问题
I am trying to make a tutorial using the detour library.
In older version of the detour library v1.5 the function DetourFunction was used to define the address so the DLL knows where to look for the function.
It could for example be used as follows:
InsertDateTime = (int (__stdcall*)(int))DetourFunction((PBYTE)0x01006F10, (PBYTE)MyInsertDateTime)
see http://www.moddb.com/groups/ibepex/tutorials/function-hooking
However in newer versions the function is changed to
LONG DetourAttach(
PVOID * ppPointer,
PVOID pDetour
);
where ppPointer is a pointer to the target pointer to which the detour will be attached.
Now since I know the adress of the target function in hex format, 0x01006F10, I want to somehow use that as an argument for ppPointer. I tried to just write:
InsertDateTime = (int (__stdcall*)(int))DetourAttach((PVOID*)0x01006F10, MyInsertDateTime);
and it compiles fine but my program does not work as I thought. It seems that the program never catches the function from that adress.
So basically my question is, did I use the pointer to the hex adress correctly and second, do I have some fundamental mistakes in the way I use DetourAttach()?
回答1:
You are using DetourAttach incorrectly. The correct usage in your case would be:
int(__stdcall* InsertDateTime)(int) = (int(__stdcall*)(int))(0x01006F10);
LONG errorCode = DetourAttach((PVOID*)(&InsertDateTime), (PVOID)MyInsertDateTime);
if(!errorCode) {
//Detour successful
}
Note that in the presence of technologies like ASLR; You should use something like GetProcAddress to retrieve the address of the function at runtime otherwise you are likely to cause corruption or crashes.
来源:https://stackoverflow.com/questions/16981225/how-to-use-detourattach-for-a-pointer-to-a-function-in-hex