使用挂钩函数时应用程序崩溃
Posted
技术标签:
【中文标题】使用挂钩函数时应用程序崩溃【英文标题】:Application crashes when using hooked functions 【发布时间】:2013-08-21 20:01:21 【问题描述】:我一直在尝试挂钩一些 winapi 函数,例如DrawText、TextOut、ExtTextOut 使用弯路。如果将我的 dll 注入 Windows 计算器,则挂钩函数工作正常,直到我按下计算器上的按钮,然后导致崩溃。将我的 dll 注入其他进程会导致类似的行为。在我触发某些操作(例如在记事本中打开新文件对话框)之前,所有挂钩都可以正常工作。
我已经在 32 位和 64 位 windows 7 系统上测试了我的 dll,两者都表现出相同的行为。
关于什么可能导致问题的任何想法?
我的 dll:
main.cpp
#include <Windows.h>
#include <detours.h>
#include "hookedFunctions.h"
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
switch (ul_reason_for_call)
case DLL_PROCESS_ATTACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pDrawTextW, myDrawTextW);
DetourAttach(&(PVOID&)pDrawTextA, myDrawTextA);
DetourAttach(&(PVOID&)pExtTextOutW, myExtTextOutW);
DetourAttach(&(PVOID&)pExtTextOutA, myExtTextOutA);
DetourAttach(&(PVOID&)pTextOutW, myTextOutW);
DetourAttach(&(PVOID&)pTextOutA, myTextOutA);
DetourAttach(&(PVOID&)myPolyTextOutW, myPolyTextOutW);
DetourAttach(&(PVOID&)myPolyTextOutA, myPolyTextOutA);
if(DetourTransactionCommit() == NO_ERROR)
OutputDebugStringA("Detoured successfully");
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pDrawTextW, myDrawTextW);
DetourDetach(&(PVOID&)pDrawTextA, myDrawTextA);
DetourDetach(&(PVOID&)pExtTextOutW, myExtTextOutW);
DetourDetach(&(PVOID&)pExtTextOutA, myExtTextOutA);
DetourDetach(&(PVOID&)pTextOutW, myTextOutW);
DetourDetach(&(PVOID&)pTextOutA, myTextOutA);
DetourDetach(&(PVOID&)myPolyTextOutW, myPolyTextOutW);
DetourDetach(&(PVOID&)myPolyTextOutA, myPolyTextOutA);
if(DetourTransactionCommit() == NO_ERROR)
OutputDebugStringA("Detoured successfully");
break;
return TRUE;
hookedFunctions.h
#pragma once
#include <Windows.h>
// Declare function pointers to original Windows API functions
extern int (WINAPI *pDrawTextW)(HDC, LPCTSTR, int, LPRECT, UINT);
extern int (WINAPI *pDrawTextA)(HDC, LPCSTR, int, LPRECT, UINT);
extern BOOL (WINAPI *pTextOutW)(HDC, int, int, LPCTSTR, int);
extern BOOL (WINAPI *pTextOutA)(HDC, int, int, LPCSTR, int);
extern BOOL (WINAPI *pExtTextOutW)(HDC, int, int, UINT, const RECT*, LPCTSTR, UINT, const INT*);
extern BOOL (WINAPI *pExtTextOutA)(HDC, int, int, UINT, const RECT*, LPCSTR, UINT, const INT*);
extern BOOL (WINAPI *pPolyTextOutW)(HDC, const POLYTEXTW* , int);
extern BOOL (WINAPI *pPolyTextOutA)(HDC, const POLYTEXTA* , int);
// Declare our custom functions which are used to override the original Windows API functions
int myDrawTextW(HDC, LPCTSTR, int, LPRECT, UINT);
int myDrawTextA(HDC, LPCSTR, int, LPRECT, UINT);
BOOL myTextOutW(HDC, int, int, LPCTSTR, int);
BOOL myTextOutA(HDC, int, int, LPCSTR, int);
BOOL myExtTextOutW(HDC, int, int, UINT, const RECT*, LPCTSTR , UINT, const INT*);
BOOL myExtTextOutA(HDC, int, int, UINT, const RECT*, LPCSTR , UINT, const INT*);
BOOL myPolyTextOutW(HDC, const POLYTEXTW*, int);
BOOL myPolyTextOutA(HDC, const POLYTEXTA*, int);
hookedFunctions.cpp
#include "hookedFunctions.h"
// Create and initialize function pointers to original Windows API functions
int (WINAPI *pDrawTextW)(HDC, LPCTSTR, int, LPRECT, UINT) = DrawTextW;
int (WINAPI *pDrawTextA)(HDC, LPCSTR, int, LPRECT, UINT) = DrawTextA;
BOOL (WINAPI *pTextOutW)( HDC, int, int, LPCTSTR, int) = TextOutW;
BOOL (WINAPI *pTextOutA)(HDC, int, int, LPCSTR, int) = TextOutA;
BOOL (WINAPI *pExtTextOutW)(HDC, int, int, UINT, const RECT*, LPCTSTR, UINT, const INT*) = ExtTextOutW;
BOOL (WINAPI *pExtTextOutA)(HDC, int, int, UINT, const RECT*, LPCSTR, UINT, const INT*) = ExtTextOutA;
BOOL (WINAPI *pPolyTextOutW)(HDC, const POLYTEXTW* , int) = PolyTextOutW;
BOOL (WINAPI *pPolyTextOutA)(HDC, const POLYTEXTA* , int) = PolyTextOutA;
// Custom versions of the Windows API functions, having the same parameters,
// return type, and calling convention as the versions provided by the OS.
int myDrawTextW(HDC hDC, LPCTSTR lpchText, int nCount, LPRECT lpRect, UINT uFormat)
OutputDebugString(lpchText);
return pDrawTextW(hDC, lpchText, nCount, lpRect, uFormat);
int myDrawTextA(HDC hDC, LPCSTR lpchText, int nCount, LPRECT lpRect, UINT uFormat)
OutputDebugStringA(lpchText);
return pDrawTextA(hDC, lpchText, nCount, lpRect, uFormat);
BOOL myTextOutW(HDC hdc, int nXStart, int nYStart, LPCTSTR lpString, int cchString)
OutputDebugString(lpString);
return pTextOutW(hdc, nXStart, nYStart, lpString, cchString);
BOOL myTextOutA(HDC hdc, int nXStart, int nYStart, LPCSTR lpString, int cchString)
OutputDebugStringA(lpString);
return pTextOutA(hdc, nXStart, nYStart, lpString, cchString);
BOOL myExtTextOutW(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc,
LPCTSTR lpString, UINT cbCount, const INT *lpDx)
OutputDebugString(lpString);
return pExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
BOOL myExtTextOutA(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc,
LPCSTR lpString, UINT cbCount, const INT *lpDx)
OutputDebugStringA(lpString);
return pExtTextOutA(hdc, X, Y, fuOptions, lprc, lpString, cbCount, lpDx);
BOOL myPolyTextOutW(HDC hdc, const POLYTEXTW *pptxt, int cStrings)
OutputDebugString(pptxt->lpstr);
return pPolyTextOutW(hdc, pptxt, cStrings);
BOOL myPolyTextOutA(HDC hdc, const POLYTEXTA *pptxt, int cStrings)
OutputDebugStringA(pptxt->lpstr);
return pPolyTextOutA(hdc, pptxt, cStrings);
【问题讨论】:
您应该将您的解决方案添加为答案并接受它,以便将此问题标记为已解决。 【参考方案1】:问题已解决 - 我忘记将 WINAPI 添加到我的函数中。标头必须如下所示: int WINAPI myDrawTextW(HDC, LPCTSTR, int, LPRECT, UINT);
【讨论】:
为我节省了数小时无用的调试 :) 有这个问题,忘记添加 WINAPI。谢谢:)以上是关于使用挂钩函数时应用程序崩溃的主要内容,如果未能解决你的问题,请参考以下文章
尝试挂钩“TerminateProcess”函数时出错。目标进程崩溃。谁能帮我?