我用mHook,做了如下代码，能够HOOK到NtOpenProcess，但HOOk不到RtlIpv4StringToAddressA 和RtlIpv4StringToAddressppW，实现对DNS的重定向，目前没有实现，求大神给看看什么问题？

#include "stdafx.h"
#include "mhook-lib/mhook.h"

//=========================================================================
// Define _NtOpenProcess so we can dynamically bind to the function
//
typedef struct _CLIENT_ID {
        DWORD_PTR UniqueProcess;
        DWORD_PTR UniqueThread;
} CLIENT_ID, *PCLIENT_ID;

typedef ULONG(WINAPI* _NtOpenProcess)(OUT PHANDLE ProcessHandle,
        IN ACCESS_MASK AccessMask, IN PVOID ObjectAttributes,
        IN PCLIENT_ID ClientId);

typedef LONG(WINAPI* _RtlIpv4StringToAddressW)(
        __in   PCWSTR S,
        __in   BOOLEAN Strict,
        __out  LPWSTR* Terminator,
        __out  IN_ADDR* Addr
        );
typedef LONG(WINAPI* _RtlIpv4StringToAddressA)(
        __in   PCTSTR S,
        __in   BOOLEAN Strict,
        __out  LPTSTR* Terminator,
        __out  IN_ADDR* Addr
        );
_NtOpenProcess TrueNtOpenProcess = (_NtOpenProcess)
GetProcAddress(GetModuleHandle(L"ntdll"), "NtOpenProcess");

_RtlIpv4StringToAddressW TrueRtlIpv4StringToAddressW = (_RtlIpv4StringToAddressW)
GetProcAddress(GetModuleHandle(L"ntdll"), "RtlIpv4StringToAddressW");

_RtlIpv4StringToAddressA TrueRtlIpv4StringToAddressA = (_RtlIpv4StringToAddressA)
GetProcAddress(GetModuleHandle(L"ntdll"), "RtlIpv4StringToAddressA");
ULONG WINAPI HookNtOpenProcess(OUT PHANDLE ProcessHandle,
        IN ACCESS_MASK AccessMask,
        IN PVOID ObjectAttributes,
        IN PCLIENT_ID ClientId)
{
        OutputDebugString(L"*************** Call to open process NtOpenProgress\n");
        return TrueNtOpenProcess(ProcessHandle, AccessMask,
                ObjectAttributes, ClientId);
}

LONG WINAPI HookRtlIpv4StringToAddressW(
        __in   PCWSTR S,
        __in   BOOLEAN Strict,
        __out  LPWSTR* Terminator,
        __out  IN_ADDR* Addr
        )
{
        OutputDebugString(L"*************** Hooked RtlIpv4StringToAddressW\n");
        //OutputDebugString(S);
        return TrueRtlIpv4StringToAddressW(S, Strict, Terminator, Addr);
}

LONG WINAPI HookRtlIpv4StringToAddressA(
        __in   PCTSTR S,
        __in   BOOLEAN Strict,
        __out  LPTSTR* Terminator,
        __out  IN_ADDR* Addr
        )
{
        OutputDebugString(L"*************** Hooked RtlIpv4StringToAddressA\n");
        //OutputDebugString(S);
        return TrueRtlIpv4StringToAddressA(S, Strict, Terminator, Addr);
}
BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                                         )
{
        HANDLE hProc;
        switch (ul_reason_for_call)
        {
        case DLL_PROCESS_ATTACH:
                if (Mhook_SetHook((PVOID*)&TrueNtOpenProcess, HookNtOpenProcess)) {
                        // Now call OpenProcess and observe NtOpenProcess being redirected
                        // under the hood.
                        hProc = OpenProcess(PROCESS_ALL_ACCESS,FALSE, GetCurrentProcessId());
                        if (hProc) {
                                OutputDebugString(L"***************Successfully opened self");
                                CloseHandle(hProc);
                        }
                        else {
                                OutputDebugString(L"***************Could not open self");
                        }
                }
                Mhook_SetHook((PVOID*)&TrueRtlIpv4StringToAddressW, HookRtlIpv4StringToAddressW);
                Mhook_SetHook((PVOID*)&TrueRtlIpv4StringToAddressA, HookRtlIpv4StringToAddressA);       
                break;
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
                Mhook_Unhook((PVOID*)&TrueNtOpenProcess);               
                Mhook_Unhook((PVOID*)&TrueRtlIpv4StringToAddressW);
                Mhook_Unhook((PVOID*)&TrueRtlIpv4StringToAddressA);
                break;
        }
        return TRUE;
}

[培训]科锐逆向工程师培训第53期2025年7月8日开班！