gpt4 book ai didi

c++ - 如何在注入(inject)的dll中调用函数

转载 作者:行者123 更新时间:2023-11-28 06:17:35 26 4
gpt4 key购买 nike

我正在尝试使用注入(inject)的 dll 从另一个进程获取键盘消息,但我不知道在我自己的程序中必须在哪里调用函数。这是我注入(inject)的 dll 函数:

//this is my dll main function  
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
/* open file */
FILE *file;
fopen_s(&file, "d:\\dll\\temp.txt", "a+");

switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
hInst = (HINSTANCE)hModule;
// should be function calling be here????
installhook();
break;
case DLL_PROCESS_DETACH:
fprintf(file, "DLL detach function called.\n");
break;
case DLL_THREAD_ATTACH:
fprintf(file, "DLL thread attach function called.\n");
break;
case DLL_THREAD_DETACH:
fprintf(file, "DLL thread detach function called.\n");
break;
}
hInst = (HINSTANCE)hModule;
/* close file */
fclose(file);
return TRUE;
}

这是我安装 keyboardproc 来处理的安装 Hook 函数

   BOOL __declspec(dllexport)__stdcall installhook()
{
HWND targetWnd;
HANDLE hProcess;
unsigned long processID = 0;
hkb = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)KeyboardProc, hInst, GetCurrentThreadId());
return TRUE;
}

这是我的 keyboardproc 函数体

LRESULT __declspec(dllexport)__stdcall  CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
char ch;
MessageBoxA(nullptr, "key touched\n", "DLL_PROCESS_ATTACH", MB_OK | MB_ICONWARNING);
do
{
if (((DWORD)lParam & 0x40000000) && (HC_ACTION == nCode))
{
if ((wParam == VK_SPACE) || (wParam == VK_RETURN) || (wParam >= 0x2f) && (wParam <= 0x100))
{
FILE *file;
fopen_s(&file, "d:\\dll\\temp.txt", "a+");
fprintf(file, nCode + ".\n");
}
}
} while (0);
return CallNextHookEx(hkb, nCode, wParam, lParam);
}

最后这是我的主程序,我将 dll 注入(inject)目标进程

int procID = 9448;
HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (process == NULL) {
printf("Error: the specified process couldn't be found.\n");
}

/*
* Get address of the LoadLibrary function.
*/
LPVOID addr = (LPVOID)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryA");
if (addr == NULL) {
printf("Error: the LoadLibraryA function was not found inside kernel32.dll library.\n");
}

/*
* Allocate new memory region inside the process's address space.
*/
LPVOID arg = (LPVOID)VirtualAllocEx(process, NULL, strlen(buffer), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (arg == NULL) {
printf("Error: the memory could not be allocated inside the chosen process.\n");
}

/*
* Write the argument to LoadLibraryA to the process's newly allocated memory region.
*/
int n = WriteProcessMemory(process, arg, buffer, strlen(buffer), NULL);
if (n == 0) {
printf("Error: there was no bytes written to the process's address space.\n");
}

cout << procID << "\nhandle:" << process << "\nAddress:" << addr << "\nVirtualArg:" << arg << "\nWM:"<<n<<"\n";


/*
* Inject our DLL into the process's address space.
*/
HANDLE threadID = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)addr, arg, NULL, NULL);
if (threadID == NULL) {
printf("Error: the remote thread could not be created.\n");
}
else {
printf("Success: the remote thread was successfully created.\n");
}

/*
* Close the handle to the process, becuase we've already injected the DLL.
*/
CloseHandle(process);

我的代码有什么问题,必须更改哪里才能获得预期的结果!

最佳答案

是的,它可以从 DLL_PROCESS_ATTACH 调用。但是根据msdn

hMod [in] Type: HINSTANCE A handle to the DLL containing the hook procedure pointed to by the lpfn parameter. The hMod parameter must be set to NULL if the dwThreadId parameter specifies a thread created by the current process and if the hook procedure is within the code associated with the current process.

所以把hMod改成NULL

hkb = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)KeyboardProc, NULL, GetCurrentThreadId());

关于c++ - 如何在注入(inject)的dll中调用函数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29944180/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com