Windows挂钩注入DLL
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Windows挂钩注入DLL相关的知识,希望对你有一定的参考价值。
注入DLL实现源码:
HINSTANCE g_hInstDll = NULL; HHOOK g_hHook = NULL; DWORD g_dwThreadId = 0; #ifdef _MANAGED #pragma managed(push, off) #endif BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: g_hInstDll = (HINSTANCE)hModule; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #ifdef _MANAGED #pragma managed(pop) #endif INT_PTR WINAPI DipDlg_Proc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { case WM_CLOSE: { DestroyWindow(hWnd); } break; case WM_APP: if (lParam) { ShowWindow(hWnd, SW_SHOW); } break; } return(FALSE); } LRESULT CALLBACK ProcHookMsg(int nCode, WPARAM wp, LPARAM lp) { static BOOL bFirstTime = TRUE; if (bFirstTime) { bFirstTime = FALSE; // 从一个对话框模版资源创建一个无模式的对话框 CreateDialog(g_hInstDll, MAKEINTRESOURCE(IDD_DIPS), NULL, DipDlg_Proc); PostThreadMessage(g_dwThreadId, WM_NULL, 0, 0); } return (CallNextHookEx(g_hHook, nCode, wp, lp)); } // 设置钩子函数 DIPSLIB_API BOOL SetDipsHook(DWORD dThreadId) { BOOL bRet = FALSE; if (dThreadId != 0) { g_dwThreadId = dThreadId; g_hHook = SetWindowsHookEx(WH_GETMESSAGE, ProcHookMsg, g_hInstDll, dThreadId); if (NULL != g_hHook) { bRet = PostThreadMessage(dThreadId, WM_NULL, NULL, NULL); } } else { if (g_hHook != NULL) { bRet = UnhookWindowsHookEx(g_hHook); g_hHook = NULL; } } return bRet; }
代理进程实现源码:
HWND g_DestWindowWnd= NULL; // 此代码模块中包含的函数的前向声明: ATOM MyRegisterClass(HINSTANCE hInstance); BOOL InitInstance(HINSTANCE, int); LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM); INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM); BOOL CALLBACK ProcEnumChildWindows(HWND hWnd, LPARAM lp) { CHAR pBuff[MAX_PATH] = {0}; GetWindowText(hWnd, pBuff, MAX_PATH); if (0 == strcmp("FolderView", pBuff)) { g_DestWindowWnd = hWnd; // 返回0就停止枚举 return 0; } return TRUE; } int APIENTRY _tWinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPTSTR lpCmdLine, int nCmdShow) { UNREFERENCED_PARAMETER(hPrevInstance); UNREFERENCED_PARAMETER(lpCmdLine); // TODO: 在此放置代码。 MSG msg; HACCEL hAccelTable; // 初始化全局字符串 LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING); LoadString(hInstance, IDC_DIPS, szWindowClass, MAX_LOADSTRING); MyRegisterClass(hInstance); // 执行应用程序初始化: if (!InitInstance (hInstance, nCmdShow)) { return FALSE; } hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_DIPS)); HWND hPromanWnd = FindWindow("ProgMan", NULL); EnumChildWindows(hPromanWnd, ProcEnumChildWindows, NULL); DWORD nThreadId, nProcessId; nThreadId = GetWindowThreadProcessId(g_DestWindowWnd, &nProcessId); SetDipsHook(nThreadId); // 主消息循环: while (GetMessage(&msg, NULL, 0, 0)) { HWND hWndDIPS = FindWindow(NULL, TEXT("Test Dips")); SendMessage(hWndDIPS, WM_APP, (WPARAM) g_DestWindowWnd, TRUE); Sleep(2000); SendMessage(hWndDIPS, WM_CLOSE, 0, 0); SetDipsHook(0); } return 0; }
以上是关于Windows挂钩注入DLL的主要内容,如果未能解决你的问题,请参考以下文章