在 python 中使用 easyhook 时抛出退出代码 0xC0000005
throw exit code 0xC0000005 when using easyhook in python
我正尝试在 python 中使用 easyhook,这是我的代码
# Hook/EasyHook.py
from ctypes import *
from ctypes.util import find_library
from pathlib import Path
c_ulong_p = POINTER(c_ulong)
c_void_pp=POINTER(c_void_p)
res_path = str(Path(__file__).parent / 'res' / 'EasyHook64.dll')
lib_path = find_library(res_path)
clib = cdll.LoadLibrary(lib_path)
class TRACED_HOOK_HANDLE(Structure):
_fields_ = [("Link", c_void_p)]
lh_install_hook = clib.LhInstallHook
lh_install_hook.restype = c_ulong
lh_install_hook.argtypes = [c_void_p, c_void_p, c_void_p, TRACED_HOOK_HANDLE]
# some definition of other functions...
if __name__ == '__main__':
from ctypes.wintypes import *
t_dll = CDLL('User32.dll')
test=lambda:t_dll.MessageBoxW(None, 'hi content!', 'hi title!', 0)
test()
interface=CFUNCTYPE(c_int, HWND, LPCWSTR, LPCWSTR, UINT)
def fake_function(handle, title, message, flag):
return t_original(handle, "hooked "+title, "hooked "+message, flag)
t_hook_info = TRACED_HOOK_HANDLE(None)
if lh_install_hook(t_dll.MessageBoxW, interface(fake_function), None, byref(t_hook_info)):
raise Exception("Hook error[%s]:\n%s" % (rtl_get_last_error(), rtl_get_last_error_string()))
# error occur here and the program terminate
# some other tests...
尝试后,当 运行 lh_install_hook 调用并且没有任何异常打印时,它退出代码 0xC0000005
然后我尝试在通过
注入C++程序后使用那些Api
lh_install_hook(func_address, interface(hook_function), None, byref(hook_info))
其中func_address是目标调用的实际地址,导致
python38.dll+24174
_ctypes.pyd+A48D
python38.dll+33E00
python38.dll+3DA6E
_ctypes.pyd+3C69
_ctypes.pyd+38AB
python38.dll+507F5
python38.dll+491C8
有什么办法可以做到吗运行?
编辑:
这是我在 C++ 程序中的代码注入和 运行
# Hook/__init__.py
from .EasyHook import *
class Hook(object):
def __init__(self, func_address: int):
self.enabled = False
self.hook_info = TRACED_HOOK_HANDLE(None)
self._ACLEntries = (c_ulong * 1)(0)
self.ACLEntries = cast(self._ACLEntries, POINTER(c_ulong))
interface = CFUNCTYPE(self.restype, *self.argtypes)
def hook_function(*args):
return self.hook_function(*args)
if lh_install_hook(func_address, interface(hook_function), None, byref(self.hook_info)):
raise LocalHookError()
# error occur here and the program terminate
# some other codes...
restype = c_void_p
argtypes = []
def hook_function(self, *args):
return self.original(*args)
# main.py
from Hook import Hook
from ctypes import *
from ctypes.wintypes import *
class kernel32_beep_hook(Hook):
restype = c_bool
argtypes = [DWORD,DWORD]
def hook_function(self, a1, a2):
if logger is not None:
logger.log('beep_hook','%s,%s'%(a1,a2))
return self.original(a1,a2)
# some skip codes
addr=kernel32.GetProcAddress(kernel32_module,b"Beep")
ctypes.windll.kernel32.Beep(500,500)
hook=kernel32_beep_hook(addr)
# error occur here and the program terminate
根据[GitHub]: EasyHook/EasyHook - (master) EasyHook/Public/easyhook.h:
typedef struct _HOOK_TRACE_INFO_
{
PLOCAL_HOOK_INFO Link;
}HOOK_TRACE_INFO, *TRACED_HOOK_HANDLE;
TRACED_HOOK_HANDLE 实际上是一个指针(虽然它的名字暗示相反),因此你的 lh_install_hook.argtypes(1st 片段)不正确。应该是:
lh_install_hook.argtypes = [c_void_p, c_void_p, c_void_p, POINTER(TRACED_HOOK_HANDLE)]
从技术上讲,您 运行 变成了 。
关于没有抛出异常,也许 应该能说明一些问题。
这应该可以解决问题,至少是主要问题。我不确定是否还有其他人,因为我没有安装(或构建).lib,所以我没有 运行 您的代码。
我的知识非常有限(所以这可能完全是胡说八道),但一个可能产生问题的地方是 TRACED_HOOK_HANDLE->Link初始化为 NULL.
我正尝试在 python 中使用 easyhook,这是我的代码
# Hook/EasyHook.py
from ctypes import *
from ctypes.util import find_library
from pathlib import Path
c_ulong_p = POINTER(c_ulong)
c_void_pp=POINTER(c_void_p)
res_path = str(Path(__file__).parent / 'res' / 'EasyHook64.dll')
lib_path = find_library(res_path)
clib = cdll.LoadLibrary(lib_path)
class TRACED_HOOK_HANDLE(Structure):
_fields_ = [("Link", c_void_p)]
lh_install_hook = clib.LhInstallHook
lh_install_hook.restype = c_ulong
lh_install_hook.argtypes = [c_void_p, c_void_p, c_void_p, TRACED_HOOK_HANDLE]
# some definition of other functions...
if __name__ == '__main__':
from ctypes.wintypes import *
t_dll = CDLL('User32.dll')
test=lambda:t_dll.MessageBoxW(None, 'hi content!', 'hi title!', 0)
test()
interface=CFUNCTYPE(c_int, HWND, LPCWSTR, LPCWSTR, UINT)
def fake_function(handle, title, message, flag):
return t_original(handle, "hooked "+title, "hooked "+message, flag)
t_hook_info = TRACED_HOOK_HANDLE(None)
if lh_install_hook(t_dll.MessageBoxW, interface(fake_function), None, byref(t_hook_info)):
raise Exception("Hook error[%s]:\n%s" % (rtl_get_last_error(), rtl_get_last_error_string()))
# error occur here and the program terminate
# some other tests...
尝试后,当 运行 lh_install_hook 调用并且没有任何异常打印时,它退出代码 0xC0000005
然后我尝试在通过
注入C++程序后使用那些Apilh_install_hook(func_address, interface(hook_function), None, byref(hook_info))
其中func_address是目标调用的实际地址,导致
python38.dll+24174
_ctypes.pyd+A48D
python38.dll+33E00
python38.dll+3DA6E
_ctypes.pyd+3C69
_ctypes.pyd+38AB
python38.dll+507F5
python38.dll+491C8
有什么办法可以做到吗运行?
编辑: 这是我在 C++ 程序中的代码注入和 运行
# Hook/__init__.py
from .EasyHook import *
class Hook(object):
def __init__(self, func_address: int):
self.enabled = False
self.hook_info = TRACED_HOOK_HANDLE(None)
self._ACLEntries = (c_ulong * 1)(0)
self.ACLEntries = cast(self._ACLEntries, POINTER(c_ulong))
interface = CFUNCTYPE(self.restype, *self.argtypes)
def hook_function(*args):
return self.hook_function(*args)
if lh_install_hook(func_address, interface(hook_function), None, byref(self.hook_info)):
raise LocalHookError()
# error occur here and the program terminate
# some other codes...
restype = c_void_p
argtypes = []
def hook_function(self, *args):
return self.original(*args)
# main.py
from Hook import Hook
from ctypes import *
from ctypes.wintypes import *
class kernel32_beep_hook(Hook):
restype = c_bool
argtypes = [DWORD,DWORD]
def hook_function(self, a1, a2):
if logger is not None:
logger.log('beep_hook','%s,%s'%(a1,a2))
return self.original(a1,a2)
# some skip codes
addr=kernel32.GetProcAddress(kernel32_module,b"Beep")
ctypes.windll.kernel32.Beep(500,500)
hook=kernel32_beep_hook(addr)
# error occur here and the program terminate
根据[GitHub]: EasyHook/EasyHook - (master) EasyHook/Public/easyhook.h:
typedef struct _HOOK_TRACE_INFO_
{
PLOCAL_HOOK_INFO Link;
}HOOK_TRACE_INFO, *TRACED_HOOK_HANDLE;
TRACED_HOOK_HANDLE 实际上是一个指针(虽然它的名字暗示相反),因此你的 lh_install_hook.argtypes(1st 片段)不正确。应该是:
lh_install_hook.argtypes = [c_void_p, c_void_p, c_void_p, POINTER(TRACED_HOOK_HANDLE)]
从技术上讲,您 运行 变成了
关于没有抛出异常,也许
这应该可以解决问题,至少是主要问题。我不确定是否还有其他人,因为我没有安装(或构建).lib,所以我没有 运行 您的代码。
我的知识非常有限(所以这可能完全是胡说八道),但一个可能产生问题的地方是 TRACED_HOOK_HANDLE->Link初始化为 NULL.