首页 > 代码库 > Windows挂钩注入DLL
Windows挂钩注入DLL
注入DLL实现源码:
HINSTANCE g_hInstDll = NULL; HHOOK g_hHook = NULL; DWORD g_dwThreadId = 0; #ifdef _MANAGED #pragma managed(push, off) #endif BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: g_hInstDll = (HINSTANCE)hModule; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } #ifdef _MANAGED #pragma managed(pop) #endif INT_PTR WINAPI DipDlg_Proc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { case WM_CLOSE: { DestroyWindow(hWnd); } break; case WM_APP: if (lParam) { ShowWindow(hWnd, SW_SHOW); } break; } return(FALSE); } LRESULT CALLBACK ProcHookMsg(int nCode, WPARAM wp, LPARAM lp) { static BOOL bFirstTime = TRUE; if (bFirstTime) { bFirstTime = FALSE; // 从一个对话框模版资源创建一个无模式的对话框 CreateDialog(g_hInstDll, MAKEINTRESOURCE(IDD_DIPS), NULL, DipDlg_Proc); PostThreadMessage(g_dwThreadId, WM_NULL, 0, 0); } return (CallNextHookEx(g_hHook, nCode, wp, lp)); } // 设置钩子函数 DIPSLIB_API BOOL SetDipsHook(DWORD dThreadId) { BOOL bRet = FALSE; if (dThreadId != 0) { g_dwThreadId = dThreadId; g_hHook = SetWindowsHookEx(WH_GETMESSAGE, ProcHookMsg, g_hInstDll, dThreadId); if (NULL != g_hHook) { bRet = PostThreadMessage(dThreadId, WM_NULL, NULL, NULL); } } else { if (g_hHook != NULL) { bRet = UnhookWindowsHookEx(g_hHook); g_hHook = NULL; } } return bRet; }
代理进程实现源码:
HWND g_DestWindowWnd= NULL;
// 此代码模块中包含的函数的前向声明:
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM);
BOOL CALLBACK ProcEnumChildWindows(HWND hWnd, LPARAM lp)
{
CHAR pBuff[MAX_PATH] = {0};
GetWindowText(hWnd, pBuff, MAX_PATH);
if (0 == strcmp("FolderView", pBuff))
{
g_DestWindowWnd = hWnd;
// 返回0就停止枚举
return 0;
}
return TRUE;
}
int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
// TODO: 在此放置代码。
MSG msg;
HACCEL hAccelTable;
// 初始化全局字符串
LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
LoadString(hInstance, IDC_DIPS, szWindowClass, MAX_LOADSTRING);
MyRegisterClass(hInstance);
// 执行应用程序初始化:
if (!InitInstance (hInstance, nCmdShow))
{
return FALSE;
}
hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_DIPS));
HWND hPromanWnd = FindWindow("ProgMan", NULL);
EnumChildWindows(hPromanWnd, ProcEnumChildWindows, NULL);
DWORD nThreadId, nProcessId;
nThreadId = GetWindowThreadProcessId(g_DestWindowWnd, &nProcessId);
SetDipsHook(nThreadId);
// 主消息循环:
while (GetMessage(&msg, NULL, 0, 0))
{
HWND hWndDIPS = FindWindow(NULL, TEXT("Test Dips"));
SendMessage(hWndDIPS, WM_APP, (WPARAM) g_DestWindowWnd, TRUE);
Sleep(2000);
SendMessage(hWndDIPS, WM_CLOSE, 0, 0);
SetDipsHook(0);
}
return 0;
}
Windows挂钩注入DLL
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。