0
我掛鉤到NtCreateFile函數,但我不是因爲一些錯誤。我的代碼是 如下.am得到兩個錯誤,即 1)未解析的外部符號_NtCreateFile和 2)1個未解析的外部。 請幫助我。無法掛鉤NtCreateFile
#include "stdafx.h"
#include "MinHook.h"
#include <Winternl.h>
#if defined _M_X64
#pragma comment(lib, "libMinHook.x64.lib")
#elif defined _M_IX86
#pragma comment(lib, "libMinHook.x86.lib")
#endif
typedef NTSTATUS(WINAPI *NtCreateFileNext)(PHANDLE FileHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlock,PLARGE_INTEGER AllocationSize,ULONG FileAttributes,
ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer,ULONG EaLength);
NtCreateFileNext Real_NtCreateFileData = NULL;
NTSTATUS WINAPI NtCreateFileCallback(PHANDLE FileHandle,ACCESS_MASK DesiredAccess,POBJECT_ATTRIBUTES ObjectAttributes,
PIO_STATUS_BLOCK IoStatusBlock,PLARGE_INTEGER AllocationSize,ULONG FileAttributes,
ULONG ShareAccess,ULONG CreateDisposition,ULONG CreateOptions,PVOID EaBuffer,ULONG EaLength)
{
MessageBoxA(NULL,"NtCreateFile Called","Info",MB_OK);
return(FileHandle, DesiredAccess, ObjectAttributes,IoStatusBlock, AllocationSize, FileAttributes,
ShareAccess, CreateDisposition, CreateOptions, EaBuffer, EaLength);
}
BOOL APIENTRY DllMain(HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if (MH_CreateHook(&NtCreateFile, &NtCreateFileCallback, reinterpret_cast<void**>(&Real_NtCreateFileData)) != MH_OK)
{
MessageBoxW(NULL,L"Failed CreateHook NtCreateFile",L"Info!",MB_ICONWARNING|MB_OK);
}
if (MH_EnableHook(&NtCreateFile) != MH_OK)
{
MessageBoxW(NULL,L"Failed EnableHook NtCreateFile",L"Info!",MB_ICONWARNING|MB_OK);
}
break;
case DLL_PROCESS_DETACH:
if (MH_Uninitialize() != MH_OK)
{
}
if (MH_DisableHook(&NtCreateFile) != MH_OK)
{
}
break;
}
return TRUE;
}
由於提前