Detours Hook：GetVolumeInformation Random Volume Serial

我正在嘗試使用Detours Express（3.0）來掛鉤GetVolumeInformation來更改音量序列。問題是每次掛鉤函數被調用時它會返回一個隨機卷序列。Detours Hook：GetVolumeInformation Random Volume Serial

#include <fstream> 
#include <string> 
#include <windows.h> 
#include <detours.h> 
#include <fcntl.h> 
#include <stdio.h> 
#include <io.h> 
#pragma comment(lib,"detours.lib") 
#pragma comment(lib,"ws2_32.lib") 
std::string rcvBuf; 

HANDLE CreateConsole(); 

HANDLE CreateConsole() 
{ 
    int hConHandle = 0; 
    HANDLE lStdHandle = 0; 
    FILE *fp = 0; 

    // Allocate a console 
    AllocConsole(); 

    // redirect unbuffered STDOUT to the console 
    lStdHandle = GetStdHandle(STD_OUTPUT_HANDLE); 
    hConHandle = _open_osfhandle(PtrToUlong(lStdHandle), _O_TEXT); 
    fp = _fdopen(hConHandle, "w"); 
    *stdout = *fp; 
    setvbuf(stdout, NULL, _IONBF, 0); 

    return lStdHandle; 
} 

HMODULE hLib = GetModuleHandle("Kernel32.dll"); 
typedef BOOL (WINAPI *HWIDPtr)(LPCTSTR lpRootPathName, LPTSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD &lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPTSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize); 
HWIDPtr pHWID = (HWIDPtr)GetProcAddress(hLib, "GetVolumeInformationW"); 

BOOL WINAPI MyHWID(LPCTSTR lpRootPathName, LPTSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPTSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize) 
{ 
    printf(("Real : %u"),&lpVolumeSerialNumber); 
    return pHWID(lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize, lpVolumeSerialNumber, lpMaximumComponentLength, lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize); 
} 

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) 
{ 

if (DetourIsHelperProcess()) { 
    return TRUE; 
} 

if (dwReason == DLL_PROCESS_ATTACH) { 

    CreateConsole(); 
    DetourRestoreAfterWith(); 

    DetourTransactionBegin(); 
    DetourUpdateThread(GetCurrentThread()); 
    DetourAttach(&(PVOID&)pHWID, MyHWID); 
    if(DetourTransactionCommit() == NO_ERROR) 
       printf("Attached [email protected]"); 
} 
else if (dwReason == DLL_PROCESS_DETACH) { 

    DetourTransactionBegin(); 
    DetourUpdateThread(GetCurrentThread()); 
    DetourDetach(&(PVOID&)pHWID, MyHWID); 
    DetourTransactionCommit(); 
} 
return TRUE; 
}

任何意見，將不勝感激。

來源

2015-08-24 Asmo

如果您指的是hook函數內部的printf（）調用會輸出隨機垃圾 - 這非常合理，因爲lpVolumeSerialNumber是一個out參數，因此它可能（也很可能會）在原來的函數調用。如果你想看到原來的函數返回值，你應該重寫以下方式你的鉤子函數：

BOOL WINAPI MyHWID(LPCTSTR lpRootPathName, LPTSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPTSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize) 
{ 
    BOOL retval = pHWID(lpRootPathName, lpVolumeNameBuffer, nVolumeNameSize, lpVolumeSerialNumber, lpMaximumComponentLength, lpFileSystemFlags, lpFileSystemNameBuffer, nFileSystemNameSize); 
    printf(("Real : %u"), *lpVolumeSerialNumber); 
    return retval; 
}

請注意，我也改變了「&」，以「*」 - 這就是你應該使用，如果你想解引用一個指針，而不是得到它的地址。

希望這有助於

來源

2015-08-27 06:14:16

已經找到了自己，非常感謝壽，一個「易於理解」的解釋！ – Asmo

Detours Hook：GetVolumeInformation Random Volume Serial

回答

相關問題