我写一了个DLL,并用CreateRemoteThread的方式注入到Explorer.exe中。DLL可以正常工作。可是我现在想终止这个DLL的线程。我试过在DLL中直接
CloseHandle\ExitThread\TerminateThread,因为我的DLL载入时会显示一个窗体,用到上述三个中任何一个时,我都可以看到我的窗体已经消失不见了。应该来说,DLL这个线程已经被终止掉了。可是我试着重新编译、删除、重命名那个DLL时,系统提示DLL正在使用中....有什么解决的方法?急盼回复。多谢http://expert.csdn.net/Expert/topic/2604/2604905.xml?temp=.9400751
CloseHandle\ExitThread\TerminateThread,因为我的DLL载入时会显示一个窗体,用到上述三个中任何一个时,我都可以看到我的窗体已经消失不见了。应该来说,DLL这个线程已经被终止掉了。可是我试着重新编译、删除、重命名那个DLL时,系统提示DLL正在使用中....有什么解决的方法?急盼回复。多谢http://expert.csdn.net/Expert/topic/2604/2604905.xml?temp=.9400751
解决方案 »
- Delphie中如何区分类对象的引用和属性的引用,新手求教
- 请教一下,关于在idtcpserver的子线程里创建线程.
- 意料外的窗口弹出!
- 100分求助!!!DHtmlEdit提示"不支持此接口",该如何解决?
- 给高人们个建议!
- 急问,谢谢。
- 各位帮帮忙!在线等待
- 在TStringGrid想使用指定的Color来填充Cell,为什么用Canvas.Rectangle或Canvas.FillRect都不行
- 给你两个DataSource,两个Table,一个Database,不准再用Query,你能用代码实现查找字段的功能吗?
- 一个非常棘手的问题,请大家帮忙解决!
- 数据库连接问题?
- 简单问题,我的delphi5的ADO组件面板找不到了,怎样才能找到啊,前两天我还用过啊
(******************************************************************************
* CopyRight (c) By GanHuaXin 2002
* All Right Reserved
* Email : [email protected]
* Date :
* New Develop : 2002-x-x
* Modified : 2001-05-26
******************************************************************************)unit untInjectCode;interfaceuses
Windows, Sysutils;function LoadDllToProcess(hProcess:Thandle;
strDllName:PChar;
var dllHandle:HModule):BOOL;
function UnLoadDllFromProcess(hProcess:THandle;
hLibModule: HModule;
var bOK:BOOL):BOOL;implementationtype
TLoadLibraryA = function (lpLibFileName: PAnsiChar): HMODULE; stdcall;
TLoadInjectInfo = Record
fnLoadLibraryA : TLoadLibraryA;
szDllName : array[0..255] of AnsiChar;
hDLL : HModule;
InjectCode : array [0..99] of byte;
end;
PLoadInjectInfo = ^TLoadInjectInfo; TMessageBeep = function (uType: UINT): BOOL; stdcall;
TFreeLibrary = function (hLibModule: HMODULE): BOOL; stdcall;
TFreeInjectInfo = Record
fnFreeLibrary : TFreeLibrary;
hLibModule : HMODULE;
fnMessageBeep : TMessageBeep;
uBeep : UINT;
InjectCode : array[0..99] of byte;
end;
PFreeInjectInfo = ^TFreeInjectInfo;function RemoteLoadFunc(p : PLoadInjectInfo):DWORD;stdcall;
begin
Result := DWORD(p.fnLoadLibraryA(p.szDllName));
end;function RemoteFreeFunc(p : PFreeInjectInfo):DWORD;stdcall;
begin
p.fnMessageBeep(p.uBeep);
Result := DWORD(p.fnFreeLibrary(p.hLibModule));
end;function LoadDllToProcess(hProcess:THandle;
strDllName:PChar;
var dllHandle:HModule):BOOL;
var
pCode : ^Byte;
i : Integer;
InjectInfo : TLoadInjectInfo;
pRemoteCode : PLoadInjectInfo;
dwCount : DWORD;
dwThreadID : DWORD;
hThread : THandle;
dwExitCode : DWORD;begin
result := TRUE;
dllHandle := 0;
try
pCode := Addr(RemoteLoadFunc); for i:=0 to SizeOf(InjectInfo.InjectCode) - 1 do begin
InjectInfo.InjectCode[i] := pCode^;
Inc(pCode);
end; InjectInfo.fnLoadLibraryA := GetProcAddress(GetModuleHandle('Kernel32.dll'),
'LoadLibraryA');
for i:=0 to strlen(strDllName) do begin
InjectInfo.szDllName[i] := strDllName[i];
end;
InjectInfo.szDllName[strlen(strDllName)] := Char(0); pRemoteCode := nil;
pRemoteCode := VirtualAllocEx( hProcess,
nil,
SizeOf(TLoadInjectInfo),
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
if (pRemoteCode = nil) then
RaiseLastWin32Error; if not WriteProcessMemory(hProcess,
pRemoteCode,
@InjectInfo,
SizeOf(TLoadInjectInfo),
dwCount) then
RaiseLastWin32Error; hThread := 0;
hThread := CreateRemoteThread( hProcess,
nil,
0,
Addr(pRemoteCode^.InjectCode[0]),
pRemoteCode,
0,
dwThreadId);
if hThread=0 then
RaiseLastWin32Error; WaitForSingleObject(hThread, INFINITE); GetExitCodeThread(hThread, dwExitCode); dllHandle := dwExitCode; CloseHandle(hThread);
finally
if Assigned(pRemoteCode) then
VirtualFreeEx( hProcess,
pRemoteCode,
SizeOf(TLoadInjectInfo),
MEM_RELEASE);
end;end;function UnLoadDllFromProcess(hProcess:THandle;
hLibModule: HModule;
var bOK:BOOL):BOOL;
var
pCode : ^Byte;
i : Integer;
InjectInfo : TFreeInjectInfo;
pRemoteCode : PFreeInjectInfo;
dwCount : DWORD;
dwThreadID : DWORD;
hThread : THandle;
dwExitCode : DWORD;begin
result := TRUE;
bOK := TRUE;
try
pCode := Addr(RemoteFreeFunc); for i:=0 to SizeOf(InjectInfo.InjectCode) - 1 do begin
InjectInfo.InjectCode[i] := pCode^;
Inc(pCode);
end; InjectInfo.fnFreeLibrary := GetProcAddress(GetModuleHandle('Kernel32.dll'),
'FreeLibrary');
InjectInfo.hLibModule := hLibModule;
InjectInfo.fnMessageBeep := GetProcAddress(GetModuleHandle('User32.dll'),
'MessageBeep');
InjectInfo.uBeep := 0; pRemoteCode := nil;
pRemoteCode := VirtualAllocEx( hProcess,
nil,
SizeOf(TFreeInjectInfo),
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
if (pRemoteCode = nil) then
RaiseLastWin32Error; if not WriteProcessMemory(hProcess,
pRemoteCode,
@InjectInfo,
SizeOf(TFreeInjectInfo),
dwCount) then
RaiseLastWin32Error; hThread := 0;
hThread := CreateRemoteThread( hProcess,
nil,
0,
Addr(pRemoteCode^.InjectCode[0]),
pRemoteCode,
0,
dwThreadId);
if hThread=0 then
RaiseLastWin32Error; WaitForSingleObject(hThread, INFINITE); GetExitCodeThread(hThread, dwExitCode); bOK := BOOL(dwExitCode); CloseHandle(hThread);
finally
if Assigned(pRemoteCode) then
VirtualFreeEx( hProcess,
pRemoteCode,
SizeOf(TLoadInjectInfo),
MEM_RELEASE);
end;end;
end.
代码的思路,就是再一次CreateRemoteThread,但是这次用FreeLibray来释放掉DLL的引用。我在<windows核心编程>第22章中,也看到是使用这种方法。
但我测试时,Explorer.exe报错,还在测试。