Windows掛鈎注入DLL

標籤：ati   pcm   source   har   ext   thread   register   ids   ssi   

注入DLL實現源碼：
HINSTANCE g_hInstDll = NULL;HHOOK g_hHook = NULL;DWORD g_dwThreadId = 0;#ifdef _MANAGED#pragma managed(push, off)#endifBOOL APIENTRY DllMain( HMODULE hModule,                       DWORD  ul_reason_for_call,                       LPVOID lpReserved ){switch (ul_reason_for_call){case DLL_PROCESS_ATTACH:g_hInstDll = (HINSTANCE)hModule;case DLL_THREAD_ATTACH:case DLL_THREAD_DETACH:case DLL_PROCESS_DETACH:break;}    return TRUE;}#ifdef _MANAGED#pragma managed(pop)#endifINT_PTR WINAPI DipDlg_Proc(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {switch (uMsg) {case WM_CLOSE:{DestroyWindow(hWnd);}break;case WM_APP:if (lParam) {ShowWindow(hWnd, SW_SHOW);}break;}return(FALSE);}LRESULT CALLBACK ProcHookMsg(int nCode, WPARAM wp, LPARAM lp){static BOOL bFirstTime = TRUE;if (bFirstTime){bFirstTime = FALSE;// 從一個對話方塊模版資源建立一個無模式的對話方塊CreateDialog(g_hInstDll, MAKEINTRESOURCE(IDD_DIPS), NULL, DipDlg_Proc);PostThreadMessage(g_dwThreadId, WM_NULL, 0, 0);}return (CallNextHookEx(g_hHook, nCode, wp, lp));}// 設定鉤子函數DIPSLIB_API BOOL SetDipsHook(DWORD dThreadId){BOOL bRet = FALSE;if (dThreadId != 0){g_dwThreadId = dThreadId;g_hHook = SetWindowsHookEx(WH_GETMESSAGE, ProcHookMsg, g_hInstDll, dThreadId);if (NULL != g_hHook){bRet = PostThreadMessage(dThreadId, WM_NULL, NULL, NULL);}}else{if (g_hHook != NULL){bRet = UnhookWindowsHookEx(g_hHook);g_hHook = NULL;}}return bRet;}
代理進程實現源碼：

HWND g_DestWindowWnd= NULL;// 此代碼模組中包含的函數的前向聲明:ATOMMyRegisterClass(HINSTANCE hInstance);BOOLInitInstance(HINSTANCE, int);LRESULT CALLBACKWndProc(HWND, UINT, WPARAM, LPARAM);INT_PTR CALLBACKAbout(HWND, UINT, WPARAM, LPARAM);BOOL CALLBACK ProcEnumChildWindows(HWND hWnd, LPARAM lp){CHAR pBuff[MAX_PATH] = {0};GetWindowText(hWnd, pBuff, MAX_PATH);if (0 == strcmp("FolderView", pBuff)){g_DestWindowWnd = hWnd;// 返回0就停止枚舉return 0;    }return TRUE;}int APIENTRY _tWinMain(HINSTANCE hInstance,                     HINSTANCE hPrevInstance,                     LPTSTR    lpCmdLine,                     int       nCmdShow){UNREFERENCED_PARAMETER(hPrevInstance);UNREFERENCED_PARAMETER(lpCmdLine); // TODO: 在此放置代碼。MSG msg;HACCEL hAccelTable;// 初始化全域字串LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);LoadString(hInstance, IDC_DIPS, szWindowClass, MAX_LOADSTRING);MyRegisterClass(hInstance);// 執行應用程式初始化:if (!InitInstance (hInstance, nCmdShow)){return FALSE;}hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_DIPS));HWND hPromanWnd = FindWindow("ProgMan", NULL);EnumChildWindows(hPromanWnd, ProcEnumChildWindows, NULL);DWORD nThreadId, nProcessId;nThreadId = GetWindowThreadProcessId(g_DestWindowWnd, &nProcessId);SetDipsHook(nThreadId);// 主訊息迴圈:while (GetMessage(&msg, NULL, 0, 0)){HWND hWndDIPS = FindWindow(NULL, TEXT("Test Dips"));SendMessage(hWndDIPS, WM_APP, (WPARAM) g_DestWindowWnd, TRUE);Sleep(2000);SendMessage(hWndDIPS, WM_CLOSE, 0, 0);SetDipsHook(0); }return 0;}

　　

　　

Windows掛鈎注入DLL