【发布时间】:2018-04-30 19:36:42
【问题描述】:
当我运行我的程序时,它成功地创建了文件,但是当我尝试将我的 CreateFile API 注入我的程序时,它显示异常
Exception thrown: read access violation.
pbCode was nullptr.
我在各个网站上进行了搜索,但仍然无法找到问题
这是 hooked CreateFile 的代码
_CreateFile TrueCreateFile =
(_CreateFile)GetProcAddress(GetModuleHandle(L"kernel32"), "CreateFile");
HANDLE WINAPI HookCreateFile(
_In_ LPCTSTR lpFileName,
_In_ DWORD dwDesiredAccess,
_In_ DWORD dwShareMode,
_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes,
_In_ DWORD dwCreationDisposition,
_In_ DWORD dwFlagsAndAttributes,
_In_opt_ HANDLE hTemplateFile)
{
HANDLE out = TrueCreateFile((LPCTSTR)"C:\\Users\\abc\\bar.txt",
dwDesiredAccess,
dwShareMode,
lpSecurityAttributes,
dwCreationDisposition,
dwFlagsAndAttributes,
hTemplateFile);
return out;
}
挂钩 CreateFile
void hook_CreateFile()
{
HANDLE hProc = NULL;
if (Mhook_SetHook((PVOID*)&TrueCreateFile, HookCreateFile)) {
// Now call OpenProcess and observe NtOpenProcess being redirected
// under the hood.
hProc = OpenProcess(PROCESS_ALL_ACCESS,
FALSE, GetCurrentProcessId());
if (hProc) {
printf("Successfully opened CreateFile: %p\n", hProc);
CloseHandle(hProc);
}
else {
printf("Could not open CreateFile: %d\n", GetLastError());
}
}
}
【问题讨论】:
-
GetProcAddress 是否返回非 NULL 值?你试过
CreateFileW吗? -
不,我没有用 CreateFileW 尝试过
-
当我尝试使用 CreateFileW 时,异常没有显示,但文件也没有创建