写入导入表HOOKAPI只能HOOK DEBUG正常,而Release就没有效果?
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了写入导入表HOOKAPI只能HOOK DEBUG正常,而Release就没有效果?相关的知识,希望对你有一定的参考价值。
很奇怪
部分代码:
//DLL里:
void load(LPSTR pszExportMod,PROC pfnCurrent, PROC pfnNew, HMODULE hModCaller)
ULONG ulSize=0;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)
ImageDirectoryEntryToData(hModCaller, TRUE,
IMAGE_DIRECTORY_ENTRY_IMPORT, &ulSize);
if(pImportDesc == NULL)
return;
while(pImportDesc->Name != 0)
LPSTR pszMod = (LPSTR)((DWORD)hModCaller + pImportDesc->Name);
if(lstrcmpiA(pszMod, pszExportMod) == 0)
break;
pImportDesc++;
if(pImportDesc->Name == 0)
return;
PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)(pImportDesc->FirstThunk + (DWORD)hModCaller);
while(pThunk->u1.Function)
PDWORD lpAddr = (PDWORD)&(pThunk->u1.Function);
if(*lpAddr == (DWORD)pfnCurrent)
DWORD dwOldProtect;
MEMORY_BASIC_INFORMATION mbi;
::VirtualQuery(lpAddr, &mbi, sizeof(mbi));
::VirtualProtect(lpAddr, sizeof(DWORD), PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(::GetCurrentProcess(),
lpAddr, &pfnNew, sizeof(DWORD), NULL);
::VirtualProtect(lpAddr, sizeof(DWORD), dwOldProtect, 0);
break;
pThunk++;
//省略.......主程序:
PROC t=(PROC)GetProcAddress(LoadLibrary("user32.dll"), "MessageBoxA");
load("user32.dll",t,(PROC)c,GetModuleHandle(0));
return 0;
已知DEBUG与Release所得的函数指针,模块都一样的!
这个程序是注入DLL去其他进程HOOK API的,目标进程为DEBUG时正常,而目标进程为Release时,却没有一点效果.......求教啊!
以上是关于写入导入表HOOKAPI只能HOOK DEBUG正常,而Release就没有效果?的主要内容,如果未能解决你的问题,请参考以下文章