我试图写一个简单的挂钩类,在目标地址安装一个钩子返回true和迂回流入自定义函数。C++ memcpy的,没有变化
Main.cpp的
#include "SingleHook.h"
#include <iostream>
using namespace std;
void originalFunction()
{
cout << "originalFunction()" << endl;
}
void fakeFunction()
{
cout << "fakeFunction()" << endl;
}
void main()
{
SingleHook sHook((DWORD)originalFunction, (DWORD)fakeFunction);
originalFunction(); //Should call the original function
sHook.InstallHook();
originalFunction(); //Should call the fake function
sHook.UninstallHook();
originalFunction(); //Should again call the original function
cin.get();
}
SingleHook.h
#pragma once
#define HLength 6
#include <windows.h>
class SingleHook {
private:
void* hookTarget;
byte originalBytes[HLength];
byte hookBytes[HLength];
public:
SingleHook(DWORD originalFunction, DWORD targetFunction)
{
//backing up original bytes
::memcpy(originalBytes, &originalFunction, HLength);
//generating hook bytes
hookBytes[0] = 0x68; //push
hookBytes[1] = ((byte*)targetFunction)[0];
hookBytes[2] = ((byte*)targetFunction)[1];
hookBytes[3] = ((byte*)targetFunction)[2];
hookBytes[4] = ((byte*)targetFunction)[3];
hookBytes[5] = 0xC3; //retn
//setting up hook target
hookTarget = &originalFunction;
}
void* InvokeOriginalFunction(...);
void InstallHook();
void UninstallHook();
};
SingleHook.cpp
#include "SingleHook.h"
void* SingleHook::InvokeOriginalFunction(...)
{
UninstallHook();
//TODO INVOKE ORIGINAL SOMEHOW
InstallHook();
return nullptr;
}
void SingleHook::InstallHook()
{
DWORD oldProt;
::VirtualProtect(hookTarget, HLength, PAGE_EXECUTE_READWRITE, &oldProt);
::memcpy(hookTarget, hookBytes, HLength);
::VirtualProtect(hookTarget, HLength, oldProt, nullptr);
}
void SingleHook::UninstallHook()
{
DWORD oldProt;
::VirtualProtect(hookTarget, HLength, PAGE_EXECUTE_READWRITE, &oldProt);
::memcpy(hookTarget, originalBytes, HLength);
::VirtualProtect(hookTarget, HLength, oldProt, nullptr);
}
现在的问题是叔当我安装钩子,并尝试呼叫originalFunction()
它仍然进入原来的功能,并没有打电话给fakeFunction()
...我仔细检查了代码,一切似乎都很好,但必须有一个陷阱。
你的标题是没有意义的。 'memcpy()'不返回一个布尔值,并且在这段代码中没有任何地方可以检查它返回的结果。 – EJP