64位hook GetVolumeInformationA 改参数 - 精易论坛

[C++] 纯文本查看 复制代码
#include <windows.h>

#include <detours.h>

#include <iostream>



// 原始的 GetVolumeInformationA 函数指针

typedef BOOL(WINAPI* PGETVOLUMEINFORMATIONA)(

    LPCSTR lpRootPathName,

    LPSTR lpVolumeNameBuffer,

    DWORD nVolumeNameSize,

    LPDWORD lpVolumeSerialNumber,

    LPDWORD lpMaximumComponentLength,

    LPDWORD lpFileSystemFlags,

    LPSTR lpFileSystemNameBuffer,

    DWORD nFileSystemNameSize);



PGETVOLUMEINFORMATIONA Real_GetVolumeInformationA = nullptr;



// 自定义的 GetVolumeInformationA 实现

BOOL WINAPI My_GetVolumeInformationA(

    LPCSTR lpRootPathName,

    LPSTR lpVolumeNameBuffer,

    DWORD nVolumeNameSize,

    LPDWORD lpVolumeSerialNumber,

    LPDWORD lpMaximumComponentLength,

    LPDWORD lpFileSystemFlags,

    LPSTR lpFileSystemNameBuffer,

    DWORD nFileSystemNameSize)

{

    std::cout << "Hooked GetVolumeInformationA called!" << std::endl;



    // 调用原始的 GetVolumeInformationA 函数

    return Real_GetVolumeInformationA(

        lpRootPathName,

        lpVolumeNameBuffer,

        nVolumeNameSize,

        lpVolumeSerialNumber,

        lpMaximumComponentLength,

        lpFileSystemFlags,

        lpFileSystemNameBuffer,

        nFileSystemNameSize);

}



int main()

{

    // 初始化 Detours

    DetourRestoreAfterWith();

    DetourTransactionBegin();

    DetourUpdateThread(GetCurrentThread());



    // 获取原始的 GetVolumeInformationA 函数地址

    Real_GetVolumeInformationA = (PGETVOLUMEINFORMATIONA)GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetVolumeInformationA");



    // HOOK GetVolumeInformationA 函数

    if (Real_GetVolumeInformationA && DetourAttach(&(PVOID&)Real_GetVolumeInformationA, My_GetVolumeInformationA))

    {

        std::cout << "Successfully hooked GetVolumeInformationA." << std::endl;

    }

    else

    {

        std::cerr << "Failed to hook GetVolumeInformationA." << std::endl;

        return -1;

    }



    // 提交事务

    DetourTransactionCommit();



    // 测试调用 GetVolumeInformationA

    char volumeName[MAX_PATH];

    DWORD serialNumber;

    DWORD maxComponentLength;

    DWORD fileSystemFlags;

    char fileSystemName[MAX_PATH];



    if (GetVolumeInformationA("C:\\", volumeName, sizeof(volumeName), &serialNumber, &maxComponentLength, &fileSystemFlags, fileSystemName, sizeof(fileSystemName)))

    {

        std::cout << "Volume Name: " << volumeName << std::endl;

    }

    else

    {

        std::cerr << "Failed to get volume information." << std::endl;

    }



    // 恢复原始的 GetVolumeInformationA 函数

    DetourTransactionBegin();

    DetourUpdateThread(GetCurrentThread());

    DetourDetach(&(PVOID&)Real_GetVolumeInformationA, My_GetVolumeInformationA);

    DetourTransactionCommit();



    return 0;

}