|
|
@@ -3,39 +3,101 @@
|
|
|
|
|
|
|
|
|
HMODULE g_hModule = NULL;
|
|
|
-DWORD WINAPI ThreadProc(LPVOID lParam)
|
|
|
+HANDLE hThreadProc = NULL;
|
|
|
+
|
|
|
+// 枚举屏幕上的所有顶级窗口
|
|
|
+BOOL CALLBACK EnumWndProc(HWND hwnd, LPARAM lParam)
|
|
|
+{
|
|
|
+ DWORD dwCurrentProcessId = *((DWORD*)lParam);
|
|
|
+ // 根据进程ID、窗口,获取当前窗口所在线程ID;
|
|
|
+ DWORD dwThreadProcessId = GetWindowThreadProcessId(hwnd, &dwCurrentProcessId);
|
|
|
+ if ( dwCurrentProcessId == dwThreadProcessId && GetParent(hwnd) == NULL ) // GetParent==Null表示主窗口,本来就是找顶级的,有点多余?;
|
|
|
+ {
|
|
|
+ *((HWND*)lParam) = hwnd;
|
|
|
+ // 回调函数调用SetLastError以获取有意义的错误代码,以返回给EnumWindows的调用方
|
|
|
+ SetLastError(10086);
|
|
|
+ // 停止枚举,返回FALSE;
|
|
|
+ return FALSE;
|
|
|
+ }
|
|
|
+
|
|
|
+ // 继续枚举,返回TRUE;
|
|
|
+ return TRUE;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+HWND GetMainWnd()
|
|
|
+{
|
|
|
+ // 获取当前DLL所在进程ID;
|
|
|
+ DWORD dwCurrentProcessId = GetCurrentProcessId();
|
|
|
+ // 枚举该进程窗口;
|
|
|
+ EnumWindows(EnumWndProc, (LPARAM)&dwCurrentProcessId);
|
|
|
+ if (GetLastError() == 10086)
|
|
|
+ {
|
|
|
+ // 找到窗口句柄;
|
|
|
+ return (HWND)dwCurrentProcessId;
|
|
|
+ }
|
|
|
+
|
|
|
+ return NULL;
|
|
|
+}
|
|
|
+
|
|
|
+DWORD WINAPI WorkThreadProc(LPVOID lParam)
|
|
|
{
|
|
|
// 工作线程;
|
|
|
+ TCHAR szWndTitle[MAXBYTE] = {0};
|
|
|
+ // 获取DLL所在窗口句柄;
|
|
|
+ HWND hWnd = GetMainWnd();
|
|
|
+ // 得到窗口名称
|
|
|
+ GetWindowText(hWnd,szWndTitle,sizeof(szWndTitle));
|
|
|
+ //是否名称是计算器
|
|
|
+ if( 0 == _tcscmp(szWndTitle, _T("计算器")) )
|
|
|
+ {
|
|
|
+ OutputDebugString(_T("<Injecter> 找到指定窗口!!!"));
|
|
|
+ // 2、创建后台线程;
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ OutputDebugString(_T("<Injecter> 如果不满足条件,DLL自我卸载!!!"));
|
|
|
+ // 如果不满足条件,DLL自我卸载;
|
|
|
+ FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
+ }
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-BOOL APIENTRY DllMain( HMODULE hModule,
|
|
|
- DWORD ul_reason_for_call,
|
|
|
- LPVOID lpReserved
|
|
|
- )
|
|
|
+
|
|
|
+BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
|
|
|
{
|
|
|
g_hModule = hModule;
|
|
|
- HANDLE hThreadProc = NULL;
|
|
|
switch (ul_reason_for_call)
|
|
|
{
|
|
|
case DLL_PROCESS_ATTACH:
|
|
|
- // DLL注入,都在该Case下完成任务;
|
|
|
- // 1、准备工作;
|
|
|
- if ( true )
|
|
|
{
|
|
|
- // 2、创建后台线程;
|
|
|
- OutputDebugString(_T("<InjectionDll> Injection!!!"));
|
|
|
- hThreadProc = CreateThread(NULL, 0, ThreadProc, NULL, 0, NULL);
|
|
|
+ hThreadProc = CreateThread(NULL, 0, WorkThreadProc, NULL, 0, NULL);
|
|
|
CloseHandle(hThreadProc);
|
|
|
+
|
|
|
+ TCHAR szWndTitle[MAXBYTE] = {0};
|
|
|
+ // 获取DLL所在窗口句柄;
|
|
|
+ HWND hWnd = GetMainWnd();
|
|
|
+ // 得到窗口名称
|
|
|
+ GetWindowText(hWnd,szWndTitle,sizeof(szWndTitle));
|
|
|
+ //是否名称是计算器
|
|
|
+ if( 0 == _tcscmp(szWndTitle, _T("计算器")) )
|
|
|
+ {
|
|
|
+ OutputDebugString(_T("<Injecter> 找到指定窗口!!!"));
|
|
|
+ // 2、创建后台线程;
|
|
|
+ }
|
|
|
+ else
|
|
|
+ {
|
|
|
+ OutputDebugString(_T("<Injecter> 如果不满足条件,DLL自我卸载!!!"));
|
|
|
+ // 如果不满足条件,DLL自我卸载;
|
|
|
+ FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
+ }
|
|
|
}
|
|
|
- else
|
|
|
- {
|
|
|
- // 如果不满足条件,DLL自我卸载;
|
|
|
- FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
- }
|
|
|
+ break;
|
|
|
case DLL_THREAD_ATTACH:
|
|
|
+ break;
|
|
|
case DLL_THREAD_DETACH:
|
|
|
+ break;
|
|
|
case DLL_PROCESS_DETACH:
|
|
|
break;
|
|
|
}
|
