|
10精币
bool Hook_CreateNamedPipe(bool enable)
{
typedef HANDLE(WINAPI* CreateNamedPipeW_t)(LPCWSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize,
DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes);
static CreateNamedPipeW_t CreateNamedPipeW_old = reinterpret_cast<CreateNamedPipeW_t>(GetProcAddress(GetModuleHandleA("KernelBase"), "CreateNamedPipeW"));
CreateNamedPipeW_t CreateNamedPipeW_hook = [](LPCWSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize,
DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes)->HANDLE
{
#ifdef IS_NEED_VM
VMProtectBegin("Hook_CreateNamedPipe");
#endif // IS_NEED_VM
#ifdef DEBUG_TYPE
switch (DEBUG_TYPE)
{
case KART_NGS_LOG:
case ALL_LOG:
MyDbgPrintFun("Hook_CreateNamedPipe_NGS:%S, nMaxInstances:%d", lpName, nMaxInstances);
break;
}
#endif // DEBUG_TYPE
// 即核心思想是: 取当前NamedServer的进程ID或者NamedClient的进程ID来做为重新命名的命名管道
if (wcsstr(lpName, L"\\\\.\\pipe\\XXXX"))
{
const wchar_t *theBCNumberPoint = wcsstr(lpName, L"1"); // 命名管道特征
lpName = L"\\\\.\\pipe\\";
int 追加游戏进程BufferSize = 1 + log10(游戏进程ID);
追加游戏进程BufferSize += 1 + log10(游戏线程ID);
追加游戏进程BufferSize += 13;//XXXX\\占13个字符
追加游戏进程BufferSize += lstrlenW(theBCNumberPoint) + 1;// 将XX每个服务器的命名拷贝回来
wchar_t *追加游戏进程ID = new wchar_t[追加游戏进程BufferSize];
StringCchPrintfW(追加游戏进程ID, 追加游戏进程BufferSize, L"%d%dXXXX\\", 游戏进程ID, 游戏线程ID);
StringCchCatW(追加游戏进程ID, 追加游戏进程BufferSize, theBCNumberPoint);
wchar_t *newObjectName = new wchar_t[lstrlenW(lpName) + 追加游戏进程BufferSize + 1];
wmemset(newObjectName, 0, lstrlenW(lpName) + 追加游戏进程BufferSize + 1);
StringCchCopyNW(newObjectName, lstrlenW(lpName) + 追加游戏进程BufferSize + 1, lpName, lstrlenW(lpName) + 1);
StringCchCatW(newObjectName, lstrlenW(lpName) + 追加游戏进程BufferSize + 1, 追加游戏进程ID);
#ifdef DEBUG_TYPE
switch (DEBUG_TYPE)
{
case KART_NGS_LOG:
case ALL_LOG:
MyDbgPrintFun("Hook_CreateNamedPipe_NGS:%S,%d, dwPipeMode:%d, dwOpenMode:%d", newObjectName, lstrlenW(newObjectName), dwPipeMode, dwOpenMode);
break;
}
#endif // DEBUG_TYPE
return CreateNamedPipeW_old(newObjectName, dwOpenMode, dwPipeMode, nMaxInstances, nOutBufferSize, nInBufferSize, nDefaultTimeOut, NULL);
}
#ifdef IS_NEED_VM
VMProtectEnd();
#endif // IS_NEED_VM
return CreateNamedPipeW_old(lpName, dwOpenMode, dwPipeMode, nMaxInstances, nOutBufferSize, nInBufferSize, nDefaultTimeOut, lpSecurityAttributes);
};
return DetourFunction(enable, reinterpret_cast<void**>(&CreateNamedPipeW_old), CreateNamedPipeW_hook);
}
|
|