Вопрос Хук RtlGetFullPathName_U

[Jacellen]

Через minhook ставлю хук

typedef ULONG(NTAPI* RtlGetFullPathName_U)(PCWSTR FileName, ULONG Size, PWSTR Buffer, PWSTR* ShortName);
static RtlGetFullPathName_U RtlGetFullPathName_U_ = nullptr;

ULONG NTAPI RtlGetFullPathName_U_t(PCWSTR FileName, ULONG Size, PWSTR Buffer, PWSTR* ShortName)
{
    MessageBoxW(NULL, L"Test...", L"Test", MB_OK);
    return RtlGetFullPathName_U_(FileName, Size, Buffer, ShortName);
}

if (MH_CreateHook(&RtlGetFullPathName_U_, &RtlGetFullPathName_U_t,
            reinterpret_cast<LPVOID*>(&RtlGetFullPathName_U_)) != MH_OK)
        {
            MessageBoxW(NULL, L"1", L"MinHook Sample", MB_OK);
        }

Хук устанавливается, но при вызове RtlGetFullPathName_U_ нет бокса с сообщением

 

[Dimedrol]

if (MH_CreateHook(&RtlGetFullPathName_U_, &RtlGetFullPathName_U_t,
reinterpret_cast<LPVOID*>(&RtlGetFullPathName_U_)) != MH_OK|| EnableHook(RtlGetFullPathName_U_, TRUE) != MH_OK)
{
MessageBoxW(NULL, L"1", L"MinHook Sample", MB_OK);
}

 

[Jacellen]

if (MH_CreateHook(&RtlGetFullPathName_U_, &RtlGetFullPathName_U_t,
reinterpret_cast<LPVOID*>(&RtlGetFullPathName_U_)) != MH_OK|| EnableHook(RtlGetFullPathName_U_, TRUE) != MH_OK)
{
MessageBoxW(NULL, L"1", L"MinHook Sample", MB_OK);
}

Не хукает - 1 пишет (

 

[dagestan5]

Не хукает - 1 пишет (

MH_EnableHook( MH_ALL_HOOKS ) вызываешь?

 

[Jacellen]

MH_EnableHook( MH_ALL_HOOKS ) вызываешь?

нет

// dllmain.cpp : Определяет точку входа для приложения DLL.
#include "framework.h"
#pragma comment(lib, "MinHook.lib")

typedef int (WINAPI* messageboxw)(HWND, LPCWSTR, LPCWSTR, UINT);

// Pointer for calling original MessageBoxW.
messageboxw fpMessageBoxW = NULL;

// Detour function which overrides MessageBoxW.
int WINAPI DetourMessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption, UINT uType)
{
    return fpMessageBoxW(hWnd, L"Hooked!", lpCaption, uType);
}

typedef ULONG(NTAPI* RtlGetFullPathName_U)(PCWSTR FileName, ULONG Size, PWSTR Buffer, PWSTR* ShortName);
static RtlGetFullPathName_U RtlGetFullPathName_U_ = nullptr;

ULONG NTAPI RtlGetFullPathName_U_t(PCWSTR FileName, ULONG Size, PWSTR Buffer, PWSTR* ShortName)
{
    MessageBoxW(NULL, L"Inject...", L"MinHook Sample", MB_OK);
    return RtlGetFullPathName_U_(FileName, Size, Buffer, ShortName);
}

BOOL APIENTRY DllMain(HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved){
    if(ul_reason_for_call == DLL_PROCESS_ATTACH)
    {
        // Initialize MinHook.
        if (MH_Initialize() != MH_OK)
        {
            return 1;
        }

        // Create a hook for MessageBoxW, in disabled state.
        if (MH_CreateHook(&MessageBoxW, &DetourMessageBoxW,
            reinterpret_cast<LPVOID*>(&fpMessageBoxW)) != MH_OK)
        {
            return 1;
        }
        
        // or you can use the new helper function like this.
        //if (MH_CreateHookApiEx(
        //    L"user32", "MessageBoxW", &DetourMessageBoxW, &fpMessageBoxW) != MH_OK)
        //{
        //    return 1;
        //}

        // Enable the hook for MessageBoxW.
        if (MH_EnableHook(&MessageBoxW) != MH_OK)
        {
            return 1;
        }

        // Expected to tell "Hooked!".
        MessageBoxW(NULL, L"Not 1 hooked...", L"MinHook Sample", MB_OK);

        // Disable the hook for MessageBoxW.
        if (MH_DisableHook(&MessageBoxW) != MH_OK)
        {
            return 1;
        }

        // Expected to tell "Not hooked...".
        MessageBoxW(NULL, L"Not hooked...", L"MinHook Sample", MB_OK);

        if (MH_CreateHook(&RtlGetFullPathName_U_, &RtlGetFullPathName_U_t,
            reinterpret_cast<LPVOID*>(&RtlGetFullPathName_U_)) != MH_OK || MH_EnableHook(&RtlGetFullPathName_U_) != MH_OK)
        {
            MessageBoxW(NULL, L"1", L"MinHook Sample", MB_OK);
        }
        else
        {
            MessageBoxW(NULL, L"2", L"MinHook Sample", MB_OK);
        }
        /*// Uninitialize MinHook.
        if (MH_Uninitialize() != MH_OK)
        {
            return 1;
        }*/
    }
    return TRUE;
}

 

[rekted]

isn't RtlGetFullPathName_U_ null? don't you have to "find" it first?

auto RtlGetFullPathName_U_o = reinterpret_cast<RtlGetFullPathName_U>(GetProcAddress(LoadLibraryA("ntdll.dll"), "RtlGetFullPathName_U"));

if (MH_CreateHook(&RtlGetFullPathName_U_o, &RtlGetFullPathName_U_t,
reinterpret_cast<LPVOID*>(&RtlGetFullPathName_U_)))