MFC creates DLL link libraries with Windows. Window is non modal window

Language: VS2008

Code implementation features: Create an MFC Regular DLL link library. Requires that the link library be injected into the target city to bring up the MFC window inside the DLL. The target process is a third-party process program

Steps:

1, create the project->MFC Dll;

2. Add the Dialog dialog resource to the auto-generated project code.

3, adding a window class for the dialog resource

4, declare an outbound window function. startmythread. This function can be exported or exported without the need for a prefix:. This function is used for the remote thread invocation in its own program createremotethread. use extern "C" __declspec (dllexpot);

5, in Startmythread Call:: CreateThread () function to create the thread. This thread implements the code inside the function thr for creating windows and message loops.

6. Creating a non-modal window void Showtreedlg ()
{
= (HWND) 329282;
HWND Hmainwnd=findwindowa ("#32770", "checkmydriver");//Get the main window handle of the target process by traversing the window
HWND Hmainwnd=gethwndbyprocessid (GetCurrentProcessId ());//Gets the target main window process through the process. Note: GetCurrentProcessId is the target process PID
if (hmainwnd!=0)
{
Char a[10]={0};

Itoa (ULONG) (hmainwnd,a,10);

MessageBoxA (NULL, (LPSTR) A, "", 0);

}
Else
{
MessageBoxA (NULL, "Call failed", "", 0);
Return
}

Afx_manage_state (AfxGetStaticModuleState ());//This sentence is essential

Cdlg=new Cmdlg;
CWnd *pmainwnd=cwnd::fromhandle (Hmainwnd);
ASSERT (pMainWnd);
BOOL retvalue=cdlg->create (Idd_dialog1,pmainwnd);
if (!retvalue)
{
MessageBoxA (NULL, "error", "1", mb_okcancel);
}
Cdlg->showwindow (Sw_show);



}

7, thread function THR implementation

THR ()

{

Showtreedlg ();

MSG msg;//message loop if the DLL host program calls a program for itself, the message loop can be unwanted if the host program is a third-party process if no message loop is called after the window is rolled back.
while (GetMessage (&msg, NULL, 0, 0))
{
TranslateMessage (&MSG);
DispatchMessage (&MSG);
}

}

8, when your own program is injected into the DLL remotely, you need to load the window via Startmythread Remote Call this function. So you need to pass the Startmythread function address to your program.

Incoming method: using::P ostmeaage (hwnd,message,w,l). HWND can be obtained by FindWindow. The message type needs to be defined by itself. Wm_user the message value above.

Why not use SendMessage. I exe program and DLL program will be stuck.

9 put the implementation code in the 8 inside the cmyapp::initinstance (). The EXE program will receive the Startmythread function address. Then call it through CreateRemoteThread.

Note the issue:

1, why create the window to be placed in the thread. Because the message loop behind the thread is not placed, the DLL will die. Thus the entire process is unresponsive.

2, why not put startmythead directly on the INITINSTATCE call. Because creating a thread dll inside it will also get stuck.

It looks like a simple DLL window call took two days to fix. The novice can't afford to hurt himself.