|
@@ -1,118 +1,180 @@
|
|
|
// dllmain.cpp : 定义 DLL 应用程序的入口点。
|
|
// dllmain.cpp : 定义 DLL 应用程序的入口点。
|
|
|
#include "stdafx.h"
|
|
#include "stdafx.h"
|
|
|
|
|
|
|
|
-
|
|
|
|
|
HMODULE g_hModule = NULL;
|
|
HMODULE g_hModule = NULL;
|
|
|
HANDLE hThreadProc = NULL;
|
|
HANDLE hThreadProc = NULL;
|
|
|
|
|
+TCHAR g_szCurModulePath[MAX_PATH] = {0};
|
|
|
|
|
+TCHAR g_szFna[MAX_PATH] = {0};
|
|
|
|
|
+HANDLE g_hPipe = NULL;
|
|
|
|
|
+// 配置文件名称;
|
|
|
|
|
+TCHAR g_szConfigFile[MAX_PATH] = {0};
|
|
|
|
|
+// 配置的窗口名称;
|
|
|
|
|
+TCHAR g_szWindowTitle[MAX_PATH] = {0};
|
|
|
|
|
+// 管道名称;
|
|
|
|
|
+TCHAR g_szPipeName[MAX_PATH] = {0};
|
|
|
|
|
+
|
|
|
|
|
+typedef struct PMSG
|
|
|
|
|
+{
|
|
|
|
|
+ //消息类型;
|
|
|
|
|
+ //消息内容;
|
|
|
|
|
+}
|
|
|
|
|
|
|
|
// 枚举屏幕上的所有顶级窗口
|
|
// 枚举屏幕上的所有顶级窗口
|
|
|
BOOL CALLBACK EnumWndProc(HWND hwnd, LPARAM lParam)
|
|
BOOL CALLBACK EnumWndProc(HWND hwnd, LPARAM lParam)
|
|
|
{
|
|
{
|
|
|
- TCHAR szLog[MAX_PATH] = {0};
|
|
|
|
|
- DWORD dwCurrentProcessId = *((DWORD*)lParam);
|
|
|
|
|
- // 根据进程ID、窗口,获取当前窗口所在线程ID;
|
|
|
|
|
|
|
+ TCHAR szLog[MAX_PATH] = {0};
|
|
|
|
|
+ DWORD dwCurrentProcessId = *((DWORD*)lParam);
|
|
|
|
|
+ // 根据进程ID、窗口,获取当前窗口所在线程ID;
|
|
|
DWORD dwWindProcessId = 0;
|
|
DWORD dwWindProcessId = 0;
|
|
|
- DWORD dwThreadId = GetWindowThreadProcessId(hwnd, &dwWindProcessId);
|
|
|
|
|
|
|
+ DWORD dwThreadId = GetWindowThreadProcessId(hwnd, &dwWindProcessId);
|
|
|
#if _MSC_VER >= 1200 && _MSC_VER < 1500
|
|
#if _MSC_VER >= 1200 && _MSC_VER < 1500
|
|
|
sprintf(szLog, _T("<Injecter> 进程ID=%ld, 窗口进程ID=%ld\n"), dwCurrentProcessId, dwThreadId);
|
|
sprintf(szLog, _T("<Injecter> 进程ID=%ld, 窗口进程ID=%ld\n"), dwCurrentProcessId, dwThreadId);
|
|
|
#else
|
|
#else
|
|
|
_stprintf_s(szLog, _T("<Injecter> 进程ID=%ld, 窗口进程ID=%ld\n"), dwCurrentProcessId, dwThreadId);
|
|
_stprintf_s(szLog, _T("<Injecter> 进程ID=%ld, 窗口进程ID=%ld\n"), dwCurrentProcessId, dwThreadId);
|
|
|
#endif
|
|
#endif
|
|
|
- OutputDebugString(szLog);
|
|
|
|
|
- if ( dwCurrentProcessId == dwWindProcessId && GetParent(hwnd) == NULL ) // GetParent==Null表示主窗口,本来就是找顶级的,有点多余?;
|
|
|
|
|
- {
|
|
|
|
|
- *((HWND*)lParam) = hwnd;
|
|
|
|
|
- // 回调函数调用SetLastError以获取有意义的错误代码,以返回给EnumWindows的调用方
|
|
|
|
|
- SetLastError(10086);
|
|
|
|
|
- // 停止枚举,返回FALSE;
|
|
|
|
|
- return FALSE;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- // 继续枚举,返回TRUE;
|
|
|
|
|
- return TRUE;
|
|
|
|
|
|
|
+ OutputDebugString(szLog);
|
|
|
|
|
+ if ( dwCurrentProcessId == dwWindProcessId && GetParent(hwnd) == NULL ) // GetParent==Null表示主窗口,本来就是找顶级的,有点多余?;
|
|
|
|
|
+ {
|
|
|
|
|
+ *((HWND*)lParam) = hwnd;
|
|
|
|
|
+ // 回调函数调用SetLastError以获取有意义的错误代码,以返回给EnumWindows的调用方
|
|
|
|
|
+ SetLastError(10086);
|
|
|
|
|
+ // 停止枚举,返回FALSE;
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ // 继续枚举,返回TRUE;
|
|
|
|
|
+ return TRUE;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
HWND GetMainWnd()
|
|
HWND GetMainWnd()
|
|
|
{
|
|
{
|
|
|
- TCHAR szLog[MAX_PATH] = {0};
|
|
|
|
|
- // 获取当前DLL所在进程ID;
|
|
|
|
|
- DWORD dwCurrentProcessId = GetCurrentProcessId();
|
|
|
|
|
- // 枚举该进程窗口;
|
|
|
|
|
- EnumWindows(EnumWndProc, (LPARAM)&dwCurrentProcessId);
|
|
|
|
|
- DWORD dwError = GetLastError();
|
|
|
|
|
- if (dwError == 10086)
|
|
|
|
|
- {
|
|
|
|
|
- // 找到窗口句柄;
|
|
|
|
|
- return (HWND)dwCurrentProcessId;
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ TCHAR szLog[MAX_PATH] = {0};
|
|
|
|
|
+ // 获取当前DLL所在进程ID;
|
|
|
|
|
+ DWORD dwCurrentProcessId = GetCurrentProcessId();
|
|
|
|
|
+ // 枚举该进程窗口;
|
|
|
|
|
+ EnumWindows(EnumWndProc, (LPARAM)&dwCurrentProcessId);
|
|
|
|
|
+ DWORD dwError = GetLastError();
|
|
|
|
|
+ if (dwError == 10086)
|
|
|
|
|
+ {
|
|
|
|
|
+ // 找到窗口句柄;
|
|
|
|
|
+ return (HWND)dwCurrentProcessId;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
#if _MSC_VER >= 1200 && _MSC_VER < 1500
|
|
#if _MSC_VER >= 1200 && _MSC_VER < 1500
|
|
|
sprintf(szLog, _T("<Injecter> 进程ID=%ld, 没找到窗口,GetLastError=%ld\n"), dwCurrentProcessId, dwError);
|
|
sprintf(szLog, _T("<Injecter> 进程ID=%ld, 没找到窗口,GetLastError=%ld\n"), dwCurrentProcessId, dwError);
|
|
|
#else
|
|
#else
|
|
|
_stprintf_s(szLog, _T("<Injecter> 进程ID=%ld, 没找到窗口,GetLastError=%ld\n"), dwCurrentProcessId, dwError);
|
|
_stprintf_s(szLog, _T("<Injecter> 进程ID=%ld, 没找到窗口,GetLastError=%ld\n"), dwCurrentProcessId, dwError);
|
|
|
#endif
|
|
#endif
|
|
|
- OutputDebugString(szLog);
|
|
|
|
|
|
|
+ OutputDebugString(szLog);
|
|
|
|
|
|
|
|
- return NULL;
|
|
|
|
|
|
|
+ return NULL;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
DWORD WINAPI WorkThreadProc(LPVOID lParam)
|
|
DWORD WINAPI WorkThreadProc(LPVOID lParam)
|
|
|
{
|
|
{
|
|
|
#ifdef _DEBUG
|
|
#ifdef _DEBUG
|
|
|
- Sleep(20000);
|
|
|
|
|
|
|
+ Sleep(20000);
|
|
|
#endif
|
|
#endif
|
|
|
- TCHAR szLog[MAX_PATH] = {0};
|
|
|
|
|
- TCHAR szWndTitle[MAXBYTE] = {0};
|
|
|
|
|
- // 获取DLL所在窗口句柄;
|
|
|
|
|
- HWND hWnd = GetMainWnd();
|
|
|
|
|
- if ( hWnd == NULL )
|
|
|
|
|
- {
|
|
|
|
|
- OutputDebugString(_T("<Injecter> 没有找到窗口句柄"));
|
|
|
|
|
- FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
|
|
- return 0;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- // 得到窗口名称
|
|
|
|
|
- GetWindowText(hWnd,szWndTitle,sizeof(szWndTitle));
|
|
|
|
|
|
|
+ TCHAR szLog[MAX_PATH] = {0};
|
|
|
|
|
+ TCHAR szWndTitle[MAXBYTE] = {0};
|
|
|
|
|
+ // 获取DLL所在窗口句柄;
|
|
|
|
|
+ HWND hWnd = GetMainWnd();
|
|
|
|
|
+ if ( hWnd == NULL )
|
|
|
|
|
+ {
|
|
|
|
|
+ OutputDebugString(_T("<Injecter> 没有找到窗口句柄"));
|
|
|
|
|
+ FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
|
|
+ return 0;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ // 得到窗口名称
|
|
|
|
|
+ GetWindowText(hWnd,szWndTitle,sizeof(szWndTitle));
|
|
|
#if _MSC_VER >= 1200 && _MSC_VER < 1500
|
|
#if _MSC_VER >= 1200 && _MSC_VER < 1500
|
|
|
sprintf(szLog, _T("找到窗口名称:%s\n"), szWndTitle);
|
|
sprintf(szLog, _T("找到窗口名称:%s\n"), szWndTitle);
|
|
|
#else
|
|
#else
|
|
|
- _stprintf_s(szLog, _T("找到窗口名称:%s\n"), szWndTitle);
|
|
|
|
|
|
|
+ _stprintf_s(szLog, _T("找到窗口名称:%s\n"), szWndTitle);
|
|
|
#endif
|
|
#endif
|
|
|
- OutputDebugString(szLog);
|
|
|
|
|
- //是否名称是计算器
|
|
|
|
|
- if( _tcsstr(szWndTitle, _T("计算器")) )
|
|
|
|
|
- {
|
|
|
|
|
- OutputDebugString(_T("<Injecter> 找到指定窗口!!!"));
|
|
|
|
|
- // 2、创建后台线程;
|
|
|
|
|
- }
|
|
|
|
|
- else
|
|
|
|
|
- {
|
|
|
|
|
- OutputDebugString(_T("<Injecter> 不满足条件,DLL自我卸载!!!"));
|
|
|
|
|
- // 如果不满足条件,DLL自我卸载;
|
|
|
|
|
- FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- return 0;
|
|
|
|
|
|
|
+ OutputDebugString(szLog);
|
|
|
|
|
+ //是否名称是计算器
|
|
|
|
|
+ if( _tcsstr(szWndTitle, g_szWindowTitle) )
|
|
|
|
|
+ {
|
|
|
|
|
+ OutputDebugString(_T("<Injecter> 找到指定窗口!!!"));
|
|
|
|
|
+ // 2、创建后台线程;
|
|
|
|
|
+ MessageBox(NULL, szWndTitle, g_szWindowTitle, MB_OK);
|
|
|
|
|
+#if 1
|
|
|
|
|
+ // 等待连接服务器管道;
|
|
|
|
|
+ if ( WaitNamedPipe(g_szPipeName, NMPWAIT_WAIT_FOREVER) )
|
|
|
|
|
+ {
|
|
|
|
|
+ // 连接成功后,创建客户端管道;
|
|
|
|
|
+ if ( (g_hPipe = CreateFile(g_szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL) ) == INVALID_HANDLE_VALUE )
|
|
|
|
|
+ {
|
|
|
|
|
+ // 创建失败;
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ {
|
|
|
|
|
+ DWORD dwWrite = 0;
|
|
|
|
|
+ TCHAR szValue[MAX_PATH] = {"test pipe"};
|
|
|
|
|
+ if ( WriteFile(g_hPipe, szValue, sizeof(szValue)*sizeof(TCHAR), &dwWrite, NULL ) )
|
|
|
|
|
+ {
|
|
|
|
|
+ // 写完之后,进行读取;
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ {
|
|
|
|
|
+ // 写失败;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ {
|
|
|
|
|
+ // 等待失败;
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
+ }
|
|
|
|
|
+ else
|
|
|
|
|
+ {
|
|
|
|
|
+ OutputDebugString(_T("<Injecter> 不满足条件,DLL自我卸载!!!"));
|
|
|
|
|
+ // 如果不满足条件,DLL自我卸载;
|
|
|
|
|
+ FreeLibraryAndExitThread(g_hModule, 0);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return 0;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
|
|
BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
|
|
|
{
|
|
{
|
|
|
- g_hModule = hModule;
|
|
|
|
|
|
|
+ g_hModule = hModule;
|
|
|
|
|
+#if 1
|
|
|
|
|
+ // 获取dll的目录;
|
|
|
|
|
+ TCHAR szDrive[MAX_PATH] = { 0 };
|
|
|
|
|
+ TCHAR szDir[MAX_PATH] = { 0 };
|
|
|
|
|
+ TCHAR szExt[MAX_PATH] = { 0 };
|
|
|
|
|
+ ::GetModuleFileName(g_hModule, g_szCurModulePath, sizeof(g_szCurModulePath) / sizeof(TCHAR));
|
|
|
|
|
+ _tsplitpath_s(g_szCurModulePath, szDrive, szDir, g_szFna, szExt);
|
|
|
|
|
+ _tcscpy_s(g_szCurModulePath, szDrive);
|
|
|
|
|
+ _tcscat_s(g_szCurModulePath, szDir);
|
|
|
|
|
+ // 设置配置文件;
|
|
|
|
|
+ _stprintf_s(g_szConfigFile, _T("%s%s"), g_szCurModulePath, _T("Assit.ini"));
|
|
|
|
|
+
|
|
|
|
|
+ // 读取配置文件;
|
|
|
|
|
+ TCHAR szValue[MAX_PATH] = {0};
|
|
|
|
|
+ GetPrivateProfileString(_T("Windows"), _T("Title"), _T(""), g_szWindowTitle, MAX_PATH, g_szConfigFile);
|
|
|
|
|
+ GetPrivateProfileString(_T("Pipe"), _T("Name"), _T("Assit"), szValue, MAX_PATH, g_szConfigFile);
|
|
|
|
|
+ _stprintf_s(g_szPipeName, _T("\\\\.\\pipe\\%s"), szValue);
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
switch (ul_reason_for_call)
|
|
switch (ul_reason_for_call)
|
|
|
{
|
|
{
|
|
|
case DLL_PROCESS_ATTACH:
|
|
case DLL_PROCESS_ATTACH:
|
|
|
- {
|
|
|
|
|
- hThreadProc = CreateThread(NULL, 0, WorkThreadProc, NULL, 0, NULL);
|
|
|
|
|
- CloseHandle(hThreadProc);
|
|
|
|
|
- }
|
|
|
|
|
- break;
|
|
|
|
|
|
|
+ {
|
|
|
|
|
+ hThreadProc = CreateThread(NULL, 0, WorkThreadProc, NULL, 0, NULL);
|
|
|
|
|
+ CloseHandle(hThreadProc);
|
|
|
|
|
+ }
|
|
|
|
|
+ break;
|
|
|
case DLL_THREAD_ATTACH:
|
|
case DLL_THREAD_ATTACH:
|
|
|
- break;
|
|
|
|
|
|
|
+ break;
|
|
|
case DLL_THREAD_DETACH:
|
|
case DLL_THREAD_DETACH:
|
|
|
- break;
|
|
|
|
|
|
|
+ break;
|
|
|
case DLL_PROCESS_DETACH:
|
|
case DLL_PROCESS_DETACH:
|
|
|
break;
|
|
break;
|
|
|
}
|
|
}
|
