0

我试图从 Ultima Online 客户端 usinf MS Detour 挂钩发送/接收功能。我在那里找到了一个 c++ dll/injector 源,但它不起作用。dll 被注入,但函数没有被钩住。当注入器启动客户端时,dll 抛出 3 框说它被注入并钩住了两个接收/发送,但是当客户端启动通信时没有任何反应

注射器.cpp

#include <windows.h>
#include <detours.h>
#include <cstdio>

#pragma comment(lib,"detours.lib")

int main(int argc, char *argv[])
{
STARTUPINFO si;
PROCESS_INFORMATION pi;

ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;

if(!DetourCreateProcessWithDllEx("D:\\UO\\UO Game\\client.exe", 
                                    NULL, NULL, NULL, TRUE, 
                                    CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
                                    NULL, "D:\\UO\\UO Game\\", &si, &pi, 
                                    "C:\\Users\\Felipe\\Desktop\\mydll\\Debug\\mydll.dll", NULL))
    printf("Failed");
else
    printf("Success");

ResumeThread(pi.hThread);

//WaitForSingleObject(pi.hProcess, INFINITE);

//CloseHandle(&si);
//CloseHandle(&pi);

return EXIT_SUCCESS;
}

dll.cpp

#include <cstdio>
#include <windows.h>
#include <detours.h>

#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")

int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);

FILE* pSendLogFile;
FILE* pRecvLogFile;

BOOL msg_once = false;

int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
{
MessageBoxA(0,"MyRecv",0,0);
return pSend(s, buf, len, flags);
}

int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
{
MessageBoxA(0,"MyRecv",0,0);
return pRecv(s, buf, len, flags);
}

extern "C" __declspec(dllexport) void dummy(void){
return;
}

BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
{
if (!msg_once)
{
    MessageBoxA(0,"loaded",0,0);
    msg_once = true;
}

if (DetourIsHelperProcess()) {
    return TRUE;
}

if (dwReason == DLL_PROCESS_ATTACH) {
    DetourRestoreAfterWith();

    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourAttach(&(PVOID&)pSend, MySend);
    if(DetourTransactionCommit() == NO_ERROR)
        MessageBox(0,"send() detoured successfully","asd",MB_OK);

    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourAttach(&(PVOID&)pRecv, MyRecv);
    if(DetourTransactionCommit() == NO_ERROR)
        MessageBox(0,"recv() detoured successfully","asd",MB_OK);
}
else if (dwReason == DLL_PROCESS_DETACH) {
    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourDetach(&(PVOID&)pSend, MySend);
    DetourTransactionCommit();

    DetourTransactionBegin();
    DetourUpdateThread(GetCurrentThread());
    DetourDetach(&(PVOID&)pRecv, MyRecv);
    DetourTransactionCommit();
}
return TRUE;
}
4

0 回答 0