registry - 在 C++ Builder 中使用 Delphi detours 全局挂钩注册表
问题描述
我正在尝试使用 Detours 使用全局挂钩来挂钩注册表调用我使用此代码,但是当我运行其他 C++ Builder 应用程序时,它一直给我异常。我不知道我应该将什么SetWindowsHookEx作为钩子类型传递给。
这里的想法是我想捕获任何打开特定 reg 密钥的 exe,例如SOFTWARE\\CloudBackendServices,所以我在这里创建这个钩子,并从另一个应用程序打开这个 reg 密钥,但是每当我运行另一个应用程序时,它会因 DllHook.dll 中的访问冲突而崩溃. 当我附加 RegOpenKeyEx 的宽字符“RegOpenKeyExW”版本时会引发错误,但是当我使用 ansistring 版本时根本没有错误,但钩子没有捕获任何内容。
我在这里做错了什么?
这是代码:
DLL代码:
#include <vcl.h>
#include <windows.h>
#include <System.Win.Registry.hpp>
#include "DDetours.hpp"
#include "ClangCpp.h"
#pragma hdrstop
#pragma argsused
#define DLLExport __stdcall __declspec(dllexport)
unique_ptr<TStringList> str(new TStringList);
TMemo *Logger = NULL;
HHOOK hKeyHook;
//---------------------------------------------------------------------------
typedef LSTATUS (*THookedRegOpenKeyExA)(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
typedef LSTATUS (*THookedRegOpenKeyExW)(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
typedef LSTATUS (*THookedRegOpenKeyEx)(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
THookedRegOpenKeyExA HookedRegOpenKeyExA;
THookedRegOpenKeyExW HookedRegOpenKeyExW;
THookedRegOpenKeyEx HookedRegOpenKeyEx;
LSTATUS MyRegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyEx(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult);
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) void InstallDetour()
{
//BeginHooks();
if (HookedRegOpenKeyEx == nullptr)
HookedRegOpenKeyEx = (THookedRegOpenKeyEx)InterceptCreate(&RegOpenKeyEx, &MyRegOpenKeyEx);
//if (HookedRegOpenKeyExA == nullptr)
// HookedRegOpenKeyExA = (THookedRegOpenKeyExA)InterceptCreate(&RegOpenKeyExA, &MyRegOpenKeyExA);
//
//if (HookedRegOpenKeyExW == nullptr)
// HookedRegOpenKeyExW = (THookedRegOpenKeyExW)InterceptCreate(&RegOpenKeyExW, &MyRegOpenKeyExW);
//
//EndHooks();
str->Add("Reg Hook Installed");
str->SaveToFile("logfile.txt");
}
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) void UninstallDetour()
{
//BeginUnHooks();
if (HookedRegOpenKeyExA != nullptr)
{
InterceptRemove(HookedRegOpenKeyExA);
HookedRegOpenKeyExA = nullptr;
}
if (HookedRegOpenKeyExW != nullptr)
{
InterceptRemove(HookedRegOpenKeyExW);
HookedRegOpenKeyExW = nullptr;
}
//EndUnHooks();
str->Add("Reg Hook Uninstalled");
str->SaveToFile("logfile.txt");
}
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyExA(HKEY hKey,LPCSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult)
{
//String Key = lpSubKey;
//if (Pos("SOFTWARE\\CloudBackendServices",Key) != 0)
Logger->Lines->Add(lpSubKey);
//Application->ProcessMessages();
//return RegOpenKeyExA(hKey,lpSubKey,ulOptions,samDesired,phkResult);
}
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyExW(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult)
{
//String Key = lpSubKey;
//if (Pos("SOFTWARE\\CloudBackendServices",Key) != 0)
Logger->Lines->Add(lpSubKey);
//Application->ProcessMessages();
//return RegOpenKeyExW(hKey,lpSubKey,ulOptions,samDesired,phkResult);
}
//---------------------------------------------------------------------------
LSTATUS MyRegOpenKeyEx(HKEY hKey,LPCWSTR lpSubKey,DWORD ulOptions,REGSAM samDesired,
Winapi::Windows::PHKEY phkResult)
{
//String Key = lpSubKey;
//if (Pos("SOFTWARE\\CloudBackendServices",Key) != 0)
Logger->Lines->Add(lpSubKey);
//return RegOpenKeyExW(hKey,lpSubKey,ulOptions,samDesired,phkResult);
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) LRESULT CALLBACK KeyEvent(int nCode, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx(NULL, nCode, wParam, lParam);
}
//---------------------------------------------------------------------------
extern "C" __stdcall __declspec(dllexport) void SetControl(TMemo* aLogger, HHOOK aKeyHook)
{
Logger = aLogger;
Logger->Lines->Add("Logger Assigned");
hKeyHook = aKeyHook;
}
//---------------------------------------------------------------------------
/*extern "C" __stdcall __declspec(dllexport) */int WINAPI DllEntryPoint(HINSTANCE hinst, unsigned long reason, void* lpReserved)
{
if (DLL_PROCESS_ATTACH == reason)
{
str->Clear();
InstallDetour();
}
else if (DLL_PROCESS_DETACH == reason)
{
UninstallDetour();
}
return 1;
}
主钩子应用程序:
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include "MainU.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TMain *Main;
//---------------------------------------------------------------------------
__fastcall TMain::TMain(TComponent* Owner)
: TForm(Owner)
{
hDll = LoadLibrary(L"DllHook.dll");
if (hDll == NULL)
throw Exception("Load dll error");
KeyEvent = (HOOKPROC) GetProcAddress(hDll, "KeyEvent");
if (KeyEvent == NULL)
throw Exception("KeyEvent function error");
DoSetControl = (TSetControl)GetProcAddress(hDll, "SetControl");
if (DoSetControl == NULL)
throw Exception("SetControl function error");
hKeyHook = SetWindowsHookEx(WH_CBT,(HOOKPROC) KeyEvent, hDll, 0);
DoSetControl(Logger, hKeyHook);
}
//---------------------------------------------------------------------------
void __fastcall TMain::FormDestroy(TObject *Sender)
{
UnhookWindowsHookEx(hKeyHook);
FreeLibrary(hDll);
}
//---------------------------------------------------------------------------
void __fastcall TMain::Button1Click(TObject *Sender)
{
SetRootKey(HKEY_LOCAL_MACHINE);
OpenKey("SOFTWARE\\CloudBackendServices",false);
CloseKey();
}
//---------------------------------------------------------------------------
解决方案
推荐阅读
- codenameone - CodenameOne 调用 Start() 方法使应用程序崩溃
- list - 列表的成员,总结以前的成员列表序言
- arrays - R中的数组列表排序
- javascript - 嵌套数据中的 D3 v4 更新,最好的方法
- neo4j - 在 Neo4j 的 Dijkstra 算法中使用多次属性
- angularjs - 无法在 angularjs 控制器中注入 $uibModal?
- javascript - 视差背景图像似乎被剪切了
- html - 增加引导导航栏的大小
- javascript - javascript 如何使用样式属性找到哪些元素包含背景图像
- c - if 语句在 while 循环中不起作用