Easyhook 调试出错误，求用过的前辈指教，长期在线等答案。

问题描述

看了Easyhook的教程中的监控进程写文件的例子程序。想改写一下，但是调试总是不通。求用过easyhook的前辈帮我看下是代码的问题，还是可能是引用库不全的问题。困扰好久了，求解答。这是更换API的代码几乎没动因为想先调通这个例子的代码，再改变成我想要的hook操作。usingSystem;usingSystem.Collections.Generic;usingSystem.Text;usingSystem.Threading;usingSystem.Runtime.InteropServices;usingSystem.Runtime.Remoting;usingEasyHook;usingFileMon;namespaceFileMonInject{publicclassMain:EasyHook.IEntryPoint{FileMon.FileMonInterfaceInterface;LocalHookCreateFileHook;Stack<String>Queue=newStack<String>();publicMain(RemoteHooking.IContextInContext,StringInChannelName){//connecttohost...Interface=RemoteHooking.IpcConnectClient<FileMon.FileMonInterface>(InChannelName);}publicvoidRun(RemoteHooking.IContextInContext,StringInChannelName){//installhook...try{//LocalHook.Create:创建一个托管/非托管hook，之后需要用设置ThreadACL属性来激活它。CreateFileHook=LocalHook.Create(LocalHook.GetProcAddress("kernel32.dll","CreateFileW"),newDCreateFile(CreateFile_Hooked),this);CreateFileHook.ThreadACL.SetExclusiveACL(newInt32[]{0});}catch(ExceptionExtInfo){Interface.ReportException(ExtInfo);return;}Interface.IsInstalled(RemoteHooking.GetCurrentProcessId());//等待host进程结束...RemoteHooking.WakeUpProcess();//newaddtry{while(true){Thread.Sleep(500);//传送最新监视到的文件访问...if(Queue.Count>0){String[]Package=null;lock(Queue){Package=Queue.ToArray();Queue.Clear();}Interface.OnCreateFile(RemoteHooking.GetCurrentProcessId(),Package);}elseInterface.Ping();}}catch{//NETRemotingwillraiseanexceptionifhostisunreachable}}[UnmanagedFunctionPointer(CallingConvention.StdCall,CharSet=CharSet.Unicode,SetLastError=true)]delegateIntPtrDCreateFile(StringInFileName,UInt32InDesiredAccess,UInt32InShareMode,IntPtrInSecurityAttributes,UInt32InCreationDisposition,UInt32InFlagsAndAttributes,IntPtrInTemplateFile);//justuseaP-InvokeimplementationtogetnativeAPIaccess//fromC#(thisstepisnotnecessaryforC++.NET)[DllImport("kernel32.dll",CharSet=CharSet.Unicode,SetLastError=true,CallingConvention=CallingConvention.StdCall)]//在托管代码中定义非托管函数的申明staticexternIntPtrCreateFile(StringInFileName,UInt32InDesiredAccess,UInt32InShareMode,IntPtrInSecurityAttributes,UInt32InCreationDisposition,UInt32InFlagsAndAttributes,IntPtrInTemplateFile);//thisiswhereweareinterceptingallfileaccesses!staticIntPtrCreateFile_Hooked(StringInFileName,UInt32InDesiredAccess,UInt32InShareMode,IntPtrInSecurityAttributes,UInt32InCreationDisposition,UInt32InFlagsAndAttributes,IntPtrInTemplateFile){try{MainThis=(Main)HookRuntimeInfo.Callback;lock(This.Queue){This.Queue.Push(InFileName);}}catch{}//calloriginalAPI...returnCreateFile(InFileName,InDesiredAccess,InShareMode,InSecurityAttributes,InCreationDisposition,InFlagsAndAttributes,InTemplateFile);}}}

下面是另一篇代码usingSystem;usingSystem.Collections.Generic;usingSystem.Runtime.Remoting;usingSystem.Text;usingEasyHook;usingSystem.Windows.Forms;namespaceFileMon{publicclassFileMonInterface:MarshalByRefObject{publicvoidIsInstalled(Int32InClientPID){Console.WriteLine("FileMonhasbeeninstalledintarget{0}.rn",InClientPID);}publicvoidOnCreateFile(Int32InClientPID,String[]InFileNames){for(inti=0;i<InFileNames.Length;i++){Console.WriteLine(InFileNames[i]);}}publicvoidReportException(ExceptionInInfo){Console.WriteLine("Thetargetprocesshasreported"+"anerror:rn"+InInfo.ToString());}publicvoidPing(){}}classProgram{staticStringChannelName=null;staticvoidMain(string[]args){#regionLoadtheTargetExeNameStringProName="null";//要监控的exe名字ProNameConsole.WriteLine("Pleaseinputthetargetexename:");ProName=Console.ReadLine();intpid=Moniter.Exe_Pid(ProName);Console.WriteLine("TheTargetPIDis:{0}",pid);Console.ReadKey();#endregionInt32TargetPID=pid;try{try{Config.Register("AFileMonlikedemoapplication.","FileMon.exe","FileMonInject.dll");//Config.Registr:InstallsEasyHookandallgivenuserNETassembliesintotheGACandensuresthatallreferencesarecleanedupiftheinstallingapplicationisshutdown.//Cleanupdoesnotdependonthecallingapplication...}catch(ApplicationExceptionex){MessageBox.Show("Thisisanadministrativetask!"+ex.Message,"Permissiondenied...",MessageBoxButtons.OK);System.Diagnostics.Process.GetCurrentProcess().Kill();}RemoteHooking.IpcCreateServer<FileMonInterface>(refChannelName,WellKnownObjectMode.SingleCall);//IpcCreateServer:Createsagloballyreachable,managedIPC-PortRemoteHooking.Inject(TargetPID,"FileMonInject.dll","FileMonInject.dll",ChannelName);//RemoteHooking.Inject:Injectsthegivenuserlibraryintothetargetprocess.//Inject的参数应与Run的参数精准匹配。ChannelName匹配Run()中inChannerName位置置位符Console.ReadLine();}catch(ExceptionExtInfo){Console.WriteLine("Therewasanerrorwhileconnecting"+"totarget:rn{0}",ExtInfo.ToString());}}}}

以及一篇自己写的用来告诉easyhookhook哪个进程的类，比如输入QQ，会返回QQ的PID传入给hookusingSystem;usingSystem.Collections.Generic;usingSystem.Linq;usingSystem.Text;usingSystem.Diagnostics;namespaceFileMon{//StringProName="ConsoleApplication1";//intpid=Exe_Pid(ProName);//Console.WriteLine(pid);//Console.ReadKey();publicclassMoniter{publicstaticintExe_Pid(stringExe_Name){intpid=-1;Process[]p=Process.GetProcessesByName(Exe_Name);//该进程名称是进程的友好名称，如Outlook，不包括.exe扩展名或路径。for(inti=0;i<p.Length;i++){if(p[i].ProcessName==Exe_Name){pid=p[i].Id;//这个就是进程的ID}}returnpid;}}}

编译生成都没问题，但是调试时候会出现错误：System.ApplicationException:Unabletowaitforserviceapplicationduetotimeout

解决方案