大家好,我最近在写一个辅助的WINFORM程序,要求如下,注入已经打开的记事本程序,对记事本进行监视,如果在操作记事本的过程中按了F10后,则注入程序打开窗体,现在我的程序是这样的,我首先写了一个被注入的DLL,然后又写了一个注入记事本操作的DLL,但问题是,我注入后,在记事本中按F10无法出现窗口,我觉得问题的所在可能在我没有正确的把DLL注入进去,也可能是我没有调用被注入程序的函数,可是我不知道怎么用,请大家教我注入程序:
[DllImport("kernel32.dll")] //声明API函数
public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
public Form1()
{
InitializeComponent();
} private void button1_Click(object sender, EventArgs e)
{
int ok1;
//int ok2;
//int hwnd;
int baseaddress;
int temp = 0;
int hack;
int yan;
string dllname;
dllname = @"C:\TW外挂\Demo\demo3\bin\Debug\demo3.dll";
int dlllength;
dlllength = dllname.Length + 1;
Process[] pname = Process.GetProcesses(); //取得所有进程
foreach (Process name in pname) //遍历进程
{
//MessageBox.Show(name.ProcessName.ToLower());
if (name.ProcessName.ToLower().IndexOf("notepad") != -1) //所示记事本,那么下面开始注入
{ baseaddress = VirtualAllocEx(name.Handle, 0, dlllength, 4096, 4); //申请内存空间
if (baseaddress == 0) //返回0则操作失败,下面都是
{
MessageBox.Show("申请内存空间失败!!");
Application.Exit();
}
ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp); //写内存
if (ok1 == 0)
{ MessageBox.Show("写内存失败!!");
Application.Exit();
}
hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址
if (hack == 0)
{
MessageBox.Show("无法取得函数的入口点!!");
Application.Exit();
}
yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp); //创建远程线程。
if (yan == 0)
{
MessageBox.Show("创建远程线程失败!!");
Application.Exit();
}
else
{
MessageBox.Show("已成功注入dll!!");
} }
}
}以下是被注入的DLL代码
[STAThread]
static void Main()
{
Application.Run(new Form1());
} public void SetHotKey(bool bCtrl, bool bShift, bool bAlt, bool bWindows, Keys nowKey)
{
try
{
this.key_Alt = bAlt;
this.key_Ctrl = bCtrl;
this.key_Shift = bShift;
this.key_Windows = bWindows;
this.key_other = nowKey; WinHotKey.KeyModifiers modifier = WinHotKey.KeyModifiers.None; if (this.key_Ctrl)
modifier |= WinHotKey.KeyModifiers.Control;
if (this.key_Alt)
modifier |= WinHotKey.KeyModifiers.Alt;
if (this.key_Shift)
modifier |= WinHotKey.KeyModifiers.Shift;
if (this.key_Windows)
modifier |= WinHotKey.KeyModifiers.Windows; WinHotKey.RegisterHotKey(Handle, 100, modifier, nowKey);
}
catch (Exception err)
{
this.textBox1.AppendText(err.Message + "\r\n");
}
} protected override void WndProc(ref Message m)
{
const int WM_HOTKEY = 0x0312; switch (m.Msg)
{
case WM_HOTKEY:
{
//如果有新消息
this.textBox1.AppendText(m.Msg.ToString() + "\r\n");
break;
}
}
base.WndProc(ref m);
} private void Form1_Load(object sender, System.EventArgs e)
{
Directory.CreateDirectory("c:/aaaaaa/");
//this.Show();
//this.SetHotKey(true, false, false, false, Keys.F10);
}
}
#region WinHotKey Class
public class WinHotKey
{
[DllImport("user32.dll", SetLastError = true)]
public static extern bool RegisterHotKey(
IntPtr hWnd, //窗口句柄
int id,
KeyModifiers fsModifiers,
Keys vk
); [DllImport("user32.dll", SetLastError = true)]
public static extern bool UnregisterHotKey(
IntPtr hWnd,
int id
); [Flags()]
public enum KeyModifiers
{
None = 0,
Alt = 1,
Control = 2,
Shift = 4,
Windows = 8
} public WinHotKey() { }
}
#endregion
[DllImport("kernel32.dll")] //声明API函数
public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten);
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
public Form1()
{
InitializeComponent();
} private void button1_Click(object sender, EventArgs e)
{
int ok1;
//int ok2;
//int hwnd;
int baseaddress;
int temp = 0;
int hack;
int yan;
string dllname;
dllname = @"C:\TW外挂\Demo\demo3\bin\Debug\demo3.dll";
int dlllength;
dlllength = dllname.Length + 1;
Process[] pname = Process.GetProcesses(); //取得所有进程
foreach (Process name in pname) //遍历进程
{
//MessageBox.Show(name.ProcessName.ToLower());
if (name.ProcessName.ToLower().IndexOf("notepad") != -1) //所示记事本,那么下面开始注入
{ baseaddress = VirtualAllocEx(name.Handle, 0, dlllength, 4096, 4); //申请内存空间
if (baseaddress == 0) //返回0则操作失败,下面都是
{
MessageBox.Show("申请内存空间失败!!");
Application.Exit();
}
ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp); //写内存
if (ok1 == 0)
{ MessageBox.Show("写内存失败!!");
Application.Exit();
}
hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA"); //取得loadlibarary在kernek32.dll地址
if (hack == 0)
{
MessageBox.Show("无法取得函数的入口点!!");
Application.Exit();
}
yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp); //创建远程线程。
if (yan == 0)
{
MessageBox.Show("创建远程线程失败!!");
Application.Exit();
}
else
{
MessageBox.Show("已成功注入dll!!");
} }
}
}以下是被注入的DLL代码
[STAThread]
static void Main()
{
Application.Run(new Form1());
} public void SetHotKey(bool bCtrl, bool bShift, bool bAlt, bool bWindows, Keys nowKey)
{
try
{
this.key_Alt = bAlt;
this.key_Ctrl = bCtrl;
this.key_Shift = bShift;
this.key_Windows = bWindows;
this.key_other = nowKey; WinHotKey.KeyModifiers modifier = WinHotKey.KeyModifiers.None; if (this.key_Ctrl)
modifier |= WinHotKey.KeyModifiers.Control;
if (this.key_Alt)
modifier |= WinHotKey.KeyModifiers.Alt;
if (this.key_Shift)
modifier |= WinHotKey.KeyModifiers.Shift;
if (this.key_Windows)
modifier |= WinHotKey.KeyModifiers.Windows; WinHotKey.RegisterHotKey(Handle, 100, modifier, nowKey);
}
catch (Exception err)
{
this.textBox1.AppendText(err.Message + "\r\n");
}
} protected override void WndProc(ref Message m)
{
const int WM_HOTKEY = 0x0312; switch (m.Msg)
{
case WM_HOTKEY:
{
//如果有新消息
this.textBox1.AppendText(m.Msg.ToString() + "\r\n");
break;
}
}
base.WndProc(ref m);
} private void Form1_Load(object sender, System.EventArgs e)
{
Directory.CreateDirectory("c:/aaaaaa/");
//this.Show();
//this.SetHotKey(true, false, false, false, Keys.F10);
}
}
#region WinHotKey Class
public class WinHotKey
{
[DllImport("user32.dll", SetLastError = true)]
public static extern bool RegisterHotKey(
IntPtr hWnd, //窗口句柄
int id,
KeyModifiers fsModifiers,
Keys vk
); [DllImport("user32.dll", SetLastError = true)]
public static extern bool UnregisterHotKey(
IntPtr hWnd,
int id
); [Flags()]
public enum KeyModifiers
{
None = 0,
Alt = 1,
Control = 2,
Shift = 4,
Windows = 8
} public WinHotKey() { }
}
#endregion
解决方案 »
- 求助一道面试题——子集合加总
- SideBar的子Item好像不能添加自己定义的组件,请问有无其他更好的第三方控件?
- sos求助,关于进程的问题!!!
- 如何在UDP接收线程中跨多个类访问窗体控件,并且还是子窗体的控件
- 请教在Global.asax的Session_Start事件里怎样能获得客户机的ip信息呢?
- processes的问题?
- 如何将ListView里面的列值赋给TextBox??
- C#多线程查找效率及CPU占用
- Login failed for user '(null)'访问数据时出现这个是哪里没有设置好呢?
- c# 使用OleDb读取csv,数值都取整数了,求解决
- 怎么生成随机数??
- C#怎么调用这个API函数?
那只能找到这个函数了,公用的dll吗,去网上搜索看这个的介绍