// dll.cpp : Defines the initialization routines for the DLL.
// Author:秋鎮菜
#include "stdafx.h"
#include <afxdllx.h>
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
static AFX_EXTENSION_MODULE DllDLL = { NULL, NULL };
extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
// Remove this if you use lpReserved
UNREFERENCED_PARAMETER(lpReserved);
if (dwReason == DLL_PROCESS_ATTACH)
{
TRACE0("DLL.DLL Initializing!\n");
// Extension DLL one-time initialization
if (!AfxInitExtensionModule(DllDLL, hInstance))
return 0;
// Insert this DLL into the resource chain
// NOTE: If this Extension DLL is being implicitly linked to by
// an MFC Regular DLL (such as an ActiveX Control)
// instead of an MFC application, then you will want to
// remove this line from DllMain and put it in a separate
// function exported from this Extension DLL. The Regular DLL
// that uses this Extension DLL should then explicitly call that
// function to initialize this Extension DLL. Otherwise,
// the CDynLinkLibrary object will not be attached to the
// Regular DLL's resource chain, and serious problems will
// result.
MessageBox(NULL, "對話框", NULL, MB_OK);
new CDynLinkLibrary(DllDLL);
}
else if (dwReason == DLL_PROCESS_DETACH)
{
TRACE0("DLL.DLL Terminating!\n");
// Terminate the library before destructors are called
AfxTermExtensionModule(DllDLL);
}
return 1; // ok
}
// remotethread.cpp : Defines the entry point for the console application.
// Author:秋鎮菜
#include "stdafx.h"
#include "windows.h"
int main(int argc, char* argv[])
{
HWND hWnd = FindWindow("notepad", NULL);
DWORD dwId;
GetWindowThreadProcessId(hWnd, &dwId);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwId);
if (! hProcess)
return 0;
char sz[MAX_PATH];
GetModuleFileName(NULL, sz, MAX_PATH);
strcpy(strstr(sz,".exe"), ".dll");
strcpy(sz, "c:\\windows\\dll.dll");
void *pData = VirtualAllocEx(hProcess, 0, sizeof (sz), MEM_COMMIT, PAGE_READWRITE);
if (! pData)
return 0;
if (! WriteProcessMemory(hProcess, pData, sz, sizeof (sz), 0))
return 0;
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)GetProcAddress(
LoadLibrary("kernel32.dll"), "LoadLibraryA"), pData, 0, 0);
if (hThread == NULL)
return 0;
printf("sssssssssssssssssssssssssssssss\r\n");
WaitForSingleObject(hThread, INFINITE);
DWORD dwModule;
GetExitCodeThread(hThread, &dwModule);
CloseHandle(hThread);
VirtualFreeEx(hProcess, pData, sizeof (sz), MEM_RELEASE);
printf("...............................\r\n");
hThread = CreateRemoteThread(hProcess, NULL, 0,
(LPTHREAD_START_ROUTINE)GetProcAddress(
LoadLibrary("kernel32.dll"), "FreeLibrary"), &dwModule, 0, 0);
if (hThread == NULL)
return 0;
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);
printf(sz);
printf("\r\n");
Sleep(2000);
return 0;
}