Home > Software engineering >  Hook API functions such as startdoc under processing question?
Hook API functions such as startdoc under processing question?

Time:10-11

Before Posting this, I already have some research about hook API, and reference to the inside of the senior "Windows programming" code, API function of printer did the custom processing, 

 

DWORD Hook_StartDocW (__in HDC HDC, __in CONST DOCINFOW * lpdi) 
{
DWORD hRtn=0; 
Cstrings mesg. 
TCHAR proName [MAX_PATH]=_T (" "); 
TCHAR fileName [MAX_PATH]=_T (" "); 

HANDLE proHandle=GetCurrentProcess (); 
HMODULE proMoule; 
DWORD cbNeeded; 

EnumProcessModules (proHandle, & amp; ProMoule, sizeof (proMoule), & amp; CbNeeded); 
GetModuleFileName (proMoule, proName, MAX_PATH); 
Lstrcpy (fileName, lpdi - & gt; LpszDocName); 

Mesg +=_T (" print banned, \ n process: "); 
Mesg +=proName; 
Mesg +=_T (" \ n file name: "); 
Mesg +=fileName; 

ChMB (CT2A (mesg)); 

Return StartDocW (HDC, lpdi);//here is meant to be called the original API function to continue printing operations, I thought of here isn't actually write or call 
//the current processing function? Because in the current process has been done to startDoc function function addresses changes, let its address 
//points to the current address Hook_StartDocW handler, then here to call startDoc system function, must put the module in the address table in modified 
//come back? 
}


The above is my understanding and doubt, please correct me,

CodePudding user response:

Reference WinAPIOverride32 source code related fragments,

CodePudding user response: 

 

BOOL Hook_WritePrinter (__in HANDLE hPrinter, __in LPVOID pbufs, __in DWORD cbBuf, __out LPDWORD pcWritten) 
{
BOOL falg; 
CAPIHook: : ReplaceIATEntryInAllMods (g_WritePrinter. M_pszCalleeModName, g_WritePrinter. M_pfnHook, g_WritePrinter m_pfnOrig); 

Falg=WritePrinter (hPrinter, pbufs cbBuf, pcWritten); 

CAPIHook: : ReplaceIATEntryInAllMods (g_WritePrinter. M_pszCalleeModName, g_WritePrinter. M_pfnOrig, g_WritePrinter m_pfnHook); 

Return the falg; 
}




reference 1st floor zhao4zhong1 response:
references WinAPIOverride32 source code fragments, related to the


Hello, can you help me to analysis under the code above is there a problem? Is in the inside of the Windows core programming code on the basis of the change, you must be very familiar with this code of Windows core programming,

Processing writePrinter function, replace the real system API function address first, and then call writePrinter function, after use in replacing their API function addresses,

But in the process of actual test, there is no normal printing, printing is blocked,

CodePudding user response:

Although I have not a real one API Hook, but I know if you want to adjust Hook API such programs, need to view the corresponding assembly instruction, need to focus on calling conventions, the stack balancing, 32-bit/64 - bit, the thread context, writing log debug,...

DLL export function name the things
Key words: vc + + DLL export functions
Often use VC6 Dependency check the name of the DLL export functions, can find the name of the DLL export functions are sometimes very different, the cause of different mostly and compile DLL when specified by the qualifier with the DLL export functions,
Vc + + to support two languages: C/C + +, this also is the root cause of the differences in the DLL export functions
We use VS2008 new DLL project, a project called "TestDLL"
The default source file suffix. CPP instead. C (C)
Enter the test code is as follows:
01 int _stdcall MyFunction (int iVariant)
02 {
03 return 0;
04}
In order to export the function above, we have the following several methods:
1. Using the traditional (. The module definition file (def)
A new suffix for. Def text file (here to build a TestDll. Def), the file content is:
The LIBRARY TestDll
EXPORTS
MyFunction
When the Link specified depends on input file:/DEF: "TestDll. DEF
"2. Visual c + + provides convenient way
Join before 01 done int __declspec (dllexport) keyword
Through the above two methods, we can export MyFunction function,
We use the Dependency check the exported functions:
The first method the exported functions as follows:
MyFunction
The second method the exported functions as follows:
_MyFunction @ 4
__stdcall can make the export function to add an underscore the names, followed a @ plus the number of bytes parameters, such as _MyFunction @ 4 parameters (int iVariant) is 4 bytes
__fastcall as __stdcall similar, but not in front of the underline, but a @, such as @ MyFunction @ 4
__cdecl is beginning the function name,
Summary: if you want to export the function in the C file, and don't let the compiler function name, def file is used to derive the function,
Let's take a look at c + + files
We use VS2008 new DLL project, a project called "TestDLL"
The default source file suffix for the CPP (namely c + + files),
Enter the test code is as follows:
01 int _stdcall MyFunction (int iVariant)
02 {
03 return 0;
04}
In order to export the function above, we have the following several methods:
3. Use the traditional (. The module definition file (def)
A new suffix for. Def text file (here to build a TestDll. Def), the file content is:
The LIBRARY TestDll
EXPORTS
MyFunction
When the Link specified depends on input file:/DEF: "TestDll. DEF
"4. Visual c + + provides convenient way
Join before 01 done int __declspec (dllexport) keyword
Through the above two methods, we can export MyFunction function,
We use the Dependency check the exported functions:
The first method the exported functions as follows:
MyFunction
The second method the exported functions as follows:
? MyFunction @ @ YGHH @ Z
Can see the second method to get the export function name is not what we want, and if used display method in exe MyFunction (LoadLibrary and GetProcAddress call) call will fail,
But with the import library (*. LIB) calls, the compiler automatically convert the function name, so there is no problem, always
Solve the problem of method is:
Using VC preprocessor directive to "# pragma" option to specify links,
As follows:
# pragma comment (would, "/EXPORT: MyFunction=? MyFunction @ @ YGHH @ Z ")
At this moment, you will find the exported function name in the table have we want MyFunction, but we found the original? MyFunction @ @ YGHH @ Z function is still there, then you can put the __declspec () modified to remove, you just need to pragma directive,
But also can make the following format:
# pragma comment (would/EXPORT: MyFunction=_MyFunction @ 4, "PRIVATE")
The role of PRIVATE and its role in the def file, more # pragram please see MSDN,
Summary: if you want to export functions in c + + files, and don't let the compiler function name, def file is used to derive the function,
At the same time can use the # pragma instruction can also be used in (C),
Conclusion:
In c + + compiler to generate DLL, adaptation, the name of the exported functions and different compiler USES adaptation rules are different, so the adaptation after name are different (typically involves the overloading in c + +, etc.),
If using different compiler generated DLL and visit DLL exe program respectively, the latter in to access the DLL's exported functions can be a problem, as above case MyFunction () function in c + + compiler adapted after's name is? MyFunction @ @ YGHH @ Z, we hope that the name of the compiled no change, there are several methods,
The first method is through a called DEF module definition files to resolve,
The LIBRARY TestDll
EXPORTS
MyFunction
LIBRARY is used to specify dynamic link LIBRARY internal name, the name and generate dynamic link LIBRARY name must match, this code is not necessary,
EXPORTS illustrates the DLL will export function, as well as for the export function specified symbol name,
The second is to define the exported functions plus qualifiers: extern "C"
Such as: # define DLLEXPORT_API extern "C" _declspec (dllexport)
But extern "C" only solved the call between C and C + + language problems (extern "C" is tells the compiler, and make it the way the C compiler), it can only be used for export global function this kind of situation and cannot export a class member function,
If the export function calling conventions change at the same time, even using extern "C", the compiled function name will change, for example above we join _stdcall keyword description calling conventions (standard calling conventions, namely WINAPI calling convention),
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull

Page link:https//www.codepudding.com/Softwareengineering/61565.html

Prev:MFC OnTimer () be destroyed after how to automatically perform the following statement
Next:About the relation of vc6 toolbar and menu bar
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding