0

我尝试使用 Detour 库来挂钩 CreateThread()函数。但由于一些错误,它不会工作。最后只调用CreateThread函数而不是直接调用,我自己构造DLL。在 DLL 构造和程序编译期间。它不会返回任何错误。但是,在运行时它会停止。

测试dll.cpp

#include <windows.h>

BOOL _stdcall DllMain( HANDLE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
{
    return TRUE;
}

extern "C" _declspec(dllexport) bool _stdcall C_thread(LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId)
{
    HANDLE hThread;
    DWORD threadID;
    hThread = CreateThread(lpThreadAttributes,dwStackSize,lpStartAddress,lpParameter,dwCreationFlags,lpThreadId);
    return hThread;
}

通过使用上面的 testdll.cpp,我正在构建 DLL。

cl /nologo /W3 /Ox /Zi /MD /LD test.cpp

链接 /DEBUG /SUBSYSTEM:WINDOWS /ENTRY:DllMain /OUT:testdll_temp.dll /DEF:test.def testdll_temp.obj kernel32.lib

testcall.cpp //* 主程序 *//

#include<stdio.h>
#include<windows.h>

DWORD WINAPI ThreadFun(LPVOID param)
{
    printf("hi");
    return 0;
}

int main()
{
    HANDLE h;   
    DWORD threadID;
    typedef bool (_stdcall *CALL_A)(LPSECURITY_ATTRIBUTES lpThreadAttributes,SIZE_T dwStackSize,LPTHREAD_START_ROUTINE lpStartAddress,LPVOID lpParameter,DWORD dwCreationFlags,LPDWORD lpThreadId);
    printf("Creating Handle");
    HINSTANCE hinstDLL;
    BOOL fFreeDLL;

    printf("\nLoading library test.dll .... ");

    hinstDLL = LoadLibrary("testdll.dll");
    if (hinstDLL != NULL)
    {
        printf("\nLibrary loaded\n");
        CALL_A C_thread;
        C_thread = (CALL_A)GetProcAddress(hinstDLL,"C_thread"); 
        if (C_thread != NULL)
        {
            printf("lets see, it calling");
            HANDLE a = C_thread(NULL, 0, ThreadFu, NULL, 0, &threadID);
            printf("working");
        }
        else
        {
            printf("Address not found ");
        }
        fFreeDLL = FreeLibrary(hinstDLL);
    }    
    else
        printf("Library not found");
    return 0;
}

即使我编译了这个, cl /Zi testcall.cpp

但我运行 testcall.exe 文件。库已正确加载,但是在执行以下行时,它停止了。

HANDLE a = C_thread(NULL, 0, ThreadFu, NULL, 0, &threadID);

我正在使用 Visual-C++ 命令提示符(不是 GUI)。请帮我解决这个问题。如果有的话,请纠正我。

4

1 回答 1

0

您的程序具有未定义的行为。创建线程时,不能保证它立即运行。即使它立即运行,您在线程中的theFreeLibrary和运行时调用之间也存在竞争条件。printf

您的主线程必须等到辅助线程终止:

    CALL_A C_thread;
    C_thread = (CALL_A)GetProcAddress(hinstDLL,"C_thread"); 

    if (C_thread != NULL)
    {
        printf("lets see, it calling");
        HANDLE a = C_thread(NULL, 0, ThreadFu, NULL, 0, &threadID);
        printf("working");

        if (WaitForSingleObject(a, some_time_or_infinite) != WAIT_OBJECT_0)
        {
            // this is dirty since the thread has probable no chance to release resources.
            TerminateThread(hThread);
        }
    }
    else
    {
        printf("Address not found ");
    }

    fFreeDLL = FreeLibrary(hinstDLL);
于 2014-03-21T07:38:31.587 回答