I changed the EasyHook-Tutorials sample and wrote the program to hook theextoutw.However, when I run notepad.exe, the hook message does not appear.
What's wrong?
The changed code is as follows.
I have not changed anything other than FileMonitorHook.
using System;
using System.Collections.General;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;
namespace FileMonitorHook
{
public class injectionEntryPoint —EasyHook.IEntryPoint
{
ServerInterface_server=null;
Queue<string>_messageQueue=newQueue<string>();
StructureLayout (LayoutKind.Sequential)
public structure RECT
{
public long left;
public long top;
public long right;
public long bottom;
}
publicInjectionEntryPoint(
EasyHook.RemoteHooking.IContext context,
US>string channelName)
{
_server=EasyHooking.RemoteHooking.IpcConnectClient<ServerInterface>(channelName);
_server.Ping();
}
public void Run(
EasyHook.RemoteHooking.IContext context,
US>string channelName)
{
_server.IsInstalled(EasyHook.RemoteHooking.GetCurrentProcessId());
varExtTextOutHook=EasyHook.LocalHook.Create(
EasyHook.LocalHook.GetProcAddress("Gdi32.dll", "ExtTextOutW"),
newExtTextOut_Delegate(ExtTextOut_Hook),
this);
_server.ReportMessage("ExtTextOuthook installed");
EasyHook.RemoteHooking.WakeUpProcess();
try
{
// Loopuntil FileMonitor closures (i.e.IPC fails)
while(true)
{
System.Threading.Thread.Sleep(500);
string [ ] queueed = null;
lock(_messageQueue)
{
queueed=_messageQueue.ToArray();
_messageQueue.Clear();
}
if (queued!=null&queued.Length>0)
{
_server.ReportMessages(queued);
}
else
{
_server.Ping();
}
}
}
catch
{
}
ExtTextOutHook.Dispose();
EasyHook.LocalHook.Release();
}
# region ExtTextOutW Hook
UnmanagedFunctionPointer(CallingConvention.StdCall,
CharSet = CharSet.Unicode,
SetLastError=true)]
delete boolExtTextOut_Delegate(
IntPtrhdc,
int x,
inty,
uint fuOptions,
[In] ref RECT lprc,
string lpString,
uint cbCount,
[In] IntPtrlDx);
[DllImport("Gdi32.dll",
CharSet = CharSet.Unicode,
SetLastError=true, CallingConvention=CallingConvention.StdCall)]
static external bool ExtTextOutW(
IntPtrhdc,
int x,
inty,
uint fuOptions,
[In] ref RECT lprc,
string lpString,
uint cbCount,
[In] IntPtrlDx);
US>boolExtTextOut_Hook(
IntPtrhdc,
int x,
inty,
uint fuOptions,
[In] ref RECT lprc,
string lpString,
uint cbCount,
[In] IntPtrpDx)
{
try
{
lock(this._messageQueue)
{
This._messageQueue.Enqueue("ExtTextOut_Hook called");
}
}
catch
{
}
returnExtTextOutW(
hdc,
x,
y,
fuOptions,
reflprc,
lpString,
cbCount,
lpDx);
}
#endregion
}
}
In Windows 10, notepad.exe does not use ExtTextOutW but TextOutW.
C:\Program Files (x86)\Microsoft Visual Studio 14.0>dumpbin/imports:gdi32.dllc:\windows\notepad.exe
Microsoft® COFF/PE Dumper Version 14.00.24215.1
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file c:\windows\notepad.exe
File Type: EXECUTABLE IMAGE
Section contains the following imports:
GDI32.dll
14001A708 Import Address Table
14001F640 Import Name Table
0 time date stamp
0 Index of first forwarder reference
2C1GetTextFaceW
3D CreateDCW
5E3 StartPage
5E0StartDocW
59E SetAbortProc
156 DeleteDC
168 EndDoc
0 AbortDoc
16C EndPage
2C4GetTextMetricsW
5A5SetBkMode
2D7LPtoDP
5DB SetWindowExtEx
5D7SetViewportExtEx
5BC SetMapMode
2BA GetTextExtentPoint32W
5EE TextOutW
1A5 EnumFontsW
59B SelectObject
15A DeleteObject
4D CreateFontIndirectW
25D GetDeviceCaps
Summary
3000.data
1000.pdata
8000.rdata
1000.reloc
1A000.rsrc
19000.text
© 2024 OneMinuteCode. All rights reserved.