Reverse
/
repos_assist


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
							// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"

HMODULE g_hModule = NULL;
HANDLE hThreadProc = NULL;
TCHAR g_szCurModulePath[MAX_PATH] = {0};
TCHAR g_szFna[MAX_PATH] = {0};
HANDLE g_hPipe = NULL;
// 配置文件名称;
TCHAR g_szConfigFile[MAX_PATH] = {0};
// 配置的窗口名称;
TCHAR g_szWindowTitle[MAX_PATH] = {0};
// 配置的窗口进程名称;
TCHAR g_szProcessName[MAX_PATH] = {0};
// 管道名称;
TCHAR g_szPipeName[MAX_PATH] = {0};

typedef struct PIPE_MSG
{
	//消息类型;
	//消息内容;
};

// 枚举屏幕上的所有顶级窗口
BOOL CALLBACK EnumWndProc(HWND hwnd, LPARAM lParam)
{
	TCHAR szLog[MAX_PATH] = {0};
	DWORD dwCurrentProcessId = *((DWORD*)lParam);
	// 根据进程ID、窗口，获取当前窗口所在线程ID;
	DWORD dwWindProcessId = 0;
	DWORD dwThreadId = GetWindowThreadProcessId(hwnd, &dwWindProcessId);
#if _MSC_VER >= 1200 && _MSC_VER < 1500
	sprintf(szLog, _T("<Injecter> 进程ID=%ld, 窗口进程ID=%ld\n"), dwCurrentProcessId, dwThreadId);
#else
	_stprintf_s(szLog, _T("<Injecter> 进程ID=%ld, 窗口进程ID=%ld\n"), dwCurrentProcessId, dwThreadId);
#endif
	OutputDebugString(szLog);
	if ( dwCurrentProcessId == dwWindProcessId && GetParent(hwnd) == NULL )   // GetParent==Null表示主窗口,本来就是找顶级的，有点多余?;
	{
		*((HWND*)lParam) = hwnd;
		// 回调函数调用SetLastError以获取有意义的错误代码，以返回给EnumWindows的调用方
		SetLastError(10086);
		// 停止枚举,返回FALSE;
		return FALSE;
	}

	// 继续枚举,返回TRUE;
	return TRUE;
}


HWND GetMainWnd()
{
	TCHAR szLog[MAX_PATH] = {0};
	// 获取当前DLL所在进程ID;
	DWORD dwCurrentProcessId = GetCurrentProcessId();
	// 枚举该进程窗口;
	EnumWindows(EnumWndProc, (LPARAM)&dwCurrentProcessId);
	DWORD dwError = GetLastError();
	if (dwError == 10086)
	{
		// 找到窗口句柄;
		return (HWND)dwCurrentProcessId;
	}

#if _MSC_VER >= 1200 && _MSC_VER < 1500
	sprintf(szLog, _T("<Injecter> 进程ID=%ld, 没找到窗口,GetLastError=%ld\n"), dwCurrentProcessId, dwError);
#else
	_stprintf_s(szLog, _T("<Injecter> 进程ID=%ld, 没找到窗口,GetLastError=%ld\n"), dwCurrentProcessId, dwError);
#endif
	OutputDebugString(szLog);

	return NULL;
}

DWORD WINAPI WorkThreadProc(LPVOID lParam)
{
#ifdef _DEBUG
	Sleep(20000);
#endif
	TCHAR szLog[MAX_PATH] = {0};
	TCHAR szWndTitle[MAXBYTE] = {0};
	// 获取DLL所在窗口句柄;
	HWND hWnd = GetMainWnd();
	if ( hWnd == NULL )
	{
		OutputDebugString(_T("<Injecter> 没有找到窗口句柄"));
		FreeLibraryAndExitThread(g_hModule, 0);
		return 0;
	}

	// 得到窗口名称
	GetWindowText(hWnd,szWndTitle,sizeof(szWndTitle));
#if _MSC_VER >= 1200 && _MSC_VER < 1500
	sprintf(szLog, _T("找到窗口名称：%s\n"),  szWndTitle);
#else
	_stprintf_s(szLog, _T("找到窗口名称：%s\n"),  szWndTitle);
#endif
	OutputDebugString(szLog);
	//是否名称是计算器
	if( _tcsstr(szWndTitle, g_szWindowTitle) )
	{
		OutputDebugString(_T("<Injecter> 找到指定窗口!!!"));
		// 2、创建后台线程;
		MessageBox(NULL, szWndTitle, g_szWindowTitle, MB_OK);
#if 1
		// 等待连接服务器管道;
		if ( WaitNamedPipe(g_szPipeName, NMPWAIT_WAIT_FOREVER) )
		{
			// 连接成功后,创建客户端管道;
			if ( (g_hPipe = CreateFile(g_szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL) ) == INVALID_HANDLE_VALUE )
			{
				// 创建失败;
			}
			else
			{
				DWORD dwWrite = 0;
				TCHAR szValue[MAX_PATH] = {"test pipe"};
				if ( WriteFile(g_hPipe, szValue, sizeof(szValue)*sizeof(TCHAR), &dwWrite, NULL ) )
				{
					// 写完之后，进行读取;
				}
				else
				{
					// 写失败;
				}
			}
		}
		else
		{
			// 等待失败;
		}
#endif
	}
	else
	{
		OutputDebugString(_T("<Injecter> 不满足条件,DLL自我卸载!!!"));
		// 如果不满足条件,DLL自我卸载;
		FreeLibraryAndExitThread(g_hModule, 0);
	}

	return 0;
}


BOOL APIENTRY DllMain( HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved)
{
	g_hModule = hModule;
#if 1
	// 获取dll的目录;
	TCHAR szDrive[MAX_PATH] = { 0 };
	TCHAR szDir[MAX_PATH] = { 0 };
	TCHAR szExt[MAX_PATH] = { 0 };
	::GetModuleFileName(g_hModule, g_szCurModulePath, sizeof(g_szCurModulePath) / sizeof(TCHAR));
	_tsplitpath_s(g_szCurModulePath, szDrive, szDir, g_szFna, szExt);
	_tcscpy_s(g_szCurModulePath, szDrive);
	_tcscat_s(g_szCurModulePath, szDir);
	// 设置配置文件;
	_stprintf_s(g_szConfigFile, _T("%s%s"), g_szCurModulePath, _T("Assit.ini"));

	// 读取配置文件;
	TCHAR szValue[MAX_PATH] = {0};
	GetPrivateProfileString(_T("Windows"), _T("Title"), _T(""), g_szWindowTitle, MAX_PATH, g_szConfigFile);
	GetPrivateProfileString(_T("Pipe"), _T("Name"), _T("Assit"), szValue, MAX_PATH, g_szConfigFile);
	_stprintf_s(g_szPipeName, _T("\\\\.\\pipe\\%s"), szValue);
	GetPrivateProfileString(_T("Process"), _T("Name"), _T("Game.exe"), g_szProcessName, MAX_PATH, g_szConfigFile);
#endif

	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		{
			hThreadProc = CreateThread(NULL, 0, WorkThreadProc, NULL, 0, NULL);
			CloseHandle(hThreadProc);
		}
		break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}