16,472
社区成员
发帖
与我相关
我的任务
分享[HOOK求助]对EnumPrinterW下钩子
我想HOOK EnumPrinterW函数,为什么总是没有效呀
高手帮忙指正一下,重分答谢
高手帮忙指正一下,重分答谢
//使用Detours库的
#include <windows.h>
#include <Winspool.h>
#include <detours.h> //*IMPORTANT: Look at path if compiler error
#pragma comment(lib, "detoured.lib")
#pragma comment(lib, "detours.lib")
//Prototypes
BOOL (WINAPI *pEnumPrintersW)(DWORD,LPWSTR,DWORD,LPBYTE,DWORD,LPDWORD,LPDWORD) = EnumPrintersW;
BOOL WINAPI MyEnumPrintersW(DWORD,LPWSTR,DWORD,LPBYTE,DWORD,LPDWORD,LPDWORD);
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH: //Do standard detouring
DisableThreadLibraryCalls((HMODULE)hModule);
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pEnumPrintersW, MyEnumPrintersW);
if(DetourTransactionCommit() == NO_ERROR)
OutputDebugString("EnumPrinters detoured successfully");
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin(); //Detach
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pEnumPrintersW, MyEnumPrintersW);
DetourTransactionCommit();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
extern "C" _declspec(dllexport) int InstallHook()
{
return 1;
}
BOOL WINAPI MyEnumPrintersW(DWORD Flags,LPWSTR Name,DWORD Level,LPBYTE pPrinterEnum,DWORD cbBuf,LPDWORD pcbNeeded,LPDWORD pcReturned)
{
::MessageBox(NULL, "Success", "Notify", MB_OK);
return pEnumPrintersW(Flags,Name,Level,pPrinterEnum,cbBuf,pcbNeeded,pcReturned);
}
...全文
请发表友善的回复…
发表回复
蓉城浮世 2010-04-29
- 打赏
- 举报
已搞定。
windows的文档真不全。 应该hook winspool.drv里面的EnumPrinterW函数
windows的文档真不全。 应该hook winspool.drv里面的EnumPrinterW函数
尹成 2010-04-29
- 打赏
- 举报
帖子都沉底了,帮楼主顶下
蓉城浮世 2010-04-29
- 打赏
- 举报
两种都没有效果,高手指点一下
蓉城浮世 2010-04-29
- 打赏
- 举报
//使用跳转的
#include <windows.h>
#include <stdio.h>
#include <Winspool.h>
#define SIZE 6
typedef BOOL (WINAPI *pEnumPrintersW)(DWORD,LPWSTR,DWORD,LPBYTE,DWORD,LPDWORD,LPDWORD);
BOOL WINAPI MyEnumPrintersW(DWORD,LPWSTR,DWORD,LPBYTE,DWORD,LPDWORD,LPDWORD);
void BeginRedirect(LPVOID);
pEnumPrintersW pOrigEPWAddress = NULL;
BYTE oldBytes[SIZE] = {0};
BYTE JMP[SIZE] = {0};
DWORD oldProtect, myProtect = PAGE_EXECUTE_READWRITE;
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
pOrigEPWAddress = (pEnumPrintersW)GetProcAddress(LoadLibrary("Spoolss.dll"), "EnumPrintersW");
if(pOrigEPWAddress == NULL)
return FALSE;
//BeginRedirect(MyMessageBoxW);
break;
case DLL_PROCESS_DETACH:
memcpy(pOrigEPWAddress, oldBytes, SIZE);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
extern "C" _declspec(dllexport) int InstallHook()
{
if(pOrigEPWAddress != NULL)
BeginRedirect(MyEnumPrintersW);
else
return 0;
return 1;
}
void BeginRedirect(LPVOID newFunction)
{
BYTE tempJMP[SIZE] = {0xE9, 0x90, 0x90, 0x90, 0x90, 0xC3};
memcpy(JMP, tempJMP, SIZE);
DWORD JMPSize = ((DWORD)newFunction - (DWORD)pOrigEPWAddress - 5);
VirtualProtect((LPVOID)pOrigEPWAddress, SIZE,
PAGE_EXECUTE_READWRITE, &oldProtect);
memcpy(oldBytes, pOrigEPWAddress, SIZE);
memcpy(&JMP[1], &JMPSize, 4);
memcpy(pOrigEPWAddress, JMP, SIZE);
VirtualProtect((LPVOID)pOrigEPWAddress, SIZE, oldProtect, NULL);
}
BOOL WINAPI MyEnumPrintersW(DWORD Flags,LPWSTR Name,DWORD Level,LPBYTE pPrinterEnum,DWORD cbBuf,LPDWORD pcbNeeded,LPDWORD pcReturned)
{
MessageBox(NULL, "1", "2", MB_OK);
VirtualProtect((LPVOID)pOrigEPWAddress, SIZE, myProtect, NULL);
memcpy(pOrigEPWAddress, oldBytes, SIZE);
BOOL retValue = EnumPrintersW(Flags,Name,Level,pPrinterEnum,cbBuf,pcbNeeded,pcReturned);
memcpy(pOrigEPWAddress, JMP, SIZE);
VirtualProtect((LPVOID)pOrigEPWAddress, SIZE, oldProtect, NULL);
return retValue;
}
