【C】DirectSound8 Hook：将DirectSoundBuffer中的声音存为WAV

0xAA55 · 发表于 2015-4-28 22:44:44

欢迎访问技术宅的结界，请注册或者登录吧。

您需要登录才可以下载或查看，没有账号？立即注册→加入我们

×

原理很简单，将原始的dsound.dll改名为“dsorg.dll”，然后自己写一个Dll，命名为“dsound.dll”，使其具有和原来的dsound.dll相同的导出表。
其实只需要使用这个def文件就能做到了：

LIBRARY
EXPORTS
DirectSoundCreate @1
DirectSoundEnumerateA @2
DirectSoundEnumerateW @3
DllCanUnloadNow PRIVATE
DllGetClassObject PRIVATE
DirectSoundCaptureCreate @6
DirectSoundCaptureEnumerateA @7
DirectSoundCaptureEnumerateW @8
GetDeviceID @9
DirectSoundFullDuplexCreate @10
DirectSoundCreate8 @11
DirectSoundCaptureCreate8 @12

复制代码

然后就是要自己实现这几个方法。

#define CINTERFACE
#include"log.h"
#include<Windows.h>
#include<dsound.h>
//原始Dll句柄
HMODULE g_hOrgDll=NULL;
//DirectSoundCreate
//DirectSoundEnumerateA
//DirectSoundEnumerateW
//DllCanUnloadNow
//DllGetClassObject
//DirectSoundCaptureCreate
//DirectSoundCaptureEnumerateA
//DirectSoundCaptureEnumerateW
//GetDeviceID
//DirectSoundFullDuplexCreate
//DirectSoundCreate8
//DirectSoundCaptureCreate8
void HookIDirectSound(LPDIRECTSOUND pDS);
void HookIDirectSound8(LPDIRECTSOUND8 pDS);
void HookIDirectSoundBuffer(LPDIRECTSOUNDBUFFER pDSB);
void HookIDirectSoundBuffer8(LPDIRECTSOUNDBUFFER8 pDSB8);
//=============================================================================
//函数指针类型定义
//-----------------------------------------------------------------------------
typedef _Check_return_ HRESULT(WINAPI*FnDirectSoundCreate)(_In_opt_ LPCGUID pcGuidDevice, _Outptr_ LPDIRECTSOUND *ppDS, _Pre_null_ LPUNKNOWN pUnkOuter);
typedef HRESULT(WINAPI*FnDirectSoundEnumerateA)(_In_ LPDSENUMCALLBACKA pDSEnumCallback, _In_opt_ LPVOID pContext);
typedef HRESULT(WINAPI*FnDirectSoundEnumerateW)(_In_ LPDSENUMCALLBACKW pDSEnumCallback, _In_opt_ LPVOID pContext);
typedef HRESULT(STDAPICALLTYPE*FnDllCanUnloadNow)();
typedef HRESULT(STDAPICALLTYPE*FnDllGetClassObject)(REFCLSID rclsid,REFIID riid,LPVOID*ppv);
typedef HRESULT(WINAPI*FnDirectSoundCaptureCreate)(_In_opt_ LPCGUID pcGuidDevice, _Outptr_ LPDIRECTSOUNDCAPTURE *ppDSC, _Pre_null_ LPUNKNOWN pUnkOuter);
typedef HRESULT(WINAPI*FnDirectSoundCaptureEnumerateA)(_In_ LPDSENUMCALLBACKA pDSEnumCallback, _In_opt_ LPVOID pContext);
typedef HRESULT(WINAPI*FnDirectSoundCaptureEnumerateW)(_In_ LPDSENUMCALLBACKW pDSEnumCallback, _In_opt_ LPVOID pContext);
typedef HRESULT(WINAPI*FnGetDeviceID)(_In_opt_ LPCGUID pGuidSrc, _Out_ LPGUID pGuidDest);
typedef HRESULT(WINAPI*FnDirectSoundFullDuplexCreate)
(
_In_opt_ LPCGUID pcGuidCaptureDevice,
_In_opt_ LPCGUID pcGuidRenderDevice,
_In_ LPCDSCBUFFERDESC pcDSCBufferDesc,
_In_ LPCDSBUFFERDESC pcDSBufferDesc,
HWND hWnd,
DWORD dwLevel,
_Outptr_ LPDIRECTSOUNDFULLDUPLEX* ppDSFD,
_Outptr_ LPDIRECTSOUNDCAPTUREBUFFER8 *ppDSCBuffer8,
_Outptr_ LPDIRECTSOUNDBUFFER8 *ppDSBuffer8,
_Pre_null_ LPUNKNOWN pUnkOuter
);
typedef HRESULT(WINAPI*FnDirectSoundCreate8)(_In_opt_ LPCGUID pcGuidDevice, _Outptr_ LPDIRECTSOUND8 *ppDS8, _Pre_null_ LPUNKNOWN pUnkOuter);
typedef HRESULT(WINAPI*FnDirectSoundCaptureCreate8)(_In_opt_ LPCGUID pcGuidDevice, _Outptr_ LPDIRECTSOUNDCAPTURE8 *ppDSC8, _Pre_null_ LPUNKNOWN pUnkOuter);
//=============================================================================
//函数指针
//-----------------------------------------------------------------------------
FnDirectSoundCreate g_pOrgDirectSoundCreate=NULL;
FnDirectSoundEnumerateA g_pOrgDirectSoundEnumerateA=NULL;
FnDirectSoundEnumerateW g_pOrgDirectSoundEnumerateW=NULL;
FnDllCanUnloadNow g_pOrgDllCanUnloadNow=NULL;
FnDllGetClassObject g_pOrgDllGetClassObject=NULL;
FnDirectSoundCaptureCreate g_pOrgDirectSoundCaptureCreate=NULL;
FnDirectSoundCaptureEnumerateA g_pOrgDirectSoundCaptureEnumerateA=NULL;
FnDirectSoundCaptureEnumerateW g_pOrgDirectSoundCaptureEnumerateW=NULL;
FnGetDeviceID g_pOrgGetDeviceID=NULL;
FnDirectSoundFullDuplexCreate g_pOrgDirectSoundFullDuplexCreate=NULL;
FnDirectSoundCreate8 g_pOrgDirectSoundCreate8=NULL;
FnDirectSoundCaptureCreate8 g_pOrgDirectSoundCaptureCreate8=NULL;
void LoadOrgDll()
{
if(!g_hOrgDll)
{
Log("Loading org Dll.\n");
g_hOrgDll=LoadLibrary(TEXT("dsorg.dll"));
if(!g_hOrgDll)
return;
g_pOrgDirectSoundCreate=(FnDirectSoundCreate)GetProcAddress(g_hOrgDll,"DirectSoundCreate");
g_pOrgDirectSoundEnumerateA=(FnDirectSoundEnumerateA)GetProcAddress(g_hOrgDll,"DirectSoundEnumerateA");
g_pOrgDirectSoundEnumerateW=(FnDirectSoundEnumerateW)GetProcAddress(g_hOrgDll,"DirectSoundEnumerateW");
g_pOrgDllCanUnloadNow=(FnDllCanUnloadNow)GetProcAddress(g_hOrgDll,"DllCanUnloadNow");
g_pOrgDllGetClassObject=(FnDllGetClassObject)GetProcAddress(g_hOrgDll,"DllGetClassObject");
g_pOrgDirectSoundCaptureCreate=(FnDirectSoundCaptureCreate)GetProcAddress(g_hOrgDll,"DirectSoundCaptureCreate");
g_pOrgDirectSoundCaptureEnumerateA=(FnDirectSoundCaptureEnumerateA)GetProcAddress(g_hOrgDll,"DirectSoundCaptureEnumerateA");
g_pOrgDirectSoundCaptureEnumerateW=(FnDirectSoundCaptureEnumerateW)GetProcAddress(g_hOrgDll,"DirectSoundCaptureEnumerateW");
g_pOrgGetDeviceID=(FnGetDeviceID)GetProcAddress(g_hOrgDll,"GetDeviceID");
g_pOrgDirectSoundFullDuplexCreate=(FnDirectSoundFullDuplexCreate)GetProcAddress(g_hOrgDll,"DirectSoundFullDuplexCreate");
g_pOrgDirectSoundCreate8=(FnDirectSoundCreate8)GetProcAddress(g_hOrgDll,"DirectSoundCreate8");
g_pOrgDirectSoundCaptureCreate8=(FnDirectSoundCaptureCreate8)GetProcAddress(g_hOrgDll,"DirectSoundCaptureCreate8");
}
}
_Check_return_ HRESULT WINAPI DirectSoundCreate
(
_In_opt_ LPCGUID pcGuidDevice,
_Outptr_ LPDIRECTSOUND *ppDS,
_Pre_null_ LPUNKNOWN pUnkOuter)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundCreate\n");
hRet=g_pOrgDirectSoundCreate(pcGuidDevice,ppDS,pUnkOuter);
if(SUCCEEDED(hRet) && *ppDS)
HookIDirectSound(*ppDS);
return hRet;
}
HRESULT WINAPI DirectSoundEnumerateA
(
_In_ LPDSENUMCALLBACKA pDSEnumCallback,
_In_opt_ LPVOID pContext
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundEnumerateA\n");
hRet=g_pOrgDirectSoundEnumerateA(pDSEnumCallback,pContext);
return hRet;
}
HRESULT WINAPI DirectSoundEnumerateW
(
_In_ LPDSENUMCALLBACKW pDSEnumCallback,
_In_opt_ LPVOID pContext
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundEnumerateW\n");
hRet=g_pOrgDirectSoundEnumerateW(pDSEnumCallback,pContext);
return hRet;
}
HRESULT STDAPICALLTYPE DllCanUnloadNow()
{
HRESULT hRet;
LoadOrgDll();
Log("DllCanUnloadNow\n");
hRet=g_pOrgDllCanUnloadNow();
return hRet;
}
HRESULT STDAPICALLTYPE DllGetClassObject(REFCLSID rclsid,REFIID riid,LPVOID*ppv)
{
HRESULT hRet;
LoadOrgDll();
Log("DllGetClassObject\n");
hRet=g_pOrgDllGetClassObject(rclsid,riid,ppv);
return hRet;
}
HRESULT WINAPI DirectSoundCaptureCreate
(
_In_opt_ LPCGUID pcGuidDevice,
_Outptr_ LPDIRECTSOUNDCAPTURE*ppDSC,
_Pre_null_ LPUNKNOWN pUnkOuter)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundCaptureCreate\n");
hRet=g_pOrgDirectSoundCaptureCreate(pcGuidDevice,ppDSC,pUnkOuter);
return hRet;
}
HRESULT WINAPI DirectSoundCaptureEnumerateA
(
_In_ LPDSENUMCALLBACKA pDSEnumCallback,
_In_opt_ LPVOID pContext
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundCaptureEnumerateA\n");
hRet=g_pOrgDirectSoundCaptureEnumerateA(pDSEnumCallback,pContext);
return hRet;
}
HRESULT WINAPI DirectSoundCaptureEnumerateW
(
_In_ LPDSENUMCALLBACKW pDSEnumCallback,
_In_opt_ LPVOID pContext
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundCaptureEnumerateW\n");
hRet=g_pOrgDirectSoundCaptureEnumerateW(pDSEnumCallback,pContext);
return hRet;
}
HRESULT WINAPI GetDeviceID
(
_In_opt_ LPCGUID pGuidSrc,
_Out_ LPGUID pGuidDest
)
{
HRESULT hRet;
LoadOrgDll();
Log("GetDeviceID\n");
hRet=g_pOrgGetDeviceID(pGuidSrc,pGuidDest);
return hRet;
}
HRESULT WINAPI DirectSoundFullDuplexCreate
(
_In_opt_ LPCGUID pcGuidCaptureDevice,
_In_opt_ LPCGUID pcGuidRenderDevice,
_In_ LPCDSCBUFFERDESC pcDSCBufferDesc,
_In_ LPCDSBUFFERDESC pcDSBufferDesc,
HWND hWnd,
DWORD dwLevel,
_Outptr_ LPDIRECTSOUNDFULLDUPLEX* ppDSFD,
_Outptr_ LPDIRECTSOUNDCAPTUREBUFFER8 *ppDSCBuffer8,
_Outptr_ LPDIRECTSOUNDBUFFER8 *ppDSBuffer8,
_Pre_null_ LPUNKNOWN pUnkOuter
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundFullDuplexCreate\n");
hRet=g_pOrgDirectSoundFullDuplexCreate
(
pcGuidCaptureDevice,
pcGuidRenderDevice,
pcDSCBufferDesc,
pcDSBufferDesc,
hWnd,
dwLevel,
ppDSFD,
ppDSCBuffer8,
ppDSBuffer8,
pUnkOuter
);
HookIDirectSoundBuffer8(*ppDSBuffer8);
return hRet;
}
HRESULT WINAPI DirectSoundCreate8
(
_In_opt_ LPCGUID pcGuidDevice,
_Outptr_ LPDIRECTSOUND8 *ppDS8,
_Pre_null_ LPUNKNOWN pUnkOuter
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundCreate8\n");
hRet=g_pOrgDirectSoundCreate8(pcGuidDevice,ppDS8,pUnkOuter);
if(SUCCEEDED(hRet) && *ppDS8)
HookIDirectSound8(*ppDS8);
return hRet;
}
HRESULT WINAPI DirectSoundCaptureCreate8
(
_In_opt_ LPCGUID pcGuidDevice,
_Outptr_ LPDIRECTSOUNDCAPTURE8 *ppDSC8,
_Pre_null_ LPUNKNOWN pUnkOuter
)
{
HRESULT hRet;
LoadOrgDll();
Log("DirectSoundCaptureCreate8\n");
hRet=g_pOrgDirectSoundCaptureCreate8(pcGuidDevice,ppDSC8,pUnkOuter);
return hRet;
}

复制代码

其中的Log是一个参数类似于printf然后将内容打印到文件的这么一个调试性质的函数，而HookXXXXX这样的函数则是用来对某个Com类进行Hook操作。
某些游戏会完全使用DirectSound，并且使用多个DirectSoundBuffer完成音效混合的操作，因此对于这样的游戏，我们就可以将其加载的音效偷出来保存了。具体的代码请下载附件。

BIN:

psdsbin.7z (224.62 KB, 下载次数: 20)
SRC:

psdssrc.7z (503.65 KB, 下载次数: 40)

ljxin · 发表于 2015-4-28 23:05:21

膜拜技术宅

0x01810 · 发表于 2015-4-29 10:16:23

mark...可以用来翻录..

fangyuan · 发表于 2022-8-17 10:35:24

太强了，我在网上找了很久也没有找到，最终在你这里找到了相似的实现方法，我用的是注入一个Dll模块到第三方库，然后再进行DirectSound8的hook，但是我不知道该如何截取数据，接口已经全部hook了，我现在只要看你的源码就可以知道怎么来保存了，谁能相信15年的帖子帮了22年的我，感想大佬的无私奉献！！！！

系统消息 · 发表于 2022-8-18 23:34:24

我也说两句吧：
1.不需要HOOK的函数可以直接在def文件里面做导出表跳转，不需要自己写代码再调用过去，比如：DllCanUnloadNow=dsorg.DllCanUnloadNow @4 PRIVATE
2.需要HOOK并不只是 DirectSoundCreate 和 DirectSoundCreate8，还有 DllGetClassObject 也需要HOOK，因为DS对象有两种创建方式，一种就是直接调用dsound.dll的导出函数，还有一种就是用 CoCreateInstance（这个走 DllGetClassObject 不走 DirectSoundCreate 和 DirectSoundCreate8）。

账号		自动登录	找回密码
密码			立即注册→加入我们

【C】DirectSound8 Hook：将DirectSoundBuffer中的声音存为WAV

欢迎访问技术宅的结界，请注册或者登录吧。

本帖被以下淘专辑推荐:

相关帖子