我绕过LoadLibraryA,为了阻止函数被调用到我的应用程序中。它是为了阻止'注入'。如果你从未见过这些,请参考着名的CDetour图书馆。appcrash绕行时LoadLibraryA
它挂钩了加载库函数,甚至成功返回,也阻止未知的dll被加载到内存中。有小费吗?
bool (__stdcall* LoadLibraryA) (LPCSTR);
bool LoadLibraryADetoured(LPCSTR szMsg)
{
if(strcmp(szMsg, "MyAllowedDll.dll"))
return TRUE;
return FALSE;
}
INT APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID Reserved)
{
switch(dwReason)
{
case DLL_PROCESS_ATTACH:
{
DWORD dwRetAddress = (DWORD)GetProcAddress(GetModuleHandleA("kernel32.dll"), "LoadLibraryA");
ZChatInput = (bool (__stdcall*) ())LoadLibraryA((PBYTE)dwRetAddress, (PBYTE)LoadLibraryADetoured);
DisableThreadLibraryCalls(hModule);
break;
}
case DLL_THREAD_ATTACH:
case DLL_PROCESS_DETACH:
DetourRemove((PBYTE)dwRetAddress, (PBYTE)LoadLibraryADetoured);
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
'LoadLibraryA'不带2个参数 – Dani