科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>c++ - WithDLL can't inject my hook into the target process - Stack Overflow

    c++ - WithDLL can't inject my hook into the target process - Stack Overflow

    programmeradmin0浏览0评论

    I have implemented a DLL for hooking functions in a target process using Microsoft Detours. However, when I run withdll.exe, which comes with Detours, I get the following error:

    B:>withdll.exe /d:[...]\IniHook.dll HookTarget.exe
withdll.exe: Error: [...]\IniHook.dll does not export ordinal #1.
             See help entry DetourCreateProcessWithDllEx in Detours.chm.

    However, I can't find any Detours.chm in order to look up what to do.

    What could the problem be, and how to fix it?

    My hook code is

    #include "pch.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <detours.h>
#include <iostream>

#pragma comment(lib, "detours.lib")

typedef DWORD(WINAPI* GetPrivateProfileStringW_t)(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name);

GetPrivateProfileStringW_t TrueGetPrivateProfileStringW = nullptr;

DWORD WINAPI HookedGetPrivateProfileStringW(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name)
{
    std::wcout << L"GetPrivateProfileStringW called." << L"\n";
    return TrueGetPrivateProfileStringW(app, key, def, result, size, file_name);
}

BOOL APIENTRY DllMain(HMODULE module, DWORD  reason, LPVOID _)
{
    switch (reason)
    {
    case DLL_THREAD_ATTACH:
    case DLL_PROCESS_ATTACH:
        DetourTransactionBegin();
        TrueGetPrivateProfileStringW = (GetPrivateProfileStringW_t)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetPrivateProfileStringW");
        DetourAttach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        DetourTransactionBegin();
        DetourDetach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    }
    return TRUE;
}

    I have implemented a DLL for hooking functions in a target process using Microsoft Detours. However, when I run withdll.exe, which comes with Detours, I get the following error:

    B:>withdll.exe /d:[...]\IniHook.dll HookTarget.exe
withdll.exe: Error: [...]\IniHook.dll does not export ordinal #1.
             See help entry DetourCreateProcessWithDllEx in Detours.chm.

    However, I can't find any Detours.chm in order to look up what to do.

    What could the problem be, and how to fix it?

    My hook code is

    #include "pch.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <detours.h>
#include <iostream>

#pragma comment(lib, "detours.lib")

typedef DWORD(WINAPI* GetPrivateProfileStringW_t)(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name);

GetPrivateProfileStringW_t TrueGetPrivateProfileStringW = nullptr;

DWORD WINAPI HookedGetPrivateProfileStringW(LPCWSTR app, LPCWSTR key, LPCWSTR def, LPWSTR result, DWORD size, LPCWSTR file_name)
{
    std::wcout << L"GetPrivateProfileStringW called." << L"\n";
    return TrueGetPrivateProfileStringW(app, key, def, result, size, file_name);
}

BOOL APIENTRY DllMain(HMODULE module, DWORD  reason, LPVOID _)
{
    switch (reason)
    {
    case DLL_THREAD_ATTACH:
    case DLL_PROCESS_ATTACH:
        DetourTransactionBegin();
        TrueGetPrivateProfileStringW = (GetPrivateProfileStringW_t)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetPrivateProfileStringW");
        DetourAttach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        DetourTransactionBegin();
        DetourDetach(&(PVOID&)TrueGetPrivateProfileStringW, HookedGetPrivateProfileStringW);
        DetourTransactionCommit();
        break;
    }
    return TRUE;
}
    • c++
    • windows
    • hook
    Share Improve this question edited Jan 18 at 18:19 Thomas Weller asked Jan 18 at 15:53 Thomas WellerThomas Weller 59.7k23 gold badges137 silver badges253 bronze badges 6
    • 1 DetourUpdateThread(GetCurrentThread()) senseless code. TrueGetPrivateProfileStringW - with __imp_GetPrivateProfileStringW code was more native – RbMm Commented Jan 18 at 18:11
    • @RbMm: I get the first one (see also stackoverflow/a/2637105/480982) but I don't quite get the second one. Is it just a naming issue? – Thomas Weller Commented Jan 18 at 18:23
    • No, you can use EXTERN_C extern PVOID __imp_GetPrivateProfileStringW; and call GetPrivateProfileStringW in native way. Also will be not need use GetProcAddress in this case for intit pointer. You can simply import it ( in some case possible better not unconditionally import some api, but not in concrete case ). – RbMm Commented Jan 18 at 18:28
    • Code with TrueGetPrivateProfileStringW also correct, but here you need not native names, typedefs, etc. also about #1 ordinal is documented. Dll simply must export it. It never will be called. But it need for load dll – RbMm Commented Jan 18 at 18:31
    • @RbMm: it seems you know a lot more about this than I do. If you write an answer, I'll delete mine. I managed to remove GetProcAddress(), but the code doesn't look right – Thomas Weller Commented Jan 18 at 18:52
     |  Show 1 more comment

    1 Answer 1

    Reset to default 1

    The code does not export DllMain, so withdll.exe can't find it.

    Change the code to:

    __declspec(dllexport)
BOOL APIENTRY DllMain(HMODULE module, DWORD  reason, LPVOID _)
{
    switch (reason)
[...]

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论