我在让我的方法挂钩工作时遇到了一些问题。如果“我”调用被钩住的方法,我可以让钩子工作。但是当它在进程操作过程中自然发生时,它不会被钩住。我的问题可能源于我实际上是在我自己产生的线程中设置这些钩子。显然 LhSetInclusiveACL() 方法需要知道您要挂钩的线程。好吧,这是我的问题...
我真的不在乎哪个线程应用了钩子,我希望它们都被钩住。例如,假设我希望“gdi32.dll”库中的 CreateICW() 方法与整个进程“iexplorer.exe”挂钩。不仅来自线程 ID 号 48291 或其他。要知道哪些线程将调用您感兴趣的挂接例程,需要对您挂接的进程的内部工作有深入的了解。我推测这通常是不可行的,对我来说当然也不可行。因此,我不可能先验地知道需要挂钩哪些线程 ID。
以下代码取自“UnmanageHook”示例:
extern "C" int main(int argc, wchar_t* argv[])
{
//...
//...
//...
/*
The following shows how to install and remove local hooks...
*/
FORCE(LhInstallHook(
GetProcAddress(hUser32, "MessageBeep"),
MessageBeepHook,
(PVOID)0x12345678,
hHook));
// won't invoke the hook handler because hooks are inactive after installation
MessageBeep(123);
// activate the hook for the current thread
// This is where I believe my problem is. ACLEntries is
// supposed to have a list of thread IDs that should pay
// attention to the MessageBeep() hook. Entries that are
// "0" get translated to be the "current" threadID. I want
// ALL threads and I don't want to have to try to figure out
// which threads will be spawned in the future for the given
// process. The second parameter is InThreadCount. I'm
// kind of shocked that you can't just pass in 0 or -1 or
// something for this parameter and just have it hook all
// threads in that given process.
FORCE(LhSetInclusiveACL(ACLEntries, 1, hHook));
// will be redirected into the handler...
MessageBeep(123);
//...
//...
//...
}
我在 LhSetInclusiveACL() 方法调用中添加了一些注释来解释这种情况。LhSetExclusiveACL() 和这些方法的“全局”版本似乎也没有帮助。
LhSetExclusiveACL 的文档供参考:
/***********************************************************************
Sets an exclusive hook local ACL based on the given thread ID list.
Global and local ACLs are always intersected. For example if the
global ACL allows a set “G” of threads to be intercepted, and the
local ACL allows a set “L” of threads to be intercepted, then the
set “G L” will be intercepted. The “exclusive” and “inclusive”
ACL types don’t have any impact on the computation of the final
set. Those are just helpers for you to construct a set of threads.
EASYHOOK_NT_EXPORT LhSetExclusiveACL(
ULONG* InThreadIdList,
ULONG InThreadCount,
TRACED_HOOK_HANDLE InHandle);
Parameters:
InThreadIdList
An array of thread IDs. If you specific zero for an
entry in this array, it will be automatically replaced
with the calling thread ID.
InThreadCount
The count of entries listed in the thread ID list. This
value must not exceed MAX_ACE_COUNT!
InHandle
The hook handle whose local ACL is going to be set.
Return values:
STATUS_INVALID_PARAMETER_2
The limit of MAX_ACE_COUNT ACL is violated by the given buffer.
***********************************************************************/
我用错了吗?我想这就是大多数实现如何使用这个库的方式,那么为什么这对我不起作用?