我感觉既然C#能调用下面API Hook窗口的键盘鼠标消息,应该也能实现搂主需求,不过我没做过 [DllImport("user32.dll")] private static extern IntPtr SetWindowsHookEx(HookType code, HookProc func, IntPtr hInstance, int threadID);[DllImport("user32.dll")] private static extern int UnhookWindowsHookEx(IntPtr hhook); [DllImport("user32.dll")] private static extern int CallNextHookEx(IntPtr hhook, int code, IntPtr wParam, IntPtr lParam);
用于进程注入其他的类似 using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Text; using System.Windows.Forms; using System.Runtime.InteropServices; using System.Diagnostics; namespace dllinject { public partial class Form1 : Form { [DllImport("kernel32.dll")] public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect); [DllImport("kernel32.dll")] public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten ); [DllImport("kernel32.dll")] public static extern int GetProcAddress(int hwnd, string lpname); [DllImport("kernel32.dll")] public static extern int GetModuleHandleA(string name); [DllImport("kernel32.dll")] public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { int ok1; int baseaddress; int temp=0; int hack; int yan; string dllname; dllname = "c:\\Ren.dll"; int dlllength; dlllength = dllname.Length + 1; Process[] pname = Process.GetProcesses(); foreach (Process name in pname) { if (name.ProcessName.ToLower().IndexOf("360tray") != -1) {
[DllImport("user32.dll")]
private static extern IntPtr SetWindowsHookEx(HookType code, HookProc func, IntPtr hInstance, int threadID);[DllImport("user32.dll")]
private static extern int UnhookWindowsHookEx(IntPtr hhook); [DllImport("user32.dll")]
private static extern int CallNextHookEx(IntPtr hhook, int code, IntPtr wParam, IntPtr lParam);
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace dllinject
{
public partial class Form1 : Form
{
[DllImport("kernel32.dll")]
public static extern int VirtualAllocEx(IntPtr hwnd, int lpaddress, int size, int type, int tect);
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hwnd, int baseaddress, string buffer, int nsize, int filewriten );
[DllImport("kernel32.dll")]
public static extern int GetProcAddress(int hwnd, string lpname);
[DllImport("kernel32.dll")]
public static extern int GetModuleHandleA(string name);
[DllImport("kernel32.dll")]
public static extern int CreateRemoteThread(IntPtr hwnd, int attrib, int size, int address, int par, int flags, int threadid);
public Form1()
{
InitializeComponent();
} private void button1_Click(object sender, EventArgs e)
{
int ok1;
int baseaddress;
int temp=0;
int hack;
int yan;
string dllname;
dllname = "c:\\Ren.dll";
int dlllength;
dlllength = dllname.Length + 1;
Process[] pname = Process.GetProcesses();
foreach (Process name in pname)
{ if (name.ProcessName.ToLower().IndexOf("360tray") != -1)
{
baseaddress = VirtualAllocEx(name.Handle, 0, dlllength , 4096, 4);
if (baseaddress == 0)
{
MessageBox.Show("申请内存空间失败!!");
return;
}
ok1 = WriteProcessMemory(name.Handle, baseaddress, dllname, dlllength, temp);
if (ok1 == 0)
{
MessageBox.Show("写内存失败!!");
return;
}
hack = GetProcAddress(GetModuleHandleA("Kernel32"), "LoadLibraryA");
if (hack == 0)
{
MessageBox.Show("无法取得函数的入口点!!");
return;
}
yan = CreateRemoteThread(name.Handle, 0, 0, hack, baseaddress, 0, temp);
if (yan == 0)
{
MessageBox.Show("创建远程线程失败!!");
return;
}
else
{
MessageBox.Show("已成功注入dll!!");
} } } } private void Form1_Load(object sender, EventArgs e)
{ }
}
}