我正在挂钩函数,即IFileOperation :: CopyItems来实现文件复制监控.我的代码在
windows-7 32位机器上运行完美,但它在
Windows-7 64位机器上崩溃请帮助我,我的代码如下.
PVOID GetInterfaceMethod(PVOID intf,DWORD methodIndex)
{
return *(PVOID*)(*(DWORD*)intf + methodIndex * 4);
}
typedef HRESULT (WINAPI *CopyItemsNext)(IFileOperation * pThis,IUnknown *punkItems,IShellItem *psiDestinationFolder);
CopyItemsNext Real_CopyItems = NULL;
CopyItemsNext Actual_CopyItems;
HRESULT WINAPI CopyItemsCallback(IFileOperation * pThis,IShellItem *psiDestinationFolder)
{
MessageBoxW(NULL,L"CopyItems Function Called",L"HookedCopyItemS",MB_OK);
return Real_CopyItems(pThis,punkItems,psiDestinationFolder);
}
HRESULT WINAPI CoCreateInstanceCallback(REFCLSID rclsid,LPUNKNOWN pUnkOuter,DWORD dwClsContext,REFIID riid,LPVOID *ppv)
{
const char *IFileOperation_GUID = "{3AD05575-8857-4850-9277-11B85BDB8E09}";
char GUIDString[64];
HRESULT HR = Real_CoCreateInstance(rclsid,pUnkOuter,dwClsContext,riid,ppv);
sprintf_s(GUIDString,64,"{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}\0",rclsid.Data1,rclsid.Data2,rclsid.Data3,rclsid.Data4[0],rclsid.Data4[1],rclsid.Data4[2],rclsid.Data4[3],rclsid.Data4[4],rclsid.Data4[5],rclsid.Data4[6],rclsid.Data4[7]);
if(strcmp(GUIDString,IFileOperation_GUID) == 0)
{
MessageBoxA(NULL,"IFileOperation_GUID Found",GUIDString,MB_OK);
if(Real_CopyItems == NULL)
{
Actual_CopyItems = (CopyItemsNext)GetInterfaceMethod(*ppv,17);
MessageBoxA(NULL,"AFTER GetInterfaceMethod","TEST",MB_OK);
if (MH_CreateHook(Actual_CopyItems,&CopyItemsCallback,reinterpret_cast<void**>(&Real_CopyItems)) != MH_OK)
{
MessageBoxW(NULL,L"Failed CreateHook Real_CopyItem",L"Info!",MB_ICONWARNING|MB_OK);
}
if (MH_EnableHook(Actual_CopyItems) != MH_OK)
{
MessageBoxW(NULL,L"Failed EnableHook Real_CopyItem",MB_ICONWARNING|MB_OK);
}
}
}
return HR;
}
//DllMain Function
BOOL APIENTRY DllMain(HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if (MH_Initialize() != MH_OK)
{
MessageBoxW(NULL,L"Failed Initialize",MB_ICONWARNING|MB_OK);
}
if (MH_CreateHook(&CoCreateInstance,&CoCreateInstanceCallback,reinterpret_cast<void**>(&Real_CoCreateInstance)) != MH_OK)
{
MessageBoxW(NULL,L"Failed MH_CreateHook CoCreateInstance",MB_ICONWARNING|MB_OK);
}
if (MH_EnableHook(&CoCreateInstance) != MH_OK)
{
MessageBoxW(NULL,L"Failed MH_EnableHook StartDocA",MB_ICONWARNING|MB_OK);
}
break;
case DLL_PROCESS_DETACH:
if (MH_Uninitialize() != MH_OK)
{
}
if (MH_DisableHook(Actual_CopyItems) != MH_OK)
{
}
if (MH_DisableHook(&CoCreateInstance) != MH_OK)
{
}
break;
}
return TRUE;
}
虽然我得到的是Windows-7 64位的调试,但它在返回时会在GetInterfaceMethod()函数内部崩溃,请通过它查找我的代码plz有什么问题.
解决方法
也许你应该使用return *(PVOID *)(*(DWORD_PTR *)intf methodIndex);在x64上.指针将增加指针大小,即8个字节.
