T
testman
Unregistered / Unconfirmed
GUEST, unregistred user!
以下贴出全部代码,仅仅是监视窗口创建并写出log文件。Dll加载,卸载,挂钩,解钩都能正常打出log,并且成对儿出现。 <br>该释放的都释放了。 <br>实在不解,为什么还是会导致资源管理器(explorer.exe)和任务管理器(taskmgr.exe)出错。 <br>hook过程中,没有任何错误。只是在把主程序关掉后,才可能出现错误。各位测试的时候注意一下,谢谢。 <br>初次发贴,有不合适之处还请多多谅解。<br>按照如下方式操作,就会出现错误:<br>先打开任务管理器(别关掉),执行主程序,挂钩,打开几个有窗口的程序(别关掉),退出主程序。 <br>任务栏鼠标右键->任务管理器,出错。 <br><br>我这里只要这么操作,就一定出错。<br><br>library makeErr;<br>uses <br> Messages, <br> Classes, <br> SysUtils, <br> Windows, <br> Dialogs, <br> ComServ, <br> theMain in 'theMain.pas'; <br>exports <br> DllGetClassObject, <br> DllCanUnloadNow, <br> DllRegisterServer, <br> DllUnregisterServer; <br>{$R *.RES} <br>const <br> HookMemFileName = 'DllHookMemFile.DTA'; <br>var PShare: PShareMem; <br> MapHandle: THandle; <br>function CallWndProc(nCode: Integer; WParam: WPARAM; LParam: LPARAM): LRESULT; stdcall; <br>var winStruct: TCWPStruct; <br>begin <br> winStruct := PCWPSTRUCT(LParam)^; <br> if nCode >= 0 then <br> begin <br> if winStruct.message = WM_SHOWWINDOW then <br> begin <br> SaveInfo('发现窗口创建:::' + inttostr(winStruct.hwnd)); <br> end; <br> end; <br> Result := CallNextHookEx(0, nCode, WParam, LParam); <br>end; <br>procedure StartHook; stdcall; <br>begin <br> if PShare^.HookHandle = 0 then <br> begin <br> PShare^.HookHandle := SetWindowsHookEx(WH_CALLWNDPROC, PShare^.HookProc, hinstance, 0); <br> SaveInfo('钩子启动完毕,钩子句柄:::' + inttostr(PShare^.HookHandle)); <br> end; <br>end; <br>procedure StopHook; stdcall; <br>var unhookResult: Boolean; <br>begin <br> if PShare^.HookHandle <> 0 then <br> begin <br> unhookResult := UnhookWindowsHookEx(PShare^.HookHandle); <br> if unhookResult then <br> begin <br> PShare^.HookHandle := 0; <br> SaveInfo('钩子卸载完毕'); <br> end <br> else <br> SaveInfo('钩子卸载失败'); <br> end <br> else <br> SaveInfo('PShare^.HookHandle为空:::' + inttostr(PShare^.HookHandle)); <br>end; <br>procedure DllEntry(dwReason: DWORD); <br>begin <br> case dwReason of <br> DLL_PROCESS_ATTACH: <br> begin <br> saveinfo('run in DLL_PROCESS_ATTACH'); <br> end; <br> DLL_PROCESS_DETACH: <br> begin <br> saveinfo('dll 卸载,MapHandle:::' + inttostr(MapHandle)); <br> UnmapViewOfFile(PShare); <br> closehandle(MapHandle); <br> SaveInfo('共享内存关闭'); <br> end; <br> end; <br>end; <br>exports StartHook, StopHook; <br>begin <br> DisableThreadLibraryCalls(HInstance); <br> MapHandle := OpenFileMapping(FILE_MAP_ALL_ACCESS, False, pchar(HookMemFileName)); <br> if MapHandle = 0 then <br> begin <br> MapHandle := CreateFileMapping($FFFFFFFF, nil, PAGE_READWRITE, 0, SizeOf(TShareMem), pchar(HookMemFileName)); <br> end; <br> PShare := MapViewOfFile(MapHandle, FILE_MAP_ALL_ACCESS, 0, 0, 0); <br> PShare^.HookProc := @CallWndProc; <br> DllProc := @DllEntry; <br>end. <br><br>theMain.pas:<br><br>unit theMain; <br>interface <br>uses <br> Windows,SysUtils; <br>type <br> THookProc = function(nCode: integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall; <br> PShareMem = ^TShareMem; <br> TShareMem = packed record <br> Data: String[255]; <br> HookHandle:HHook; <br> ModuleHandle:THandle; <br> HookProc: THookProc; <br> end; <br>procedure SaveInfo(str: string); stdcall; <br>implementation <br>procedure SaveInfo(str: string); stdcall; <br>var <br> f: textfile; <br>begin <br> assignfile(f,'d:/Records.txt'); <br> if FileExists('d:/Records.txt') = false then rewrite(f) <br> else append(f); <br> writeln(f, str); <br> closefile(f); <br>end; <br>initialization <br>finalization <br>end. <br>unit theMain;<br>interface<br>uses<br> Windows,SysUtils;<br>type<br> THookProc = function(nCode: integer; wParam: WPARAM; lParam: LPARAM): LRESULT; stdcall;<br> PShareMem = ^TShareMem;<br> TShareMem = packed record<br> Data: String[255];<br> HookHandle:HHook;<br> ModuleHandle:THandle;<br> HookProc: THookProc;<br> end;<br>procedure SaveInfo(str: string); stdcall;<br>implementation<br>procedure SaveInfo(str: string); stdcall;<br>var<br> f: textfile;<br>begin<br> assignfile(f,'d:/Records.txt');<br> if FileExists('d:/Records.txt') = false then rewrite(f)<br> else append(f);<br> writeln(f, str);<br> closefile(f);<br>end;<br>initialization<br>finalization<br>end.<br><br><br>主程序:<br><br>unit MainForm; <br>interface <br>uses <br> Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, <br> Dialogs, StdCtrls; <br>type <br> TForm1 = class(TForm) <br> Button1: TButton; <br> Button2: TButton; <br> procedure Button1Click(Sender: TObject); <br> procedure FormClose(Sender: TObject; var Action: TCloseAction); <br> private <br> { Private declarations } <br> procedure SaveInfo(str: string); <br> public <br> { Public declarations } <br> end; <br>//procedure StartHook; stdcall; external 'makeErr.dll' name 'StartHook'; <br>//procedure StopHook; stdcall; external 'makeErr.dll' name 'StopHook'; <br>var <br> Form1: TForm1; <br> StartHookrocedure; stdcall; <br> StopHookrocedure; stdcall; <br> moduleHandle : THandle; <br>implementation <br>{$R *.dfm} <br>procedure TForm1.Button1Click(Sender: TObject); <br>begin <br> moduleHandle := loadlibrary(pchar('makeErr.dll')); <br> StartHook := GetProcAddress(moduleHandle, 'StartHook'); <br> StopHook := GetProcAddress(moduleHandle, 'StopHook'); <br> if @StartHook<>nil then StartHook; <br>end; <br>procedure TForm1.SaveInfo(str: string); <br>var <br> f: textfile; <br>begin <br> assignfile(f,'d:/Records.txt'); <br> if FileExists('d:/Records.txt') = false then rewrite(f) <br> else append(f); <br> writeln(f, str); <br> closefile(f); <br>end; <br>procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction); <br>begin <br> SaveInfo('开始卸载钩子'); <br> if @StopHook<>nil then <br> StopHook <br> else <br> SaveInfo('未找到卸载函数'); <br> <br> freelibrary(moduleHandle); <br>// closehandle(moduleHandle); <br> SaveInfo('关闭主程序'); <br>end; <br>end.