123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 |
- // dllmain.cpp : DllMain 的实现。
- /*本源码由TC简单软件科技有限公司开源,功能可以自由修改、发布、
- 长沙简单软件科技有限公司对于源码不做后期维护,,请大家在使用过程中遵循开源协议
- */
- #include "stdafx.h"
- #include "resource.h"
- #include "TSPlug_i.h"
- #include "dllmain.h"
- #include "DXBind.h"
- #include "TSRuntime.h"
- #include <psapi.h>
- #pragma comment ( lib, "psapi.lib" )
- CTSPlugModule _AtlModule;
- TCHAR gDLLFolder[MAX_PATH + 1];
- HHOOK g_hSetWindowsHook = NULL;
- HMODULE g_hInstance = NULL;
- extern bool g_Unbind;
- extern HWND g_InjectHWND;
- extern HWND g_currentHwnd;
- HANDLE g_hthread = NULL;
- extern int SySTpye;
- //卸载线程
- void IMEUnLoadThread(void* para)
- {
- while (1)
- {
- if (TSRuntime::pData->InjectType == 204)//203注入
- {
- TSRuntime::pData->InjectType = 205;
- TSRuntime::MyLoadLibrary();
- FreeLibraryAndExitThread(g_hInstance, 0); //卸载DLL
- return;
- }
- if (g_Unbind == true) //等待窗口解绑
- {
- //TSRuntime::add_log( "卸载DLL,InjectType:%d",TSRuntime::pData->InjectType);
- if (TSRuntime::pData->InjectType == 1 || TSRuntime::pData->InjectType == 202 || TSRuntime::pData->InjectType == 205)
- {
- //TSRuntime::add_log( "卸载DLL,InjectType:%d",TSRuntime::pData->InjectType);
- FreeLibraryAndExitThread(g_hInstance, 0); //卸载DLL
- }
- return;
- }
- //如果注入方进程异常退出,自我解绑,卸载DLL
- if (::IsWindow(g_InjectHWND) == false && g_InjectHWND != NULL)
- {
- if (TSRuntime::pData->InjectType == 0)
- {
- //通知自身窗口解绑
- SendMessage(g_currentHwnd, TS_UNBIND, 0, 0);
- ::UnhookWindowsHookEx(g_hSetWindowsHook);
- }
- else
- {
- //通知自身窗口解绑
- SendMessage(g_currentHwnd, TS_UNBIND, 0, 0);
- FreeLibraryAndExitThread(g_hInstance, 0); //卸载DLL
- }
- return;
- }
- Sleep(10);
- //CString scd;
- }
- }
- DWORD CALLBACK CBFunA(DWORD calldata1, DWORD calldata2, DWORD calldata3) //输入法注入回调函数
- {
- HINSTANCE my_hInstance = (HINSTANCE)calldata1; //输入法传入自身DLL基址和自身得到的基址验证后才开启线程
- //TSRuntime::add_log( "IME注入");
- if (my_hInstance)
- {
- if (my_hInstance == g_hInstance)
- g_hthread = (HANDLE)_beginthread(IMEUnLoadThread, 0, 0);//启动线程等待解绑卸载DLL
- }
- return 0;
- }
- static HMODULE ModuleFromAddress(PVOID pv)
- {
- MEMORY_BASIC_INFORMATION mbi;
- if (::VirtualQuery(pv, &mbi, sizeof(mbi)) != 0)
- {
- return (HMODULE)mbi.AllocationBase;
- }
- else
- {
- return NULL;
- }
- }
- static LRESULT WINAPI GetMsgProc(int code, WPARAM wParam, LPARAM lParam)
- {
- return ::CallNextHookEx(g_hSetWindowsHook, code, wParam, lParam);
- }
- BOOL WINAPI CBFunB(BOOL bInstall, DWORD dwThreadId)
- {
- BOOL bOk = FALSE;
- if (bInstall)
- {
- g_hSetWindowsHook = ::SetWindowsHookEx(WH_CALLWNDPROC, GetMsgProc, ModuleFromAddress(GetMsgProc), dwThreadId);
- //TSRuntime::add_log( "g_hSetWindowsHook:%x,PID:%d",GetCurrentProcessId());
- if (g_hSetWindowsHook != NULL)
- {
- bOk = true;
- }
- }
- else
- {
- if (g_hSetWindowsHook)
- {
- //::MessageBox(0,L"Dll Main:UnhookWindowsHookEx",L"TS",0);
- bOk = ::UnhookWindowsHookEx(g_hSetWindowsHook);
- }
- }
- return bOk;
- }
- // DLL 入口点
- extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
- {
- switch (dwReason)
- {
- case DLL_PROCESS_ATTACH:
- {
- TSRuntime::InitKeyPressCharMap();
- TSRuntime::InitVirtualToASCIIMap();
- TSRuntime::InitKeyMap();
- TSRuntime::InitKeyPressMap();
- SySTpye = TSRuntime::InitialWindowsVersion();
- g_hInstance = hInstance;
- //wcscpy(gDLLFolder,TSRuntime::GetComPath());
- TSRuntime::GetComPath(gDLLFolder);
- //::MessageBox(0,gDLLFolder,L"TS",0);
- char pszMapName[MAX_PATH] = { 0 };
- sprintf(pszMapName, "%s%d", TS_MAPVIEW_NAME, GetCurrentProcessId());
- HANDLE hFileMap = OpenFileMappingA(FILE_MAP_ALL_ACCESS, FALSE, pszMapName);
- //如果hFileMap句柄不为空说明DLL被注入,准备启动注入线程
- if (hFileMap != NULL)
- {
- //::MessageBox(0,L"Dll Main:DLL_PROCESS_ATTACH",L"TS",0);
- //// 这里先打开共享内存,共享内存和程序是一对一的关系
- CShareMemory* sm = new CShareMemory(pszMapName);
- TSRuntime::pData = (CMessageData*)sm->GetBuffer();
- //// 共享内存的初始化数据是不能为空的,为空就不正常
- if (TSRuntime::pData != NULL)
- {
- if (TSRuntime::pData->InjectType == BIND_201 || TSRuntime::pData->InjectType == BIND_203)//201模式注入
- {
- if (TSRuntime::pData->InjectType == BIND_201)
- TSRuntime::pData->InjectType = 202;
- else if (TSRuntime::pData->InjectType == BIND_203)
- TSRuntime::pData->InjectType = 204;
- //TSRuntime::add_log("201模式注入");
- DWORD InternalCallWinProc_Addr = (DWORD)::GetModuleHandle(L"user32.dll");
- if (SySTpye == 1)//WinXP
- InternalCallWinProc_Addr += USER32InternalCallWinProcXPoffse;
- else if (SySTpye == 2)//Win2003
- InternalCallWinProc_Addr += USER32InternalCallWinProcWin2003offse;
- else if (SySTpye == 4 && TSRuntime::IsWin7X64)//WIN7X64
- InternalCallWinProc_Addr += USER32InternalCallProcWin7x64offse;
- else if (SySTpye == 4)//WIN7X86
- InternalCallWinProc_Addr += USER32InternalCallProcWin7offse;
- else if (SySTpye == 5 && TSRuntime::IsWin8X64)//WIN8X64
- InternalCallWinProc_Addr += USER32InternalCallProcWin8x64offse;
- else if (SySTpye == 5)//WIN8X86
- InternalCallWinProc_Addr += USER32InternalCallProcWin8offse;
- BYTE ori[5] = { 0x55,0x8b,0xec,0x56,0x57 };
- //注入完成还原钩子
- memcpy((void*)InternalCallWinProc_Addr, ori, 5);
- FlushInstructionCache(GetCurrentProcess(), (void*)InternalCallWinProc_Addr, 5);
- ////TS_BIND201_NAME
- wchar_t pszEventName[MAX_PATH] = { 0 };
- ::wsprintf(pszEventName, L"%s%d", TS_BIND201_NAME, ::GetCurrentProcessId());
- HANDLE picEvent = ::CreateEvent(NULL, TRUE, FALSE, pszEventName);
- ::WaitForSingleObject(picEvent, INFINITE);
- ::CloseHandle(picEvent);
- g_Unbind = false;
- _beginthread(IMEUnLoadThread, 0, 0);
- if (TSRuntime::pData->InjectType == 202)
- TSRuntime::g_DxObj.hookApi();
- }
- else if (TSRuntime::pData->InjectType != 202 && TSRuntime::pData->InjectType != 204) //// 这里根据传入的模式进行函数拦截,兵起一个检测线程进行检测
- {
- if (TSRuntime::pData->InjectType == 205)//203绑定
- _beginthread(IMEUnLoadThread, 0, 0);
- TSRuntime::g_DxObj.hookApi();
- }
- }
- }
- break;
- }
- }
- return _AtlModule.DllMain(dwReason, lpReserved);
- }
- TsMutex::TsMutex(char* pszEventName)
- {
- //InitializeCriticalSection(&m_mutex);
- hEvent = OpenEventA(EVENT_ALL_ACCESS, false, pszEventName);
- if (hEvent == NULL)
- {
- hEvent = CreateEventA(NULL, FALSE, FALSE, pszEventName);
- ::SetEvent(hEvent);
- }
- }
- TsMutex::~TsMutex()
- {
- //DeleteCriticalSection(&m_mutex);
- CloseHandle(hEvent);
- }
- void TsMutex::lock()
- {
- //::WaitForSingleObject(hEvent,INFINITE);
- ::WaitForSingleObject(hEvent, 10000);
- //EnterCriticalSection(&m_mutex);
- }
- void TsMutex::unlock()
- {
- ::SetEvent(hEvent);
- //LeaveCriticalSection(&m_mutex);
- }
- TsMutexlock::TsMutexlock(TsMutex* ptcmutex)
- {
- m_ptcmutex = ptcmutex;
- m_ptcmutex->lock();
- }
- TsMutexlock::~TsMutexlock()
- {
- m_ptcmutex->unlock();
- }
|