Windows 核心编程之Dll注入

最新推荐文章于 2018-11-23 01:36:02 发布

眼看前方_脚踏实地

最新推荐文章于 2018-11-23 01:36:02 发布

阅读量1.1k

点赞数

分类专栏： windows 核心编程读书笔记文章标签： windows 核心编程 DLL 注入

本文链接：https://blog.csdn.net/allen_windows/article/details/9766169

版权

本文探讨了Windows核心编程中的DLL注入技术，通过示例代码展示如何实现DLL注入，包括创建线程和加载目标DLL到远程进程中。读者可以借此理解DLL注入的基本原理及其在系统操作中的应用。

摘要由CSDN通过智能技术生成

下面写了一个是注册表编辑器DLL注入代码，读取的是右边SysListView 控件的例子

有什么不懂得可以提问，有时间一定解答

DLL 代码对话框的资源，自己添加！

xx.h

// The following ifdef block is the standard way of creating macros which make exporting 
// from a DLL simpler. All files within this DLL are compiled with the DYNAMIC_DLL_EXPORTS
// symbol defined on the command line. this symbol should not be defined on any project
// that uses this DLL. This way any other project whose source files include this file see 
// DYNAMIC_DLL_API functions as being imported from a DLL, whereas this DLL sees symbols
// defined with this macro as being exported.
#ifdef DYNAMIC_DLL_EXPORTS
#define DYNAMIC_DLL_API __declspec(dllexport)
#else
#define DYNAMIC_DLL_API __declspec(dllimport)
#endif

// This class is exported from the dynamic_DLL.dll
class DYNAMIC_DLL_API Cdynamic_DLL {
public:
	Cdynamic_DLL(void);
	// TODO: add your methods here.
};

extern DYNAMIC_DLL_API int ndynamic_DLL;


DYNAMIC_DLL_API int fndynamic_DLL(void);

extern "C" DYNAMIC_DLL_API BOOL SetDIPSHook(DWORD dwThreadId);

xx.cpp

// dynamic_DLL.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include "dynamic_DLL.h"
#include <stdio.h>
#include <winbase.h>
#include <Windows.h>
#include <WindowsX.h>
#include <assert.h>
#include "resource.h"
#include <atldef.h>
#include <CommCtrl.h>

#ifdef _MANAGED
#pragma managed(push, off)
#endif


#pragma data_seg("Shared")
HHOOK g_hHook = NULL;
DWORD g_dwThreadIdDIPS = 0;
#pragma data_seg()

// Instruct the linker to make the Shared section
// readable, writable, and shared.
#pragma comment(linker, "/section:Shared,rws")


HINSTANCE g_hInstDll = NULL;


BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{

	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		g_hInstDll = hModule;
		printf("process_attach\n");
		break;
	case DLL_THREAD_ATTACH:
		printf("thread_attach\n");
		break;
	case DLL_THREAD_DETACH:
		printf("thread_detach\n");
		break;
	case DLL_PROCESS_DETACH:
		printf("process_detach\n");
		break;
	}
    return TRUE;
}

#ifdef _MANAGED
#pragma managed(pop)
#endif

// This is an example of an exported variable
DYNAMIC_DLL_API int ndynamic_DLL=0;

// This is an example of an exported function.
DYNAMIC_DLL_API int fndynamic_DLL(void)
{
	return 42;
}

// This is the constructor of a class that has been exported.
// see dynamic_DLL.h for the class definition
Cdynamic_DLL::Cdynamic_DLL()
{
	return;
}

int MyAdd(int a,int b)
{
	
	return a + b;
}

int MyTest()
{
	return 10;
}
BOOL CALLBACK Dlg_Proc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
	HWND hsysList =NULL;
	TCHAR buf[256]={0};
	HTREEITEM itemChild,Itemtwo,ItemThree;
	HTREEITEM itemRoot;
	TVITEMEX iteminfo;
	TCHAR temBuf[512];

	DWORD dwLen = 0;
	BOOL brs;

	switch(message)
	{
	case WM_APP:
		hsysList = (HWND)wParam;
		{
			DWORD dwMax = ListView_GetItemCount(hsysList);
			for (DWORD i=0; i < dwMax; ++i)
			{
				TCHAR Name[256] &#