DLL injection--Set message hooks

Source: Internet
Author: User

By setting the message hook to achieve the same purpose as DLL injection, but this method and other DLL injection method is not the same, it will not load its own DLL into the target process, so it does not come to the hidden DLL, so it is easy to be killed soft kill off, pro-Test 360 seconds to kill, But the implementation is simple and there is a considerable application scenario, the following is a general message to check the main function, it will be the key message hook function SetWindowsHookEx function into the DLL, through the DLL call to implement the message check, because this logic is relatively simple, here is not detailed, directly paste code.

#include "stdafx.h"
#include "windows.h"
#define Def_dll_name "Keyhook_con.dll"
#define Def_hookstart " Hookstart "
#define DEF_HOOKSTOP" hookstop "
typedef void (*pfn_hookstart) ();
typedef void (*pfn_hookstop) ();

void _tmain (int argc, _tchar* argv[])
{
    hmodule hdll = NULL;
    Pfn_hookstart Hookstart = NULL;
    Pfn_hookstop  hookstop = NULL;
    hDLL = LoadLibraryA (def_dll_name);
    Gets the exported function address
    hookstart= (pfn_hookstart) GetProcAddress (Hdll,def_hookstart);
    Hookstop = (pfn_hookstop) GetProcAddress (hdll,def_hookstop);
    Start to tick
    Hookstart ();
    Wait for user input "q" to end
    printf ("Press Q to Quit\n");
    while (GetChar ()! = ' Q ');

    Terminate the
    hookstop ();

    Uninstall KeyHook.dll
    FreeLibrary (hdll);

}

The following is a DLL function

#include "stdafx.h" #include "stdio.h" #include "windows.h" #define Def_process_name "notepad.exe" HInstance g_hinstance
= NULL;
Hhook G_hhook =null;
HWND G_hwnd = NULL; 
    #ifdef _DEBUG #define NEW debug_new #endif BOOL WINAPI DllMain (hinstance hinstDLL, DWORD dwreason, LPVoid lpreserved) {
        Switch (dwreason) {case dll_process_attach:g_hinstance = hinstDLL;
    Break
} return TRUE;
    } LRESULT CALLBACK keyboardproc (int ncode,wparam wparam,lparam LPARAM) {char szpath[max_path]={0,};
    char *p = NULL; if (! (
        lparam&0x80000000)) {GetModuleFileNameA (Null,szpath,max_path);

        p = strrchr (szpath, ' \ \ '); Compare the current process name to notepad.exe the message will not be passed to the application (or the next hook) if (!strcmp (p+1,def_process_name)) {//When I run the WIN10 64-bit machine
            , it is easy to find that the target process card//live, do not know what the reason, and the XP 32 bit does not have this phenomenon printf ("Notepad keyboard message has been intercepted \ n");
        return 1; }}//If not Notepad.exe, call the CallNextHookEx () function, pass the message to the application or the next hook returnNexthookex (G_hhook,ncode,wparam,lparam);  } #ifdef __cplusplus extern "C" {#endif __declspec (dllexport) void Hookstart () {//key function of this one, install message hooks G_hhook

    = SetWindowsHookEx (wh_keyboard,keyboardproc,g_hinstance,0); 
            } __declspec (dllexport) void Hookstop () {if (G_hhook) {UnhookWindowsHookEx (G_hhook);
        G_hhook =null; }} #ifdef __cplusplus} #endif

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.