Home
/
repos_assist


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
							// dllmain.cpp : DllMain 的实现。

/*本源码由TC简单软件科技有限公司开源,功能可以自由修改、发布、
长沙简单软件科技有限公司对于源码不做后期维护,,请大家在使用过程中遵循开源协议
*/


#include "stdafx.h"
#include "resource.h"
#include "TSPlug_i.h"
#include "dllmain.h"
#include "DXBind.h"
#include "TSRuntime.h"
#include <psapi.h> 
#pragma comment ( lib, "psapi.lib" )


CTSPlugModule _AtlModule;
TCHAR gDLLFolder[MAX_PATH + 1];
HHOOK g_hSetWindowsHook = NULL;
HMODULE g_hInstance = NULL;
extern bool g_Unbind;
extern HWND g_InjectHWND;
extern HWND g_currentHwnd;
HANDLE g_hthread = NULL;
extern int SySTpye;

//卸载线程
void IMEUnLoadThread(void* para)
{
	while (1)
	{
		if (TSRuntime::pData->InjectType == 204)//203注入
		{
			TSRuntime::pData->InjectType = 205;
			TSRuntime::MyLoadLibrary();
			FreeLibraryAndExitThread(g_hInstance, 0);  //卸载DLL
			return;
		}
		if (g_Unbind == true)	 //等待窗口解绑
		{
			//TSRuntime::add_log( "卸载DLL,InjectType:%d",TSRuntime::pData->InjectType);
			if (TSRuntime::pData->InjectType == 1 || TSRuntime::pData->InjectType == 202 || TSRuntime::pData->InjectType == 205)
			{
				//TSRuntime::add_log( "卸载DLL,InjectType:%d",TSRuntime::pData->InjectType);
				FreeLibraryAndExitThread(g_hInstance, 0);  //卸载DLL
			}
			return;
		}
		//如果注入方进程异常退出,自我解绑,卸载DLL
		if (::IsWindow(g_InjectHWND) == false && g_InjectHWND != NULL)
		{
			if (TSRuntime::pData->InjectType == 0)
			{
				//通知自身窗口解绑
				SendMessage(g_currentHwnd, TS_UNBIND, 0, 0);
				::UnhookWindowsHookEx(g_hSetWindowsHook);
			}
			else
			{
				//通知自身窗口解绑
				SendMessage(g_currentHwnd, TS_UNBIND, 0, 0);
				FreeLibraryAndExitThread(g_hInstance, 0);  //卸载DLL
			}
			return;
		}
		Sleep(10);
		//CString scd;
	}
}

DWORD CALLBACK CBFunA(DWORD calldata1, DWORD calldata2, DWORD calldata3)	//输入法注入回调函数
{
	HINSTANCE my_hInstance = (HINSTANCE)calldata1;  //输入法传入自身DLL基址和自身得到的基址验证后才开启线程
	//TSRuntime::add_log( "IME注入");
	if (my_hInstance)
	{
		if (my_hInstance == g_hInstance)
			g_hthread = (HANDLE)_beginthread(IMEUnLoadThread, 0, 0);//启动线程等待解绑卸载DLL
	}
	return 0;
}

static HMODULE ModuleFromAddress(PVOID pv)
{
	MEMORY_BASIC_INFORMATION mbi;
	if (::VirtualQuery(pv, &mbi, sizeof(mbi)) != 0)
	{
		return (HMODULE)mbi.AllocationBase;
	}
	else
	{
		return NULL;
	}
}

static LRESULT WINAPI GetMsgProc(int code, WPARAM wParam, LPARAM lParam)
{
	return ::CallNextHookEx(g_hSetWindowsHook, code, wParam, lParam);
}

BOOL WINAPI CBFunB(BOOL bInstall, DWORD dwThreadId)
{
	BOOL bOk = FALSE;
	if (bInstall)
	{
		g_hSetWindowsHook = ::SetWindowsHookEx(WH_CALLWNDPROC, GetMsgProc, ModuleFromAddress(GetMsgProc), dwThreadId);
		//TSRuntime::add_log( "g_hSetWindowsHook:%x,PID:%d",GetCurrentProcessId());
		if (g_hSetWindowsHook != NULL)
		{
			bOk = true;
		}
	}
	else
	{
		if (g_hSetWindowsHook)
		{
			//::MessageBox(0,L"Dll Main:UnhookWindowsHookEx",L"TS",0);
			bOk = ::UnhookWindowsHookEx(g_hSetWindowsHook);
		}
	}
	return bOk;
}

// DLL 入口点
extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
		case DLL_PROCESS_ATTACH:
		{
			TSRuntime::InitKeyPressCharMap();
			TSRuntime::InitVirtualToASCIIMap();
			TSRuntime::InitKeyMap();
			TSRuntime::InitKeyPressMap();
			SySTpye = TSRuntime::InitialWindowsVersion();
			g_hInstance = hInstance;
			//wcscpy(gDLLFolder,TSRuntime::GetComPath()); 
			TSRuntime::GetComPath(gDLLFolder);
			//::MessageBox(0,gDLLFolder,L"TS",0);
			char pszMapName[MAX_PATH] = { 0 };
			sprintf(pszMapName, "%s%d", TS_MAPVIEW_NAME, GetCurrentProcessId());
			HANDLE hFileMap = OpenFileMappingA(FILE_MAP_ALL_ACCESS, FALSE, pszMapName);
			//如果hFileMap句柄不为空说明DLL被注入,准备启动注入线程
			if (hFileMap != NULL)
			{
				//::MessageBox(0,L"Dll Main:DLL_PROCESS_ATTACH",L"TS",0);
			   //// 这里先打开共享内存,共享内存和程序是一对一的关系
				CShareMemory* sm = new CShareMemory(pszMapName);
				TSRuntime::pData = (CMessageData*)sm->GetBuffer();
				//// 共享内存的初始化数据是不能为空的,为空就不正常
				if (TSRuntime::pData != NULL)
				{
					if (TSRuntime::pData->InjectType == BIND_201 || TSRuntime::pData->InjectType == BIND_203)//201模式注入
					{
						if (TSRuntime::pData->InjectType == BIND_201)
							TSRuntime::pData->InjectType = 202;
						else if (TSRuntime::pData->InjectType == BIND_203)
							TSRuntime::pData->InjectType = 204;
						//TSRuntime::add_log("201模式注入");
						DWORD InternalCallWinProc_Addr = (DWORD)::GetModuleHandle(L"user32.dll");
						if (SySTpye == 1)//WinXP
							InternalCallWinProc_Addr += USER32InternalCallWinProcXPoffse;
						else if (SySTpye == 2)//Win2003
							InternalCallWinProc_Addr += USER32InternalCallWinProcWin2003offse;
						else if (SySTpye == 4 && TSRuntime::IsWin7X64)//WIN7X64
							InternalCallWinProc_Addr += USER32InternalCallProcWin7x64offse;
						else if (SySTpye == 4)//WIN7X86
							InternalCallWinProc_Addr += USER32InternalCallProcWin7offse;
						else if (SySTpye == 5 && TSRuntime::IsWin8X64)//WIN8X64
							InternalCallWinProc_Addr += USER32InternalCallProcWin8x64offse;
						else if (SySTpye == 5)//WIN8X86
							InternalCallWinProc_Addr += USER32InternalCallProcWin8offse;

						BYTE ori[5] = { 0x55,0x8b,0xec,0x56,0x57 };

						//注入完成还原钩子
						memcpy((void*)InternalCallWinProc_Addr, ori, 5);
						FlushInstructionCache(GetCurrentProcess(), (void*)InternalCallWinProc_Addr, 5);

						////TS_BIND201_NAME
						wchar_t pszEventName[MAX_PATH] = { 0 };
						::wsprintf(pszEventName, L"%s%d", TS_BIND201_NAME, ::GetCurrentProcessId());
						HANDLE picEvent = ::CreateEvent(NULL, TRUE, FALSE, pszEventName);
						::WaitForSingleObject(picEvent, INFINITE);
						::CloseHandle(picEvent);
						g_Unbind = false;

						_beginthread(IMEUnLoadThread, 0, 0);
						if (TSRuntime::pData->InjectType == 202)
							TSRuntime::g_DxObj.hookApi();
					}
					else if (TSRuntime::pData->InjectType != 202 && TSRuntime::pData->InjectType != 204) //// 这里根据传入的模式进行函数拦截,兵起一个检测线程进行检测
					{
						if (TSRuntime::pData->InjectType == 205)//203绑定
							_beginthread(IMEUnLoadThread, 0, 0);
						TSRuntime::g_DxObj.hookApi();
					}
				}
			}
			break;
		}
	}

	return _AtlModule.DllMain(dwReason, lpReserved);
}

TsMutex::TsMutex(char* pszEventName)
{
	//InitializeCriticalSection(&m_mutex);
	hEvent = OpenEventA(EVENT_ALL_ACCESS, false, pszEventName);
	if (hEvent == NULL)
	{
		hEvent = CreateEventA(NULL, FALSE, FALSE, pszEventName);
		::SetEvent(hEvent);
	}
}

TsMutex::~TsMutex()
{
	//DeleteCriticalSection(&m_mutex);
	CloseHandle(hEvent);
}

void TsMutex::lock()
{
	//::WaitForSingleObject(hEvent,INFINITE);
	::WaitForSingleObject(hEvent, 10000);
	//EnterCriticalSection(&m_mutex);
}
void TsMutex::unlock()
{
	::SetEvent(hEvent);
	//LeaveCriticalSection(&m_mutex);
}

TsMutexlock::TsMutexlock(TsMutex* ptcmutex)
{
	m_ptcmutex = ptcmutex;
	m_ptcmutex->lock();
}

TsMutexlock::~TsMutexlock()
{
	m_ptcmutex->unlock();
}