我正在尝试运行一个程序,它可以将一个dll注入到正在运行的exe中,并且从那个dll我想运行一个与WndProc()相同的函数来控制运行exe.Basically我想运行GetMessage()正在运行的exe。
这是我的dll注入代码。
#include<iostream>
#include<conio.h>
#include<Windows.h>
void main()
{
DWORD procId;
HWND runningWndHandle,dllWnd;
HANDLE hProcess=NULL;
char *myDll=new char[200];
myDll="C:\\Users\\User\\Documents\\Visual Studio 2010\\Projects\\C# learning\\myDll\\Debug\\myDll.dll";
runningWndHandle=FindWindow(NULL,"Form1");
GetWindowThreadProcessId(runningWndHandle,&procId);
//open process with all access
hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,procId);
//allocate some space or memory for dll path
LPVOID DllVirtLoc=VirtualAllocEx(hProcess,0,strlen(myDll),(DWORD)0x1000,(DWORD)0x04);
//write dll path to newly allocated space
WriteProcessMemory(hProcess,DllVirtLoc,myDll,strlen(myDll),NULL);
//call Load library with our dllpath as arg from dummy space
CreateRemoteThread(hProcess,NULL,NULL,(LPTHREAD_START_ROUTINE)GetProcAddress((HMODULE)GetModuleHandle("kernel32.dll"),(LPCSTR)"LoadLibraryA"),(LPVOID)DllVirtLoc,NULL,NULL);
//test connection to Dll
while((dllWnd=FindWindowEx(NULL,NULL,"HOOK from HOME","FIND ME"))==0)
Sleep(250);
PostMessageA(dllWnd,0x1111,0,0);
//create a thread for return messages
system("PAUSE");
return ;
}
this code works properly but the dll is creating some problems.
this is my dll code
// dllmain.cpp : Defines the entry point for the DLL application.
#include <Windows.h>
LRESULT CALLBACK WndProc ( HWND, UINT, WPARAM, LPARAM ) ;
HINSTANCE hInst ;
void func(HINSTANCE hInstance, int nCmdShow, char* pTitle)
{
char classname[ ] = "MyWindowClass" ;
HWND hWnd ;
WNDCLASSEX wcex ;
wcex.cbSize = sizeof ( WNDCLASSEX ) ;
wcex.style = CS_HREDRAW | CS_VREDRAW ;
wcex.lpfnWndProc = ( WNDPROC ) WndProc ;
wcex.cbClsExtra = 0 ;
wcex.cbWndExtra = 0 ;
wcex.hInstance = hInstance ;
wcex.hIcon = NULL ;
wcex.hCursor = LoadCursor ( NULL, IDC_ARROW ) ;
wcex.hbrBackground = ( HBRUSH )( COLOR_WINDOW + 1 ) ;
wcex.lpszMenuName = NULL ;
wcex.lpszClassName =(LPCWSTR)classname ;
wcex.hIconSm = NULL ;
if ( !RegisterClassEx ( &wcex ) )
return;
hInst = hInstance ; // Store instance handle in our global variable
hWnd = CreateWindow ((LPCWSTR) classname, (LPCWSTR)pTitle,
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, NULL,
NULL, hInstance, NULL ) ;
if ( !hWnd )
return ;
ShowWindow ( hWnd, nCmdShow ) ;
UpdateWindow ( hWnd ) ;
MSG msg;
while(GetMessage(&msg,0,0,0))
DispatchMessage(&msg);
return ;
}
LRESULT CALLBACK WndProc ( HWND hWnd, UINT message,WPARAM wParam, LPARAM lParam )
{
switch ( message )
{
case WM_DESTROY :
MessageBox(0,L"I WONT LET YOU CLOSE",L"MESSAGE",0);;
break ;
default :
return DefWindowProc ( hWnd, message, wParam, lParam ) ;
}
return 0 ;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if(ul_reason_for_call==DLL_PROCESS_ATTACH)
{
//MessageBox(0,L"HELLo FROM INJECTED CODE",L"MESSAGE ",0);
func((HINSTANCE)hModule,0,"MY WINDOW");
}
}
我想运行函数&#34; func()&#34;从那里想要执行wndproc()到运行exe的GetMessages.Now问题是CreateWindow()返回一个NULL值,而且它上面没有进入WndProc()并且它使得运行的exe不可访问(挂)。 有什么方法可以运行WNDPROC()并从运行窗口获取消息??
答案 0 :(得分:0)
你不应该在DllMain中创建一个窗口,你将冒着加载器锁的死锁风险。 Some reasons not to do anything scary in your DllMain
您应该在GetLastError无法找到原因之后立即致电CreateWindow。看起来你正在编译定义了UNICODE的.DLL,但你到处都在使用窄字符串并转换为LPCWSTR,不要这样做!你的代码中应该有很少的强制转换。仅在您的案例中转换GetProcAddress的返回值。字符串应以L为前缀,或将所有内容编译为ANSI。
在Codeprojects和其他网站上应该有大量的dll注入示例,它们展示了如何在DllMain之外调用函数。草率的方法是在GetExitCodeThread之后的第一个线程上使用WaitForSingleObject,然后创建另一个远程线程,因为您现在拥有在远程进程中计算func地址所需的信息(本地GetProcAddress - 本地LoadLibrary +远程LoadLibrary)。 This article应该让你开始。
注射后你可以subclass the window。