EasyHook DrawTextW user32.dll中注射，應用程序崩潰

Question

我使用EasyHook太勾DrawTextW電話，同時用記事本進行測試時，如果我打開幫助 - >關於，它捕獲所有預期出現在屏幕上的文字。但是，如果我打開文件 - >打開，記事本崩潰。我不指望它捕捉任何文本，但我不明白爲什麼記事本崩潰。任何幫助，將不勝感激。

using EasyHook; 
using System; 
using System.Text; 
using System.Runtime.InteropServices; 
using System.Threading; 
using UI; 

namespace MyClassLibrary 
{ 
    public class Main : IEntryPoint 
    { 
     [StructLayout(LayoutKind.Sequential)] 
     public struct HDC__ 
     { 
      public int unused; 
     } 

     [StructLayout(LayoutKind.Sequential)] 
     public struct tagRECT 
     { 
      public int left; 
      public int top; 
      public int right; 
      public int bottom; 
     } 

     [DllImport("user32.dll", EntryPoint = "DrawTextW")] 
     public static extern int DrawTextW([In()] IntPtr hdc, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpchText, int cchText, ref tagRECT lprc, uint format); 


     [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)] 
     public delegate int TDrawTextW(
      [In()] IntPtr hdc, 
      [MarshalAs(UnmanagedType.LPWStr)] 
      StringBuilder lpchText, 
      int cchText, 
      ref tagRECT lprc, 
      uint format); 


     static string ChannelName; 
     RemoteMon Interface; 

     LocalHook DrawTextWHook; 
     public Main(RemoteHooking.IContext InContext, String InChannelName) 
     { 
      try 
      { 
       Interface = RemoteHooking.IpcConnectClient<RemoteMon>(InChannelName); 
       ChannelName = InChannelName; 
       Interface.IsInstalled(RemoteHooking.GetCurrentProcessId()); 
      } 
      catch (Exception ex) 
      { 
       Interface.ErrorHandler(ex); 
      } 
     } 

     static int hkDrawTextW(
        [In()] IntPtr hdc, 
        [MarshalAs(UnmanagedType.LPWStr)] 
        StringBuilder lpchText, 
        int cchText, 
        ref tagRECT lprc, 
        uint format) 
     { 
      try 
      { 
       ((Main)HookRuntimeInfo.Callback).Interface.GotDrawTextW(lpchText); 
       return DrawTextW(hdc, lpchText, cchText, ref lprc, format); 
      } 
      catch (Exception ex) 
      { 
       ((Main)HookRuntimeInfo.Callback).Interface.ErrorHandler(ex); 
       return 0; 
      } 
     } 

     public void Run(RemoteHooking.IContext InContext, String InChannelName) 
     { 
      try 
      { 
       DrawTextWHook = LocalHook.Create(LocalHook.GetProcAddress("user32.dll", "DrawTextW"), 
               new TDrawTextW(hkDrawTextW), this); 
       DrawTextWHook.ThreadACL.SetExclusiveACL(new Int32[] { 0 }); 
      } 
      catch (Exception ex) 
      { 
       Interface.ErrorHandler(ex); 
      } 
      try 
      { 
       RemoteHooking.WakeUpProcess(); 
      } 
      catch (Exception ex) 
      { 
       Interface.ErrorHandler(ex); 
      } 
      while (true) 
      { 
       Thread.Sleep(10000); 
      } 
     } 
    } 
} 

Answer 1

有與文本編組到一個StringBuilder當打開對話框顯示出有問題。我不是100％確定的原因，但也許COM初始化字符串和malloc初始化字符串之間的區別？根據他們的底層內存是如何初始化的，我在過去經歷過字符串編組問題。

的解決方案是使用一個字符串代替一個StringBuilder的文本參數。用字符串參數替換外部代碼和其他合適的區域：

[DllImport("user32.dll", EntryPoint = "DrawTextW")] 
    public static extern int DrawTextW([In()] IntPtr hdc, [MarshalAs(UnmanagedType.LPWStr)] String lpchText, int cchText, ref tagRECT lprc, uint format); 

    [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = true)] 
    public delegate int TDrawTextW(
     [In()] IntPtr hdc, 
     [MarshalAs(UnmanagedType.LPWStr)] 
     String lpchText, 
     int cchText, 
     ref tagRECT lprc, 
     uint format); 

    static int hkDrawTextW(
       [In()] IntPtr hdc, 
       [MarshalAs(UnmanagedType.LPWStr)] 
       String lpchText, 
       int cchText, 
       ref tagRECT lprc, 
       uint format) 
    { 
     ... 
    }