9,506
社区成员
发帖
与我相关
我的任务
分享dll注入
刚开始学习dll注入 用的是windows钩子 我用了SetWindowLongPtr来改变窗口的回调函数,但是我的注入没起作用
代码如下:
DLL:
#include<Windows.h>
#define MYFIRSTDLL extern "C" __declspec(dllexport)
#include "firstdll.h"
HINSTANCE g_hInstance=NULL;
HHOOK g_hHook=NULL;
HWND hW=NULL;
WNDPROC lpOldProc;
int hello(int a,int b){
return (a+b);
}
BOOL WINAPI DllMain(HINSTANCE hInstance,DWORD fdwReason,PVOID fImpLoad){
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hInstance=hInstance;
break;
case DLL_PROCESS_DETACH:
break;
}
return(TRUE);
}
void ahhh(){
MessageBox(NULL,TEXT("hello"),TEXT("你好"),MB_OK);
}
LRESULT CALLBACK SubclassWndProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_CLOSE:
MessageBox(NULL,TEXT("关不掉关不掉气不气"),TEXT("提醒"),MB_OK);
default:
break;
}
return 0;
}
LRESULT WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam){
lpOldProc = (WNDPROC)SetWindowLongPtr(hW,GWLP_WNDPROC,(LONG_PTR)SubclassWndProc);
if(lpOldProc!=NULL)
return TRUE;
else
return FALSE;
}
BOOL WINAPI SetFirstHook(DWORD dwThreadId,HWND hWnd){
g_hHook=SetWindowsHookEx(WH_GETMESSAGE,GetMsgProc,g_hInstance,dwThreadId);
hW=hWnd;
return TRUE;
}
被注入程序:
#include<Windows.h>
int WINAPI WinMain(HINSTANCE,HINSTANCE,PTSTR,int){
MessageBox(NULL,TEXT("alh"),TEXT("alh"),MB_OK);
}
注入程序:
#include<Windows.h>
#include"firstdll.h"
#pragma comment(lib,"FirstDLL.lib")
int WINAPI WinMain(HINSTANCE,HINSTANCE,PTSTR,int){
HWND Wnd=FindWindow(NULL,TEXT("alh"));
if(Wnd==NULL) MessageBox(NULL,TEXT("找不到窗口"),NULL,MB_OK);
else{
SetFirstHook(GetWindowThreadProcessId(Wnd,NULL),Wnd);
MessageBox(NULL,TEXT("注入成功"),NULL,MB_OK);
}
}
代码如下:
DLL:
#include<Windows.h>
#define MYFIRSTDLL extern "C" __declspec(dllexport)
#include "firstdll.h"
HINSTANCE g_hInstance=NULL;
HHOOK g_hHook=NULL;
HWND hW=NULL;
WNDPROC lpOldProc;
int hello(int a,int b){
return (a+b);
}
BOOL WINAPI DllMain(HINSTANCE hInstance,DWORD fdwReason,PVOID fImpLoad){
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
g_hInstance=hInstance;
break;
case DLL_PROCESS_DETACH:
break;
}
return(TRUE);
}
void ahhh(){
MessageBox(NULL,TEXT("hello"),TEXT("你好"),MB_OK);
}
LRESULT CALLBACK SubclassWndProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_CLOSE:
MessageBox(NULL,TEXT("关不掉关不掉气不气"),TEXT("提醒"),MB_OK);
default:
break;
}
return 0;
}
LRESULT WINAPI GetMsgProc(int nCode,WPARAM wParam,LPARAM lParam){
lpOldProc = (WNDPROC)SetWindowLongPtr(hW,GWLP_WNDPROC,(LONG_PTR)SubclassWndProc);
if(lpOldProc!=NULL)
return TRUE;
else
return FALSE;
}
BOOL WINAPI SetFirstHook(DWORD dwThreadId,HWND hWnd){
g_hHook=SetWindowsHookEx(WH_GETMESSAGE,GetMsgProc,g_hInstance,dwThreadId);
hW=hWnd;
return TRUE;
}
被注入程序:
#include<Windows.h>
int WINAPI WinMain(HINSTANCE,HINSTANCE,PTSTR,int){
MessageBox(NULL,TEXT("alh"),TEXT("alh"),MB_OK);
}
注入程序:
#include<Windows.h>
#include"firstdll.h"
#pragma comment(lib,"FirstDLL.lib")
int WINAPI WinMain(HINSTANCE,HINSTANCE,PTSTR,int){
HWND Wnd=FindWindow(NULL,TEXT("alh"));
if(Wnd==NULL) MessageBox(NULL,TEXT("找不到窗口"),NULL,MB_OK);
else{
SetFirstHook(GetWindowThreadProcessId(Wnd,NULL),Wnd);
MessageBox(NULL,TEXT("注入成功"),NULL,MB_OK);
}
}
...全文
请发表友善的回复…
发表回复
海鸥软件 2018-02-28
- 打赏
- 举报
你注入不成功,还是执行不成功?你确定你导出的函数名没问题吗?你的代码太多 ,有时间给你看一下
