描述:
在Win2000SP4下用Detours拦截CreateProcessA和CreateProcessW,然后对新产生的进程用ContinueProcessWithDll注入DLL,拦截CreateProcessA正常,但拦截到CreateProcessW就总是报"0x00000000"指令引用的"0x00000000"内存不能为"read"。为什么?快疯了,好多天没睡好,高手帮帮忙啊
代码如下:
BOOL __stdcall Mine_CreateProcessW(LPCWSTR a0,LPWSTR a1,LPSECURITY_ATTRIBUTES a2,LPSECURITY_ATTRIBUTES a3,BOOL a4,DWORD a5,LPVOID a6,LPCWSTR a7,struct _STARTUPINFOW* a8,LPPROCESS_INFORMATION a9)
{
BOOL rv = 0;
try
{
rv = Real_CreateProcessW(a0, a1, a2, a3, a4, a5, a6, a7, a8, a9);
if (rv)
{
BOOL re = ContinueProcessWithDll(a9->hProcess,"c:\\aa.dll");//就是这句一直报内存错误,CreateProcessA中正常!!!!!
}
}
catch(...)
{
printf("Real_CreateProcessW Exception.");
}
return rv;
}
解决方案1:
加入 ATLASSERT(a9->hProcess == NULL) 试试
解决方案2:在程序中对参数a0,a1,a2...做有效性判断
解决方案3:会不会和aa.dll的编码有关
解决方案4:句柄hProcess是否有效?