search

stevemk14ebr / PolyHook_2_0

C++20, x86/x64 Hooking Libary v2.0
MIT License
1.6k stars 226 forks source link

Does x86Detour seem not to work for external DLL calls? #173

Closed bbsuuo closed 1 year ago

bbsuuo commented 1 year ago

I use koaloader to hijack DLLs, and then I try to hook a series of functions such as LoadLibrary

This is my code:

include "hook.h"

include "logger.h"

include "polyhook2/Detour/x86Detour.hpp"

include "polyLogger.h"

include "utill.h"

namespace ts::hook { using namespace ts;

// The type of LoadLibraryA, LoadLibraryW, LoadLibraryExA and LoadLibraryExW functions
typedef HMODULE(WINAPI* LoadLibraryAType)(LPCSTR lpFileName);
typedef HMODULE(WINAPI* LoadLibraryWType)(LPCWSTR lpFileName);
typedef HMODULE(WINAPI* LoadLibraryExAType)(LPCSTR lpFileName, HANDLE hFile, DWORD dwFlags);
typedef HMODULE(WINAPI* LoadLibraryExWType)(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags);

// The trampoline functions that will be used to call the original LoadLibraryA, LoadLibraryW, LoadLibraryExA and LoadLibraryExW
uint64_t TrampolineLoadLibraryA;
uint64_t TrampolineLoadLibraryW;
uint64_t TrampolineLoadLibraryExA;
uint64_t TrampolineLoadLibraryExW;

// The hook functions
HMODULE WINAPI HookLoadLibraryA(LPCSTR lpFileName)
{
    LOG_INFO(R"(HookLoadLibraryA '{}')", std::string(lpFileName));
    // Call the original LoadLibraryA function
    HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryA, &LoadLibraryA)(lpFileName);
    //if (strcmp(lpFileName, "nw.dll") == 0)

//{ // LOG_INFO("nw.dll has been loaded."); //} return hModule; }

HMODULE WINAPI HookLoadLibraryW(LPCWSTR lpFileName)
{
    LOG_INFO(R"(HookLoadLibraryW'{}')", ts::utill::to_string(std::wstring(lpFileName)));
    // Call the original LoadLibraryW function
    HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryW, &LoadLibraryW)(lpFileName);
    //if (wcscmp(lpFileName, L"nw.dll") == 0)

//{ // LOG_INFO(L"nw.dll has been loaded."); //} return hModule; }

HMODULE WINAPI HookLoadLibraryExA(LPCSTR lpFileName, HANDLE hFile, DWORD dwFlags)
{
    LOG_INFO(R"(HookLoadLibraryEXA '{}')", std::string(lpFileName));
    // Call the original LoadLibraryExA function
    HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryExA, &LoadLibraryExA)(lpFileName, hFile, dwFlags);
    return hModule;
}

HMODULE WINAPI HookLoadLibraryExW(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags)
{
    LOG_INFO(R"(HookLoadLibraryEXW'{}')", ts::utill::to_string(std::wstring(lpFileName)));
    // Call the original LoadLibraryExW function
    HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryExW, &LoadLibraryExW)(lpFileName, hFile, dwFlags);
    return hModule;
}

void hookEnviroument()
{
    //std::shared_ptr<PolyLogger> logger = std::make_shared<PolyLogger>();

// PLH::Log::registerLogger(logger);

    // Create a detour for LoadLibraryW
    LOG_INFO("Hooking LoadLibrary and LoadLibraryEx Functions");
    PLH::x86Detour detourW = PLH::x86Detour((uint64_t)&LoadLibraryW, (uint64_t)HookLoadLibraryW, &TrampolineLoadLibraryW);
    PLH::x86Detour detourExW = PLH::x86Detour((uint64_t)&LoadLibraryExW, (uint64_t)HookLoadLibraryExW, &TrampolineLoadLibraryExW);
    PLH::x86Detour detourA = PLH::x86Detour((uint64_t)&LoadLibraryA, (uint64_t)HookLoadLibraryA, &TrampolineLoadLibraryA);
    PLH::x86Detour detourExA = PLH::x86Detour((uint64_t)&LoadLibraryExA, (uint64_t)HookLoadLibraryExA, &TrampolineLoadLibraryExA);

    // Enable the detour
    if (detourW.hook())
    {
        LOG_INFO("Hooking LoadLibraryW SUCCESS");
    }
    else 
    {
        LOG_INFO("Hooking LoadLibraryW Failure.");
        return;
    }

    // Enable the detour
    if (detourExW.hook())
    {
        LOG_INFO("Hooking LoadLibraryExW SUCCESS");
    }
    else
    {
        LOG_INFO("Hooking LoadLibraryExW Failure.");
        return;
    }
    // Enable the detour
    if (detourA.hook())
    {
        LOG_INFO("Hooking LoadLibraryA SUCCESS");
    }
    else
    {
        LOG_INFO("Hooking LoadLibraryA Failure.");
        return;
    }

    // Enable the detour
    if (detourExA.hook())
    {
        LOG_INFO("Hooking LoadLibraryExA SUCCESS");
    }
    else
    {
        LOG_INFO("Hooking LoadLibraryExA Failure.");
        return;
    }

    // 我们检查当前环境中已经加载的程序集
    HANDLE hProcess = GetCurrentProcess();
    HMODULE hMods[1024];
    DWORD cbNeeded;
    if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
    {
        for (unsigned int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
        {
            TCHAR szModName[MAX_PATH];

            if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
            {
                LOG_INFO(R"(Current Load Module : '{}')", ts::utill::tchar_to_string(szModName));
            }
        }
    }

    CloseHandle(hProcess);

    LOG_INFO("Testing hook with nw.dll");
    HMODULE hModule = LoadLibraryA("nw.dll");
    if (hModule != NULL) {
        LOG_INFO("nw.dll loaded successfully");
        FreeLibrary(hModule);
    }
    else {
        LOG_INFO("Failed to load nw.dll");
    }

}

}

And this is my log: Process ID: 25364 │ INFO│ 03:04:01.259 │ 19:bootstrap.cpp ┃ Enter Process : '25364' Process ID: 25364 │ INFO│ 03:04:01.259 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 25364 │ INFO│ 03:04:01.259 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 25364 │ INFO│ 03:04:01.259 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 25364 │ INFO│ 03:04:01.259 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 25364 │ INFO│ 03:04:01.260 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 25364 │ INFO│ 03:04:01.260 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 25364 │ INFO│ 03:04:01.260 │ 138:hook.cpp ┃ Testing hook with nw.dll Process ID: 25364 │ INFO│ 03:04:01.260 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll' Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1' Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0' Process ID: 25364 │ INFO│ 03:04:01.272 │ 141:hook.cpp ┃ nw.dll loaded successfully Process ID: 26876 │ INFO│ 03:04:01.323 │ 19:bootstrap.cpp ┃ Enter Process : '26876' Process ID: 26876 │ INFO│ 03:04:01.323 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 26876 │ INFO│ 03:04:01.323 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 26876 │ INFO│ 03:04:01.323 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 26876 │ INFO│ 03:04:01.323 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 26876 │ INFO│ 03:04:01.323 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 26876 │ INFO│ 03:04:01.323 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 26876 │ INFO│ 03:04:01.323 │ 138:hook.cpp ┃ Testing hook with nw.dll Process ID: 26876 │ INFO│ 03:04:01.323 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll' Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1' Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0' Process ID: 26876 │ INFO│ 03:04:01.336 │ 141:hook.cpp ┃ nw.dll loaded successfully Process ID: 28984 │ INFO│ 03:04:01.359 │ 19:bootstrap.cpp ┃ Enter Process : '28984' Process ID: 28984 │ INFO│ 03:04:01.359 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 28984 │ INFO│ 03:04:01.359 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 28984 │ INFO│ 03:04:01.359 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 28984 │ INFO│ 03:04:01.359 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 28984 │ INFO│ 03:04:01.359 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 28984 │ INFO│ 03:04:01.359 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 28984 │ INFO│ 03:04:01.360 │ 138:hook.cpp ┃ Testing hook with nw.dll Process ID: 28984 │ INFO│ 03:04:01.360 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll' Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1' Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0' Process ID: 28984 │ INFO│ 03:04:01.372 │ 141:hook.cpp ┃ nw.dll loaded successfully Process ID: 31808 │ INFO│ 03:04:01.486 │ 19:bootstrap.cpp ┃ Enter Process : '31808' Process ID: 31808 │ INFO│ 03:04:01.486 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 31808 │ INFO│ 03:04:01.486 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 31808 │ INFO│ 03:04:01.486 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 31808 │ INFO│ 03:04:01.486 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 31808 │ INFO│ 03:04:01.487 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 31808 │ INFO│ 03:04:01.487 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 31808 │ INFO│ 03:04:01.487 │ 138:hook.cpp ┃ Testing hook with nw.dll Process ID: 31808 │ INFO│ 03:04:01.487 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll' Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1' Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0' Process ID: 31808 │ INFO│ 03:04:01.501 │ 141:hook.cpp ┃ nw.dll loaded successfully Process ID: 27752 │ INFO│ 03:04:01.537 │ 19:bootstrap.cpp ┃ Enter Process : '27752' Process ID: 27752 │ INFO│ 03:04:01.537 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 27752 │ INFO│ 03:04:01.537 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 27752 │ INFO│ 03:04:01.537 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 27752 │ INFO│ 03:04:01.537 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 27752 │ INFO│ 03:04:01.537 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 27752 │ INFO│ 03:04:01.537 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 27752 │ INFO│ 03:04:01.538 │ 138:hook.cpp ┃ Testing hook with nw.dll Process ID: 27752 │ INFO│ 03:04:01.538 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll' Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1' Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0' Process ID: 27752 │ INFO│ 03:04:01.552 │ 141:hook.cpp ┃ nw.dll loaded successfully

Then I tried to hook these functions in API Monitor, and the result was (Just PID 31184):

Time of Day Thread Module API Return Value Error Duration

1 2:19:43.424 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000067 2 2:19:46.129 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000091 3 2:19:46.619 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000083 4 2:19:46.915 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000085 5 2:19:47.125 AM 1 nw_elf.dll LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000083 6 2:19:47.322 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000094 7 2:19:47.500 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000075 8 2:19:47.676 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000082 9 2:19:47.868 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000080 10 2:19:48.826 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000080 11 2:19:49.060 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000078 12 2:19:49.850 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000081 13 2:19:50.053 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000079 14 2:19:50.265 AM 1 WINMM.dll LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000109 15 2:19:50.480 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000074 16 2:19:50.697 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000081 17 2:19:50.910 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000072 18 2:19:51.105 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000080 19 2:19:51.309 AM 1 WINMM.dll LoadLibraryW ( "RPGMakerMVHookTS.dll" ) 0x7c4d0000 0.0039236 20 2:19:51.310 AM 1 VCRUNTIME140.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000122 21 2:19:51.488 AM 1 VCRUNTIME140.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000082 22 2:19:51.685 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000107 23 2:19:51.685 AM 4 WINMM.dll LoadLibraryExW ( "api-ms-win-appmodel-runtime-l1-1-2", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x74e50000 0.0000165 24 2:19:51.943 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000111 25 2:19:52.098 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000110 26 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000030 27 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000021 28 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000013 29 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000013 30 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000010 31 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000008 32 2:19:59.441 AM 1 Game.exe LoadLibraryExW ( "S:\测试用\f-1\nw.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x0fd70000 0.0159886 33 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000032 34 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000021 35 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000019 36 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000017 37 2:19:59.456 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000058 38 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000043 39 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000044 40 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000043 41 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000052 42 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000042 43 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000048 44 2:19:59.458 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000043 45 2:19:59.458 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000040 46 2:19:59.460 AM 1 nw_elf.dll LoadLibraryExA ( "ADVAPI32.dll", NULL, 0 ) 0x766e0000 0.0000179 47 2:20:00.428 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000073 48 2:20:00.428 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000030 49 2:20:00.428 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000019 50 2:20:00.474 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000131 51 2:20:00.482 AM 1 nw.dll LoadLibraryW ( "Kernel32.dll" ) 0x763e0000 0.0000062 52 2:20:00.483 AM 1 nw.dll LoadLibraryExA ( "WS2_32.dll", NULL, 0 ) 0x76600000 0.0000185 53 2:20:02.959 AM 1 nw.dll LoadLibraryExA ( "IPHLPAPI.DLL", NULL, 0 ) 0x74760000 0.0000128 54 2:20:02.998 AM 1 nw.dll LoadLibraryW ( "shcore.dll" ) 0x762a0000 0.0000086 55 2:20:02.998 AM 1 nw.dll LoadLibraryW ( "shcore.dll" ) 0x762a0000 0.0000028 56 2:20:02.998 AM 1 nw.dll LoadLibraryExA ( "SETUPAPI.dll", NULL, 0 ) 0x76900000 0.0008777 57 2:20:03.000 AM 1 nw.dll LoadLibraryExA ( "CFGMGR32.dll", NULL, 0 ) 0x75950000 0.0000061 58 2:20:03.001 AM 14 nw.dll LoadLibraryW ( "combase.dll" ) 0x756d0000 0.0000059 59 2:20:03.001 AM 16 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\netapi32.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x73040000 0.0000071 60 2:20:03.001 AM 18 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\wlanapi.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x79330000 0.0021257 61 2:20:03.002 AM 22 nw.dll LoadLibraryExA ( "WINHTTP.dll", NULL, 0 ) 0x73060000 0.0000065 62 2:20:03.002 AM 16 nw.dll LoadLibraryExW ( "MDMRegistration.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) NULL 87 = 参数错误。 0.0016190 63 2:20:03.004 AM 16 nw.dll LoadLibraryW ( "MDMRegistration.dll" ) 0x6b290000 0.0017297 64 2:20:03.004 AM 1 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\audioses.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x6c100000 0.0037564 65 2:20:03.042 AM 1 nw.dll LoadLibraryExW ( "kernel32.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) 0x763e0000 0.0000243 66 2:20:03.057 AM 1 nw.dll LoadLibraryW ( "combase.dll" ) 0x756d0000 0.0000138 67 2:20:03.249 AM 1 nw.dll LoadLibraryExA ( "dwmapi.dll", NULL, 0 ) 0x6dd10000 0.0000281 68 2:20:03.256 AM 1 nw.dll LoadLibraryW ( "uxtheme.dll" ) 0x74dd0000 0.0000052 69 2:20:03.290 AM 1 nw.dll LoadLibraryExA ( "atlthunk.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x6e320000 0.0005325 70 2:20:03.301 AM 1 nw.dll LoadLibraryExA ( "IMM32.dll", NULL, 0 ) 0x76f70000 0.0000211 71 2:20:03.660 AM 32 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\avrt.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x58a60000 0.0000105 72 2:20:03.805 AM 45 nw.dll LoadLibraryExW ( "xinput1_4.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) NULL 87 = 参数错误。 0.0000460 73 2:20:03.805 AM 45 nw.dll LoadLibraryW ( "xinput1_4.dll" ) 0x51550000 0.0008882 74 2:20:03.806 AM 45 nw.dll LoadLibraryExW ( "hid.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) 0x6e970000 0.0000123 75 2:22:50.034 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-appmodel-runtime-l1-1-2", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x74e50000 0.0000100

In the log, we can see that after I hooked it, calling LoadLibrary immediately generated output in the log, but afterwards there was no output from the hooked function. did I do something wrong, or is there a misunderstanding about the hooked function?

bbsuuo commented 1 year ago

Process ID: 31184 │ INFO│ 02:19:51.684 │ 19:bootstrap.cpp ┃ Enter Process : '31184' Process ID: 31184 │ INFO│ 02:19:51.684 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1' Process ID: 31184 │ INFO│ 02:19:51.684 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 31184 │ INFO│ 02:19:51.684 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 31184 │ INFO│ 02:19:51.684 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 31184 │ INFO│ 02:19:51.684 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 31184 │ INFO│ 02:19:51.685 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 16076 │ INFO│ 02:20:00.457 │ 19:bootstrap.cpp ┃ Enter Process : '16076' Process ID: 16076 │ INFO│ 02:20:00.457 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1' Process ID: 16076 │ INFO│ 02:20:00.457 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 16076 │ INFO│ 02:20:00.458 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 16076 │ INFO│ 02:20:00.458 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 16076 │ INFO│ 02:20:00.458 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 16076 │ INFO│ 02:20:00.458 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 31812 │ INFO│ 02:20:03.036 │ 19:bootstrap.cpp ┃ Enter Process : '31812' Process ID: 31812 │ INFO│ 02:20:03.036 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1' Process ID: 31812 │ INFO│ 02:20:03.036 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 31812 │ INFO│ 02:20:03.036 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 31812 │ INFO│ 02:20:03.036 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 31812 │ INFO│ 02:20:03.037 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 31812 │ INFO│ 02:20:03.037 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 12164 │ INFO│ 02:20:03.104 │ 19:bootstrap.cpp ┃ Enter Process : '12164' Process ID: 12164 │ INFO│ 02:20:03.104 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1' Process ID: 12164 │ INFO│ 02:20:03.104 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 12164 │ INFO│ 02:20:03.104 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 12164 │ INFO│ 02:20:03.104 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 12164 │ INFO│ 02:20:03.105 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 12164 │ INFO│ 02:20:03.105 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll' Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 28892 │ INFO│ 02:20:48.078 │ 19:bootstrap.cpp ┃ Enter Process : '28892' Process ID: 28892 │ INFO│ 02:20:48.078 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1' Process ID: 28892 │ INFO│ 02:20:48.078 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 28892 │ INFO│ 02:20:48.078 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS Process ID: 28892 │ INFO│ 02:20:48.078 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS Process ID: 28892 │ INFO│ 02:20:48.078 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS Process ID: 28892 │ INFO│ 02:20:48.078 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll' Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'

sorry, I may have uploaded the wrong log file. This one corresponds to API Monitor. The previous one was generated separately for adding a test call

stevemk14ebr commented 1 year ago

The x86Detour destructor unhooks functions

lift them to global scope and store them inside a shared or unique ptr

bbsuuo commented 1 year ago

I understand now, I apologize for acting like a fool

stevemk14ebr commented 1 year ago

You're fine, many people make this mistake!

bbsuuo commented 1 year ago

You're fine, many people make this mistake!

Thank you very much for your guidance. I am surprised to receive a response so quickly. I have given you some rewards, and I hope you are happy

stevemk14ebr commented 1 year ago

I appreciate that, but please do not feel that is necessary