我正在尝试使用最新的 32 位 Detours 库将 DLL 注入新进程。
http://research.microsoft.com/en-us/projects/detours/
它过去对我有用,但在更改 DLL 后,它停止对所有进程工作。当我恢复该过程时,我会收到一个消息框
应用程序无法正确启动 (0xc000007b)。单击确定关闭应用程序。
我已经使用注入的普通空 DLL 重新创建了它,除了 kernel32.dll 之外没有其他依赖项。对于其他可执行文件,它可以完美运行。
知道为什么会发生这种情况吗?
事实证明,问题在于我使用 Detours 注入的 DLL 确实有任何导出。一旦我添加了一个虚拟导出,一切都运行良好。
I don't know what the documentation looked like at the time you encountered this but based on a dummy export apparently working around the problem and the current documentation, you probably missed some requirements stated in Detouring 32-bit and 64-bit Processes. Unfortunately it says to do things without explaining how the pieces fit together.
Detours expects your helper DLL to export DetourFinishHelperProcess with ordinal 1. This isn't a function you define yourself. It will get compiled into your DLL as a result of calling DetourIsHelperProcess in your DllMain function as shown in the Using Detours sample.