Reverse
/
wechat


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
							// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include "stdafx.h"

//https://docs.microsoft.com/zh-cn/windows/desktop/winmsg/using-hooks
HHOOK	ghk_CBT = NULL;
HHOOK	ghk_Mouse = NULL;
HHOOK	ghk_CallWndProc = NULL;

LRESULT WINAPI CallWndProc(int, WPARAM, LPARAM);
LRESULT WINAPI CBTProc(int, WPARAM, LPARAM);
LRESULT WINAPI DebugProc(int, WPARAM, LPARAM);
LRESULT WINAPI GetMsgProc(int, WPARAM, LPARAM);
LRESULT WINAPI KeyboardProc(int, WPARAM, LPARAM);
LRESULT WINAPI MouseProc(int, WPARAM, LPARAM);
LRESULT WINAPI MessageProc(int, WPARAM, LPARAM);

LRESULT WINAPI CallWndProc(int nCode, WPARAM wParam, LPARAM lParam)
{
	WriteTextLog(_T("CallWndProc"));

	if (nCode < 0)  // do not process message 
		return CallNextHookEx(ghk_CallWndProc, nCode, wParam, lParam);

	switch (nCode)
	{
	case HC_ACTION:
		break;

	default:
		break;
	}

	return CallNextHookEx(ghk_CallWndProc, nCode, wParam, lParam);
}

LRESULT CALLBACK CBTProc(int nCode, WPARAM wParam, LPARAM lParam)
{
	CHAR szBuf[128];
	CHAR szCode[128];
	static int c = 0;
	size_t cch;
	HRESULT hResult;

	WriteTextLog(_T("CBTProc"));
	if (nCode < 0)  // do not process message 
		return CallNextHookEx(ghk_CBT, nCode, wParam,lParam);

	switch (nCode)
	{
	case HCBT_ACTIVATE:
		break;

	case HCBT_CLICKSKIPPED:
		break;

	case HCBT_CREATEWND:
		break;

	case HCBT_DESTROYWND:
		break;

	case HCBT_KEYSKIPPED:
		break;

	case HCBT_MINMAX:
		break;

	case HCBT_MOVESIZE:
		break;

	case HCBT_QS:
		break;

	case HCBT_SETFOCUS:
		break;

	case HCBT_SYSCOMMAND:
		break;

	default:
		break;
	}
	
	return CallNextHookEx(ghk_CBT, nCode, wParam, lParam);
}

LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam)
{
	CHAR szBuf[128];
	CHAR szMsg[16];
	static int c = 0;
	size_t cch;
	HRESULT hResult;

	if (nCode < 0)  // do not process the message 
		return CallNextHookEx(ghk_Mouse, nCode,wParam, lParam);

	WriteTextLog(_T("MOUSE - nCode: %d, msg: %s, x: %d, y: %d, %d times "), nCode, szMsg, LOWORD(lParam), HIWORD(lParam), c++);

	return CallNextHookEx(ghk_Mouse, nCode, wParam, lParam);
}

BOOL APIENTRY DllMain(HMODULE hModule,DWORD  ul_reason_for_call,LPVOID lpReserved)
{
	g_hCurModule = hModule;
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	{
		DWORD dwThreadId = 0;
		GetProcInfo(dwThreadId);
		if (ghk_CBT == NULL)
		{
			ghk_CBT = SetWindowsHookEx(WH_CBT, CBTProc, HINSTANCE(0x000604F4), dwThreadId);
			if (ghk_CBT == NULL)
				WriteTextLog(_T("hook api失败"));
			else
				WriteTextLog(_T("hook api成功:%ld,%p"), GetLastError(), HINSTANCE(0x000604F4));
		}

		WriteTextLog(_T("dll已成功注入:【当前线程id=%d, 目标线程id=%d,进程id=%d】"), ::GetCurrentThreadId(), dwThreadId, ::GetCurrentProcessId());
		WxInfo wxInfo;
		GetWxInfo(wxInfo);
	}
	break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	case DLL_PROCESS_DETACH:
		if (ghk_CBT)
		{
			if (UnhookWindowsHookEx(ghk_CBT))
				WriteTextLog(_T("卸载hook成功"));
		}
		WriteTextLog(_T("dll已成功卸载"));
		break;
	default:
		break;
	}
	return TRUE;
}