I'm attempting to make Detours hooking on CreateFile() by calling notepad.exe. Starting
withdll /d:HookProject.dll "C:\Windows\System32\notepad.exe"
in command prompt, I don't see any traceable dll hook application, but only DLLMain() call from ntdll.dll module (my tracing tool is API Monitor x64). Most likely, something is profoundly wrong with my code, but what is it? So far my complete program looks out like that (whole code belongs an only source file):
#undef UNICODE
#include<windows.h>
#include<cstdio>
#include "C:\Detours\Detours-4.0.1\include\detours.h"
static HANDLE(WINAPI* TrueCreateFileW)(LPCWSTR lpFileName, DWORD
dwDesiredAccess, DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition,
DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile) = CreateFileW;
__declspec(dllexport) HANDLE WINAPI MyCreateFileW(LPCTSTR lpFileName,
DWORD dwDesiredAccess, DWORD dwShareMode,
LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes,
HANDLE hTemplateFile)
{
if ((LPCTSTR)lpFileName == (LPCTSTR)L"C:\TestHook\file.txt")
{
return TrueCreateFileW((LPCWSTR)L"C:\TestHook\file.txt", dwDesiredAccess, dwShareMode, lpSecurityAttributes,
dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
return TrueCreateFileW((LPCWSTR)lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes,
dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
}
BOOL APIENTRY DLLMain(HMODULE hModule, DWORD reason_for_call, LPVOID
lpReserved)
{
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(STARTUPINFO));
ZeroMemory(&pi, sizeof(PROCESS_INFORMATION));
si.cb = sizeof(STARTUPINFO);
char* DirPath = new char[MAX_PATH];
char* DLL_Path = new char[MAX_PATH];
char* DetourPath = new char[MAX_PATH];
GetCurrentDirectory(MAX_PATH, DirPath);
sprintf_s(DLL_Path, MAX_PATH, "%s\\testdll.dll", DirPath);
sprintf_s(DLL_Path, MAX_PATH, "%s\\detoured.dll", DirPath);
DetourCreateProcessWithDll(NULL, (LPSTR)L"C:\Windows\System32\notepad.exe", NULL, NULL, FALSE,
CREATE_DEFAULT_ERROR_MODE, NULL, NULL, &si, &pi, DLL_Path, NULL);
delete[] DirPath;
delete[] DLL_Path;
delete[] DetourPath;
LONG error;
switch (reason_for_call)
{
case DLL_PROCESS_ATTACH:
OutputDebugString((LPSTR)L"Attaching HookingDLL.dll");
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueCreateFileW, MyCreateFileW);
error = DetourTransactionCommit();
if (error == NO_ERROR)
{
OutputDebugString((LPCTSTR)"Hooking attempt succeeded");
}
else
{
OutputDebugString((LPCTSTR)"Hooking attempt failed");
}
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
OutputDebugString((LPCTSTR)"Detaching HookingDLL.dll");
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)TrueCreateFileW, MyCreateFileW);
error = DetourTransactionCommit();
if (error == NO_ERROR)
{
OutputDebugString((LPCTSTR)"Successfully detached hook");
}
else
{
OutputDebugString((LPCTSTR)L"Hook removal has failed");
}
break;
}
return TRUE;
}
What I have tried:
I've been searching for any beginner-friendly tutorial which describes how to do a hook, but everything what I succeeded is this code in which I'm unsure. May be you know where it's possible to access such a step-by-step explanation.
Submit an article or tip