Ult*_*nks 6 c++ hook unmanaged easyhook
我在让我的方法挂钩工作时遇到了一些问题。如果“我”调用被挂钩的方法,我就可以让挂钩工作。但是当它在进程操作期间自然发生时,它就不会被吸引。我的问题可能源于这样一个事实:我实际上是在我自己生成的线程中设置这些钩子。显然 LhSetInclusiveACL() 方法需要知道您想要挂钩的线程。嗯,这是我的问题......
\n\n我并不关心哪些线程应用了钩子,我希望它们都被钩子。例如,假设我希望“gdi32.dll”库中的 CreateICW() 方法与整个进程“iexplorer.exe”挂钩。不仅仅是来自线程 ID 号 48291 或其他什么。要知道哪些线程将调用您有兴趣挂钩的例程,需要深入了解您正在挂钩的进程的内部工作原理。我推测这通常是不可行的,而且对我来说当然也不可行。因此,我不可能先验地知道哪些线程 ID 需要被挂钩。
\n\n以下代码取自“UnmanageHook”示例:
\n\nextern "C" int main(int argc, wchar_t* argv[])\n{\n //...\n //...\n //...\n\n /*\n The following shows how to install and remove local hooks...\n */\n FORCE(LhInstallHook(\n GetProcAddress(hUser32, "MessageBeep"),\n MessageBeepHook,\n (PVOID)0x12345678,\n hHook));\n\n // won\'t invoke the hook handler because hooks are inactive after installation\n MessageBeep(123);\n\n // activate the hook for the current thread\n // This is where I believe my problem is. ACLEntries is \n // supposed to have a list of thread IDs that should pay\n // attention to the MessageBeep() hook. Entries that are\n // "0" get translated to be the "current" threadID. I want\n // ALL threads and I don\'t want to have to try to figure out\n // which threads will be spawned in the future for the given\n // process. The second parameter is InThreadCount. I\'m\n // kind of shocked that you can\'t just pass in 0 or -1 or\n // something for this parameter and just have it hook all\n // threads in that given process.\n FORCE(LhSetInclusiveACL(ACLEntries, 1, hHook));\n\n // will be redirected into the handler...\n MessageBeep(123);\n\n\n //...\n //...\n //...\n}\n我在 LhSetInclusiveACL() 方法调用中添加了一些注释来解释这种情况。此外,LhSetExclusiveACL() 和这些方法的“全局”版本似乎也没有帮助。
\n\n供参考的是 LhSetExclusiveACL 的文档:
\n\n/***********************************************************************\nSets an exclusive hook local ACL based on the given thread ID list.\nGlobal and local ACLs are always intersected. For example if the \nglobal ACL allows a set \xe2\x80\x9cG\xe2\x80\x9d of threads to be intercepted, and the \nlocal ACL allows a set \xe2\x80\x9cL\xe2\x80\x9d of threads to be intercepted, then the \nset \xe2\x80\x9cG L\xe2\x80\x9d will be intercepted. The \xe2\x80\x9cexclusive\xe2\x80\x9d and \xe2\x80\x9cinclusive\xe2\x80\x9d \nACL types don\xe2\x80\x99t have any impact on the computation of the final \nset. Those are just helpers for you to construct a set of threads.\n\nEASYHOOK_NT_EXPORT LhSetExclusiveACL(\n ULONG* InThreadIdList,\n ULONG InThreadCount,\n TRACED_HOOK_HANDLE InHandle);\n\nParameters:\n\n InThreadIdList\n An array of thread IDs. If you specific zero for an \n entry in this array, it will be automatically replaced\n with the calling thread ID.\n\n InThreadCount\n The count of entries listed in the thread ID list. This\n value must not exceed MAX_ACE_COUNT!\n\n InHandle\n The hook handle whose local ACL is going to be set. \n\nReturn values:\n\n STATUS_INVALID_PARAMETER_2\n The limit of MAX_ACE_COUNT ACL is violated by the given buffer.\n***********************************************************************/\n我使用这个错误吗?我想这就是大多数实现使用这个库的方式,那么为什么这对我不起作用呢?
\n