• <ins id="pjuwb"></ins>
    <blockquote id="pjuwb"><pre id="pjuwb"></pre></blockquote>
    <noscript id="pjuwb"></noscript>
          <sup id="pjuwb"><pre id="pjuwb"></pre></sup>
            <dd id="pjuwb"></dd>
            <abbr id="pjuwb"></abbr>

            S.l.e!ep.¢%

            像打了激速一樣,以四倍的速度運轉,開心的工作
            簡單、開放、平等的公司文化;尊重個性、自由與個人價值;
            posts - 1098, comments - 335, trackbacks - 0, articles - 1
              C++博客 :: 首頁 :: 新隨筆 :: 聯系 :: 聚合  :: 管理

            About ShutDown of Windows(五)

            Posted on 2009-11-20 00:29 S.l.e!ep.¢% 閱讀(279) 評論(0)  編輯 收藏 引用 所屬分類: RootKit
            About ShutDown of Windows(四)

            天氣很冷,接著折騰
            利用Windows Hooks注入

            Windows系統給我們提供了一些掛鉤函數,
            使得被掛鉤的進程可以在自己處理接收到的消息之前,
            先執行我們的消息處理函數,
            而這個消息處理函數一般會放在DLL中,
            來讓目標進程加載,這實際上已經達到了注入代碼的效果。
            一般情況下,我們把掛鉤函數和消息處理函數都放在dll中:

            ?所謂的注入,就是讓其它進程強制加載一個DLL的意思吧

            二至四中,忽悠到了 SetHook... 的最后一個參數

            WINUSERAPI
            HHOOK
            WINAPI
            SetWindowsHookExW(
            ??? int idHook,
            ??? HOOKPROC lpfn,
            ??? HINSTANCE hmod,
            ??? DWORD dwThreadId);

            最后一個是需要注入的 Thread ID

            HOOKDLL_API?void?Hook(void)
            {
            ????
            //?TODO:?Add?extra?initialization?here
            #ifndef?WH_KEYBOARD_LL
            #define?WH_KEYBOARD_LL?13
            #endif

            ????g_Hook?
            =?SetWindowsHookEx(WH_KEYBOARD_LL,?MyKeyHook,?g_IT,?8800);
            ????
            ????
            if(?g_Hook?==?NULL?)
            ????{
            ????????
            char?szBuf[200]=?{0};
            ????????sprintf(szBuf,?
            "Failed?to?Set?Hook?(%d)",?GetLastError());
            ????????MessageBox(NULL,?szBuf,?NULL,?MB_OK);
            ????}
            //????return?42;
            }

            返回的錯誤碼是 87
            Google 告訴我,WH_KEYBOARD_LL 不支持線程,只能用 WH_KEYBOARD

            修改了下代碼
            //?HookDLL.cpp?:?Defines?the?entry?point?for?the?DLL?application.
            //

            #include?
            "stdafx.h"
            #include?
            "HookDLL.h"
            #include?
            <stdio.h>

            HINSTANCE?g_IT;

            BOOL?APIENTRY?DllMain(?HINSTANCE?hInstance,?
            ???????????????????????DWORD??ul_reason_for_call,?
            ???????????????????????LPVOID?lpReserved
            ?????????????????????)
            {
            ????g_IT?
            =?hInstance;

            ????
            switch?(ul_reason_for_call)
            ????{
            ????????
            case?DLL_PROCESS_ATTACH:
            ????????????MessageBox(NULL,?
            "DLL_PROCESS_ATTACH",?"",?MB_OK);
            ????????????
            break;

            ????????
            case?DLL_THREAD_ATTACH:
            ????????????MessageBox(NULL,?
            "DLL_THREAD_ATTACH",?"",?MB_OK);
            ????????????
            break;

            ????????
            case?DLL_THREAD_DETACH:
            ????????????MessageBox(NULL,?
            "DLL_THREAD_DETACH",?"",?MB_OK);
            ????????????
            break;

            ????????
            case?DLL_PROCESS_DETACH:
            ????????????MessageBox(NULL,?
            "DLL_PROCESS_DETACH",?"",?MB_OK);
            ????????????
            break;
            ????}
            ????
            return?TRUE;
            }


            //?This?is?an?example?of?an?exported?variable
            HOOKDLL_API?int?nHookDLL=0;

            HHOOK?g_Hook?
            =?NULL;

            LRESULT?CALLBACK?MyKeyHook(
            int?code,?WPARAM?wParam,?LPARAM?lParam)
            {
            #if?(_WIN32_WINNT?<?0x0400)
            /*
            *?Structure?used?by?WH_KEYBOARD_LL
            ????
            */
            ????typedef?
            struct?tagKBDLLHOOKSTRUCT?{
            ????????DWORD???vkCode;
            ????????DWORD???scanCode;
            ????????DWORD???flags;
            ????????DWORD???time;
            ????????DWORD???dwExtraInfo;
            ????}?KBDLLHOOKSTRUCT,?FAR?
            *LPKBDLLHOOKSTRUCT,?*PKBDLLHOOKSTRUCT;
            #endif
            ????
            ????PKBDLLHOOKSTRUCT?kbDLLHOOK?
            =?(PKBDLLHOOKSTRUCT)lParam;
            ????
            ????
            const?char?*info?=?NULL;
            ????
            ????
            if?(wParam?==?WM_KEYDOWN)
            ????????info?
            =?"key?down";????
            ????
            else?if?(wParam?==?WM_KEYUP)
            ????????info?
            =?"key?up";
            ????
            else?if?(wParam?==?WM_SYSKEYDOWN)
            ????????info?
            =?"sys?key?down";????
            ????
            else?if?(wParam?==?WM_SYSKEYUP)
            ????????info?
            =?"sys?key?up";
            ????
            ????
            //FILE*?f?=?fopen("hook.txt",?"a+");
            ????
            ????
            //CString?strLog;
            ????
            //strLog.Format("%s?-?vkCode?[%04x],?[%c]?scanCode?[%04x]\n",?info,?kbDLLHOOK->vkCode,?kbDLLHOOK->vkCode,?kbDLLHOOK->scanCode);
            ????
            ????
            //fwrite(strLog,?1,?strLog.GetLength(),?f);
            ????
            //fclose(f);
            ????
            ????
            //?always?call?next?hook
            ????
            //?return?CallNextHookEx(g_Hook,?code,?wParam,?lParam);

            ????
            return?TRUE;
            }????

            //?This?is?an?example?of?an?exported?function.
            HOOKDLL_API?void?Hook(void)
            {
            ????
            //?TODO:?Add?extra?initialization?here
            #ifndef?WH_KEYBOARD_LL
            #define?WH_KEYBOARD_LL?13
            #endif

            ????g_Hook?
            =?SetWindowsHookEx(WH_KEYBOARD_LL,?MyKeyHook,?g_IT,?8800);
            ????
            ????
            if(?g_Hook?==?NULL?)
            ????{
            ????????
            char?szBuf[200]=?{0};
            ????????sprintf(szBuf,?
            "Failed?to?Set?Hook?(%d)",?GetLastError());
            ????????MessageBox(NULL,?szBuf,?NULL,?MB_OK);
            ????}
            //????return?42;
            }

            //?This?is?the?constructor?of?a?class?that?has?been?exported.
            //?see?HookDLL.h?for?the?class?definition
            CHookDLL::CHookDLL()
            {?
            ????
            return;?
            }



            void?CHookTestDlg::OnButton1()?
            {
            ????TCHAR?szPath[MAX_PATH]?
            =?{0};
            ????GetModuleFileName(NULL,?szPath,?MAX_PATH);
            ?????PathRenameExtension(szPath,?_T(
            ""));

            ????typedef?
            void?(*TYPE_pfnLoadLibrary)();
            ????TYPE_pfnLoadLibrary?pfnLoadLibrary?
            =?NULL;

            ????HMODULE?Module?
            =?LoadLibrary(szPath);
            ????pfnLoadLibrary?
            =?(TYPE_pfnLoadLibrary)GetProcAddress(Module,?"Hook");
            ????
            ????pfnLoadLibrary();
            }

            其中,8800 是另一個進程其中的一個線程,雖然沒返回錯誤碼,但到
            8800那條線程所在的進程看了下,并沒有注入HookTest.dll (使用 syscheck)

            原因是啥,還沒搞清楚

            Google到的資料
            http://bbs.pediy.com/showthread.php?p=445390
            http://edison.5d6d.com/thread-742-1-1.html
            明天再搞
            久久九九青青国产精品| 日产精品久久久一区二区| 亚洲国产欧美国产综合久久| 国内精品久久久久久久coent| 久久精品中文字幕无码绿巨人| 伊人色综合九久久天天蜜桃| 国产成人精品久久| 嫩草影院久久国产精品| 久久99精品国产麻豆| 久久香蕉国产线看观看精品yw| 久久天天躁狠狠躁夜夜2020一| 综合久久一区二区三区 | 久久精品国产欧美日韩| 91精品婷婷国产综合久久| 99热精品久久只有精品| 久久美女人爽女人爽| 国产精品亚洲美女久久久| 久久久久一本毛久久久| 中文字幕精品无码久久久久久3D日动漫 | …久久精品99久久香蕉国产| 久久综合综合久久综合| 精品久久久久久久久中文字幕| 亚洲国产成人久久精品动漫| 国产精品日韩欧美久久综合| 国产日韩欧美久久| 久久天天躁狠狠躁夜夜躁2014| 日日躁夜夜躁狠狠久久AV| 99久久99久久精品国产片| 亚洲国产视频久久| 99久久婷婷免费国产综合精品| 久久国产精品免费一区| 久久精品国产99国产精品亚洲 | 久久久久国产日韩精品网站| 一本一道久久a久久精品综合 | 国产L精品国产亚洲区久久| 亚洲欧美精品一区久久中文字幕| 色欲综合久久中文字幕网| 精品免费久久久久国产一区| 久久久久亚洲av综合波多野结衣 | 色综合久久无码中文字幕| 国产香蕉97碰碰久久人人|