Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does x86Detour seem not to work for external DLL calls? #173

Closed
bbsuuo opened this issue Jun 30, 2023 · 6 comments
Closed

Does x86Detour seem not to work for external DLL calls? #173

bbsuuo opened this issue Jun 30, 2023 · 6 comments

Comments

@bbsuuo
Copy link

bbsuuo commented Jun 30, 2023

I use koaloader to hijack DLLs, and then I try to hook a series of functions such as LoadLibrary

This is my code:

#include "hook.h"
#include "logger.h"
#include "polyhook2/Detour/x86Detour.hpp"
#include "polyLogger.h"
#include "utill.h"

namespace ts::hook
{
using namespace ts;

// The type of LoadLibraryA, LoadLibraryW, LoadLibraryExA and LoadLibraryExW functions
typedef HMODULE(WINAPI* LoadLibraryAType)(LPCSTR lpFileName);
typedef HMODULE(WINAPI* LoadLibraryWType)(LPCWSTR lpFileName);
typedef HMODULE(WINAPI* LoadLibraryExAType)(LPCSTR lpFileName, HANDLE hFile, DWORD dwFlags);
typedef HMODULE(WINAPI* LoadLibraryExWType)(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags);

// The trampoline functions that will be used to call the original LoadLibraryA, LoadLibraryW, LoadLibraryExA and LoadLibraryExW
uint64_t TrampolineLoadLibraryA;
uint64_t TrampolineLoadLibraryW;
uint64_t TrampolineLoadLibraryExA;
uint64_t TrampolineLoadLibraryExW;

// The hook functions
HMODULE WINAPI HookLoadLibraryA(LPCSTR lpFileName)
{
	LOG_INFO(R"(HookLoadLibraryA '{}')", std::string(lpFileName));
	// Call the original LoadLibraryA function
	HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryA, &LoadLibraryA)(lpFileName);
	//if (strcmp(lpFileName, "nw.dll") == 0)

//{
// LOG_INFO("nw.dll has been loaded.");
//}
return hModule;
}

HMODULE WINAPI HookLoadLibraryW(LPCWSTR lpFileName)
{
	LOG_INFO(R"(HookLoadLibraryW'{}')", ts::utill::to_string(std::wstring(lpFileName)));
	// Call the original LoadLibraryW function
	HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryW, &LoadLibraryW)(lpFileName);
	//if (wcscmp(lpFileName, L"nw.dll") == 0)

//{
// LOG_INFO(L"nw.dll has been loaded.");
//}
return hModule;
}

HMODULE WINAPI HookLoadLibraryExA(LPCSTR lpFileName, HANDLE hFile, DWORD dwFlags)
{
	LOG_INFO(R"(HookLoadLibraryEXA '{}')", std::string(lpFileName));
	// Call the original LoadLibraryExA function
	HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryExA, &LoadLibraryExA)(lpFileName, hFile, dwFlags);
	return hModule;
}

HMODULE WINAPI HookLoadLibraryExW(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags)
{
	LOG_INFO(R"(HookLoadLibraryEXW'{}')", ts::utill::to_string(std::wstring(lpFileName)));
	// Call the original LoadLibraryExW function
	HMODULE hModule = PLH::FnCast(TrampolineLoadLibraryExW, &LoadLibraryExW)(lpFileName, hFile, dwFlags);
	return hModule;
}

void hookEnviroument()
{
	//std::shared_ptr<PolyLogger> logger = std::make_shared<PolyLogger>();

// PLH::Log::registerLogger(logger);

	// Create a detour for LoadLibraryW
	LOG_INFO("Hooking LoadLibrary and LoadLibraryEx Functions");
	PLH::x86Detour detourW = PLH::x86Detour((uint64_t)&LoadLibraryW, (uint64_t)HookLoadLibraryW, &TrampolineLoadLibraryW);
	PLH::x86Detour detourExW = PLH::x86Detour((uint64_t)&LoadLibraryExW, (uint64_t)HookLoadLibraryExW, &TrampolineLoadLibraryExW);
	PLH::x86Detour detourA = PLH::x86Detour((uint64_t)&LoadLibraryA, (uint64_t)HookLoadLibraryA, &TrampolineLoadLibraryA);
	PLH::x86Detour detourExA = PLH::x86Detour((uint64_t)&LoadLibraryExA, (uint64_t)HookLoadLibraryExA, &TrampolineLoadLibraryExA);

	// Enable the detour
	if (detourW.hook())
	{
		LOG_INFO("Hooking LoadLibraryW SUCCESS");
	}
	else 
	{
		LOG_INFO("Hooking LoadLibraryW Failure.");
		return;
	}

	// Enable the detour
	if (detourExW.hook())
	{
		LOG_INFO("Hooking LoadLibraryExW SUCCESS");
	}
	else
	{
		LOG_INFO("Hooking LoadLibraryExW Failure.");
		return;
	}
	// Enable the detour
	if (detourA.hook())
	{
		LOG_INFO("Hooking LoadLibraryA SUCCESS");
	}
	else
	{
		LOG_INFO("Hooking LoadLibraryA Failure.");
		return;
	}

	// Enable the detour
	if (detourExA.hook())
	{
		LOG_INFO("Hooking LoadLibraryExA SUCCESS");
	}
	else
	{
		LOG_INFO("Hooking LoadLibraryExA Failure.");
		return;
	}

	// 我们检查当前环境中已经加载的程序集
	HANDLE hProcess = GetCurrentProcess();
	HMODULE hMods[1024];
	DWORD cbNeeded;
	if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
	{
		for (unsigned int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
		{
			TCHAR szModName[MAX_PATH];

			if (GetModuleFileNameEx(hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
			{
				LOG_INFO(R"(Current Load Module : '{}')", ts::utill::tchar_to_string(szModName));
			}
		}
	}

	CloseHandle(hProcess);

	LOG_INFO("Testing hook with nw.dll");
	HMODULE hModule = LoadLibraryA("nw.dll");
	if (hModule != NULL) {
		LOG_INFO("nw.dll loaded successfully");
		FreeLibrary(hModule);
	}
	else {
		LOG_INFO("Failed to load nw.dll");
	}

}

}

And this is my log:
Process ID: 25364 │ INFO│ 03:04:01.259 │ 19:bootstrap.cpp ┃ Enter Process : '25364'
Process ID: 25364 │ INFO│ 03:04:01.259 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2'
Process ID: 25364 │ INFO│ 03:04:01.259 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 25364 │ INFO│ 03:04:01.259 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 25364 │ INFO│ 03:04:01.259 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 25364 │ INFO│ 03:04:01.260 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 25364 │ INFO│ 03:04:01.260 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 25364 │ INFO│ 03:04:01.260 │ 138:hook.cpp ┃ Testing hook with nw.dll
Process ID: 25364 │ INFO│ 03:04:01.260 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll'
Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 25364 │ INFO│ 03:04:01.268 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0'
Process ID: 25364 │ INFO│ 03:04:01.272 │ 141:hook.cpp ┃ nw.dll loaded successfully
Process ID: 26876 │ INFO│ 03:04:01.323 │ 19:bootstrap.cpp ┃ Enter Process : '26876'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 26876 │ INFO│ 03:04:01.323 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 26876 │ INFO│ 03:04:01.323 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 26876 │ INFO│ 03:04:01.323 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 26876 │ INFO│ 03:04:01.323 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 26876 │ INFO│ 03:04:01.323 │ 138:hook.cpp ┃ Testing hook with nw.dll
Process ID: 26876 │ INFO│ 03:04:01.323 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll'
Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 26876 │ INFO│ 03:04:01.332 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0'
Process ID: 26876 │ INFO│ 03:04:01.336 │ 141:hook.cpp ┃ nw.dll loaded successfully
Process ID: 28984 │ INFO│ 03:04:01.359 │ 19:bootstrap.cpp ┃ Enter Process : '28984'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 28984 │ INFO│ 03:04:01.359 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 28984 │ INFO│ 03:04:01.359 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 28984 │ INFO│ 03:04:01.359 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 28984 │ INFO│ 03:04:01.359 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 28984 │ INFO│ 03:04:01.359 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 28984 │ INFO│ 03:04:01.360 │ 138:hook.cpp ┃ Testing hook with nw.dll
Process ID: 28984 │ INFO│ 03:04:01.360 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll'
Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 28984 │ INFO│ 03:04:01.368 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1'
Process ID: 28984 │ INFO│ 03:04:01.371 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0'
Process ID: 28984 │ INFO│ 03:04:01.372 │ 141:hook.cpp ┃ nw.dll loaded successfully
Process ID: 31808 │ INFO│ 03:04:01.486 │ 19:bootstrap.cpp ┃ Enter Process : '31808'
Process ID: 31808 │ INFO│ 03:04:01.486 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2'
Process ID: 31808 │ INFO│ 03:04:01.486 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 31808 │ INFO│ 03:04:01.486 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 31808 │ INFO│ 03:04:01.486 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 31808 │ INFO│ 03:04:01.487 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 31808 │ INFO│ 03:04:01.487 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 31808 │ INFO│ 03:04:01.487 │ 138:hook.cpp ┃ Testing hook with nw.dll
Process ID: 31808 │ INFO│ 03:04:01.487 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll'
Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 31808 │ INFO│ 03:04:01.496 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0'
Process ID: 31808 │ INFO│ 03:04:01.501 │ 141:hook.cpp ┃ nw.dll loaded successfully
Process ID: 27752 │ INFO│ 03:04:01.537 │ 19:bootstrap.cpp ┃ Enter Process : '27752'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 27752 │ INFO│ 03:04:01.537 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 27752 │ INFO│ 03:04:01.537 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 27752 │ INFO│ 03:04:01.537 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 27752 │ INFO│ 03:04:01.537 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\Game.exe'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\nw_elf.dll'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 27752 │ INFO│ 03:04:01.537 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\WINMM.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-2\RPGMakerMVHookTS.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 27752 │ INFO│ 03:04:01.538 │ 138:hook.cpp ┃ Testing hook with nw.dll
Process ID: 27752 │ INFO│ 03:04:01.538 │ 26:hook.cpp ┃ HookLoadLibraryA 'nw.dll'
Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 27752 │ INFO│ 03:04:01.547 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-synch-l1-2-0'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-fibers-l1-1-1'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'kernel32'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-string-l1-1-0'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-l1-2-1'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-datetime-l1-1-1'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 58:hook.cpp ┃ HookLoadLibraryEXW'api-ms-win-core-localization-obsolete-l1-2-0'
Process ID: 27752 │ INFO│ 03:04:01.552 │ 141:hook.cpp ┃ nw.dll loaded successfully

Then I tried to hook these functions in API Monitor, and the result was (Just PID 31184):

Time of Day Thread Module API Return Value Error Duration

1 2:19:43.424 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000067
2 2:19:46.129 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000091
3 2:19:46.619 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000083
4 2:19:46.915 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000085
5 2:19:47.125 AM 1 nw_elf.dll LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000083
6 2:19:47.322 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000094
7 2:19:47.500 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000075
8 2:19:47.676 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000082
9 2:19:47.868 AM 1 nw_elf.dll LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000080
10 2:19:48.826 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000080
11 2:19:49.060 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000078
12 2:19:49.850 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000081
13 2:19:50.053 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000079
14 2:19:50.265 AM 1 WINMM.dll LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000109
15 2:19:50.480 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000074
16 2:19:50.697 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000081
17 2:19:50.910 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000072
18 2:19:51.105 AM 1 WINMM.dll LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000080
19 2:19:51.309 AM 1 WINMM.dll LoadLibraryW ( "RPGMakerMVHookTS.dll" ) 0x7c4d0000 0.0039236
20 2:19:51.310 AM 1 VCRUNTIME140.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000122
21 2:19:51.488 AM 1 VCRUNTIME140.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000082
22 2:19:51.685 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000107
23 2:19:51.685 AM 4 WINMM.dll LoadLibraryExW ( "api-ms-win-appmodel-runtime-l1-1-2", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x74e50000 0.0000165
24 2:19:51.943 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000111
25 2:19:52.098 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000110
26 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000030
27 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000021
28 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000013
29 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000013
30 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000010
31 2:19:59.416 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000008
32 2:19:59.441 AM 1 Game.exe LoadLibraryExW ( "S:\测试用\f-1\nw.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x0fd70000 0.0159886
33 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000032
34 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000021
35 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000019
36 2:19:59.451 AM 1 ffmpeg.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000017
37 2:19:59.456 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000058
38 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000043
39 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-synch-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000044
40 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-fibers-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000043
41 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "kernel32", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x763e0000 0.0000052
42 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-string-l1-1-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000042
43 2:19:59.457 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-localization-l1-2-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000048
44 2:19:59.458 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-datetime-l1-1-1", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000043
45 2:19:59.458 AM 1 nw.dll LoadLibraryExW ( "api-ms-win-core-localization-obsolete-l1-2-0", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x75ae0000 0.0000040
46 2:19:59.460 AM 1 nw_elf.dll LoadLibraryExA ( "ADVAPI32.dll", NULL, 0 ) 0x766e0000 0.0000179
47 2:20:00.428 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000073
48 2:20:00.428 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000030
49 2:20:00.428 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000019
50 2:20:00.474 AM 1 nw_elf.dll LoadLibraryW ( "kernel32.dll" ) 0x763e0000 0.0000131
51 2:20:00.482 AM 1 nw.dll LoadLibraryW ( "Kernel32.dll" ) 0x763e0000 0.0000062
52 2:20:00.483 AM 1 nw.dll LoadLibraryExA ( "WS2_32.dll", NULL, 0 ) 0x76600000 0.0000185
53 2:20:02.959 AM 1 nw.dll LoadLibraryExA ( "IPHLPAPI.DLL", NULL, 0 ) 0x74760000 0.0000128
54 2:20:02.998 AM 1 nw.dll LoadLibraryW ( "shcore.dll" ) 0x762a0000 0.0000086
55 2:20:02.998 AM 1 nw.dll LoadLibraryW ( "shcore.dll" ) 0x762a0000 0.0000028
56 2:20:02.998 AM 1 nw.dll LoadLibraryExA ( "SETUPAPI.dll", NULL, 0 ) 0x76900000 0.0008777
57 2:20:03.000 AM 1 nw.dll LoadLibraryExA ( "CFGMGR32.dll", NULL, 0 ) 0x75950000 0.0000061
58 2:20:03.001 AM 14 nw.dll LoadLibraryW ( "combase.dll" ) 0x756d0000 0.0000059
59 2:20:03.001 AM 16 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\netapi32.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x73040000 0.0000071
60 2:20:03.001 AM 18 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\wlanapi.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x79330000 0.0021257
61 2:20:03.002 AM 22 nw.dll LoadLibraryExA ( "WINHTTP.dll", NULL, 0 ) 0x73060000 0.0000065
62 2:20:03.002 AM 16 nw.dll LoadLibraryExW ( "MDMRegistration.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) NULL 87 = 参数错误。 0.0016190
63 2:20:03.004 AM 16 nw.dll LoadLibraryW ( "MDMRegistration.dll" ) 0x6b290000 0.0017297
64 2:20:03.004 AM 1 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\audioses.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x6c100000 0.0037564
65 2:20:03.042 AM 1 nw.dll LoadLibraryExW ( "kernel32.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) 0x763e0000 0.0000243
66 2:20:03.057 AM 1 nw.dll LoadLibraryW ( "combase.dll" ) 0x756d0000 0.0000138
67 2:20:03.249 AM 1 nw.dll LoadLibraryExA ( "dwmapi.dll", NULL, 0 ) 0x6dd10000 0.0000281
68 2:20:03.256 AM 1 nw.dll LoadLibraryW ( "uxtheme.dll" ) 0x74dd0000 0.0000052
69 2:20:03.290 AM 1 nw.dll LoadLibraryExA ( "atlthunk.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x6e320000 0.0005325
70 2:20:03.301 AM 1 nw.dll LoadLibraryExA ( "IMM32.dll", NULL, 0 ) 0x76f70000 0.0000211
71 2:20:03.660 AM 32 nw.dll LoadLibraryExW ( "C:\WINDOWS\system32\avrt.dll", NULL, LOAD_WITH_ALTERED_SEARCH_PATH ) 0x58a60000 0.0000105
72 2:20:03.805 AM 45 nw.dll LoadLibraryExW ( "xinput1_4.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) NULL 87 = 参数错误。 0.0000460
73 2:20:03.805 AM 45 nw.dll LoadLibraryW ( "xinput1_4.dll" ) 0x51550000 0.0008882
74 2:20:03.806 AM 45 nw.dll LoadLibraryExW ( "hid.dll", NULL, LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR ) 0x6e970000 0.0000123
75 2:22:50.034 AM 1 Game.exe LoadLibraryExW ( "api-ms-win-appmodel-runtime-l1-1-2", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32 ) 0x74e50000 0.0000100

In the log, we can see that after I hooked it, calling LoadLibrary immediately generated output in the log, but afterwards there was no output from the hooked function. did I do something wrong, or is there a misunderstanding about the hooked function?
@bbsuuo
Copy link
Author

bbsuuo commented Jun 30, 2023

Process ID: 31184 │ INFO│ 02:19:51.684 │ 19:bootstrap.cpp ┃ Enter Process : '31184'
Process ID: 31184 │ INFO│ 02:19:51.684 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1'
Process ID: 31184 │ INFO│ 02:19:51.684 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 31184 │ INFO│ 02:19:51.684 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 31184 │ INFO│ 02:19:51.684 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 31184 │ INFO│ 02:19:51.684 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 31184 │ INFO│ 02:19:51.685 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 31184 │ INFO│ 02:19:51.685 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 16076 │ INFO│ 02:20:00.457 │ 19:bootstrap.cpp ┃ Enter Process : '16076'
Process ID: 16076 │ INFO│ 02:20:00.457 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1'
Process ID: 16076 │ INFO│ 02:20:00.457 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 16076 │ INFO│ 02:20:00.458 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 16076 │ INFO│ 02:20:00.458 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 16076 │ INFO│ 02:20:00.458 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 16076 │ INFO│ 02:20:00.458 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 16076 │ INFO│ 02:20:00.458 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 31812 │ INFO│ 02:20:03.036 │ 19:bootstrap.cpp ┃ Enter Process : '31812'
Process ID: 31812 │ INFO│ 02:20:03.036 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1'
Process ID: 31812 │ INFO│ 02:20:03.036 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 31812 │ INFO│ 02:20:03.036 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 31812 │ INFO│ 02:20:03.036 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 31812 │ INFO│ 02:20:03.037 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 31812 │ INFO│ 02:20:03.037 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 31812 │ INFO│ 02:20:03.037 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 12164 │ INFO│ 02:20:03.104 │ 19:bootstrap.cpp ┃ Enter Process : '12164'
Process ID: 12164 │ INFO│ 02:20:03.104 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1'
Process ID: 12164 │ INFO│ 02:20:03.104 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 12164 │ INFO│ 02:20:03.104 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 12164 │ INFO│ 02:20:03.104 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 12164 │ INFO│ 02:20:03.105 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 12164 │ INFO│ 02:20:03.105 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'
Process ID: 12164 │ INFO│ 02:20:03.105 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 28892 │ INFO│ 02:20:48.078 │ 19:bootstrap.cpp ┃ Enter Process : '28892'
Process ID: 28892 │ INFO│ 02:20:48.078 │ 20:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-1'
Process ID: 28892 │ INFO│ 02:20:48.078 │ 70:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions
Process ID: 28892 │ INFO│ 02:20:48.078 │ 79:hook.cpp ┃ Hooking LoadLibraryW SUCCESS
Process ID: 28892 │ INFO│ 02:20:48.078 │ 90:hook.cpp ┃ Hooking LoadLibraryExW SUCCESS
Process ID: 28892 │ INFO│ 02:20:48.078 │ 100:hook.cpp ┃ Hooking LoadLibraryA SUCCESS
Process ID: 28892 │ INFO│ 02:20:48.078 │ 111:hook.cpp ┃ Hooking LoadLibraryExA SUCCESS
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\Game.exe'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\ntdll.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNEL32.DLL'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\KERNELBASE.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'G:\反编译\apiMonitor\apimonitor-drv-x86.sys'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHLWAPI.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcrt.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ADVAPI32.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\sechost.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\RPCRT4.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\PSAPI.DLL'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\SHELL32.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\nw_elf.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\msvcp_win.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\ucrtbase.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\USER32.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\win32u.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\GDI32.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\gdi32full.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\WINMM.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VERSION.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\WINHTTP.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\WS2_32.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\Windows\System32\winmm.DLL'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\CRYPT32.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\System32\IMM32.DLL'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'S:\测试用\f-1\RPGMakerMVHookTS.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\MSVCP140.dll'
Process ID: 28892 │ INFO│ 02:20:48.079 │ 131:hook.cpp ┃ Current Load Module : 'C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll'

sorry, I may have uploaded the wrong log file. This one corresponds to API Monitor. The previous one was generated separately for adding a test call

@stevemk14ebr
Copy link
Owner

stevemk14ebr commented Jun 30, 2023
edited
Loading

The x86Detour destructor unhooks functions

lift them to global scope and store them inside a shared or unique ptr

@bbsuuo
Copy link
Author

bbsuuo commented Jun 30, 2023

I understand now, I apologize for acting like a fool

@bbsuuo bbsuuo closed this as completed Jun 30, 2023
@stevemk14ebr
Copy link
Owner

You're fine, many people make this mistake!

@bbsuuo
Copy link
Author

bbsuuo commented Jun 30, 2023

You're fine, many people make this mistake!

Thank you very much for your guidance. I am surprised to receive a response so quickly. I have given you some rewards, and I hope you are happy

@stevemk14ebr
Copy link
Owner

I appreciate that, but please do not feel that is necessary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevemk14ebr @bbsuuo