an answer, I'll delete mine. I managed to remove GetProcAddress(), but the code doesn't look right – Thomas Weller Commented Jan 18 at 18:52
 |  Show 1 more comment

1 Answer 1

Reset to default 1

The code does not export DllMain, so withdll.exe can't find it.

Change the code to:

__declspec(dllexport)
BOOL APIENTRY DllMain(HMODULE module, DWORD  reason, LPVOID _)
{
    switch (reason)
[...]
发布评论

评论列表(0)

  1. 暂无评论