写了一个DLL,想HOOK掉目标进程对CreateProcess的调用。结果注入DLL后出错如图
代码:
//DLL Demo
//////////
#include "stdafx.h"
#include <tlhelp32.h>
#include <CAPIHook.h> //一个CAPIHOOK的类
extern CAPIHook g_CreateProcessW;
//在钩子函数中先不做任何处理,直接传递。
BOOL WINAPI Hook_CreateProcessW(LPCTSTR lpApplicationName,LPTSTR lpCommandLine,LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,BOOL bInheritHandles,DWORD dwCreationFlags,LPVOID lpEnvironment,
LPCTSTR lpCurrentDirectory,LPSTARTUPINFO lpStartupInfo,LPPROCESS_INFORMATION lpProcessInformation)
{
typedef BOOL (WINAPI* PFN)(LPCTSTR,LPTSTR,LPSECURITY_ATTRIBUTES,LPSECURITY_ATTRIBUTES,BOOL,DWORD,
LPVOID,LPCTSTR,LPSTARTUPINFO,LPPROCESS_INFORMATION);
BOOL bRet=((PFN)(PROC)g_CreateProcessA)(lpApplicationName,lpCommandLine, lpProcessAttributes, lpThreadAttributes,bInheritHandles,dwCreationFlags,lpEnvironment,
lpCurrentDirectory,lpStartupInfo,lpProcessInformation);
//Other code
//lpApplicationName的值竟然为"C",lpCommandLine值为"\""
return bRet;
}
CAPIHook g_CreateProcess("kernel32.dll","CreateProcessW",(PROC)Hook_CreateProcessW);
//请问各位高手,错出在哪儿?
附件:
4224712007113190322.jpg