求解,这个程序有人说测试成功,有一些不成功?这个程序有人说测试成功,有一些不成功?我测试了无数次也没成功,不知道原因在哪里,DLL和调用程序都能生成成功,就是注入DLL到目标程序不成功。请朋友帮忙看看,问题在哪儿? 消息钩子(HOOK)DLL注入
注入某个窗口的进程之扣,通过键盘消息来激活dll中的窗体信息以下我的例子是 往 a.txt -记事本 这个窗体中进程中注入后,然后你在使用这个记本事的是时候,随便按什么键就会调用 dll的窗体了(当然,你要指定特定的按键也可以,自己再写代码做判断了)下面开始第一步,当然是新建 dll 向寻了在 dpr文件中的代码如下
library Hook32;
uses
SysUtils,
Forms,
Classes,
myDLl in 'myDLl.pas' {Form1};
{$R *.res}exports
HookOn,HookOff;begin
{Application.Initialize;
Application.Run; }
end.
第二步,新建一个窗体,添加 一个按键,一个memo ,一个 edit 等三个控件
再添如下代码unit myDLl;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Edit1: TEdit;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure FormDestroy(Sender: TObject);
procedure FormActivate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;
function HookOn(lpHwnd:HWND;lpType:Longint):Longint;stdcall;export;
function HookOff:Boolean;stdcall;export;implementation
{type KeyboardBytes=record
kbArray:array[0..255] of byte;
end;}var
hHk: HHOOK=0;
hMOUSEHk: HHOOK=0;
mhwnd:HWND=0;
bShow:Boolean=False;
myKey:Byte=VK_F7;
kbArray:TKeyboardState;
hThread: Cardinal;
hmod: Pointer; //Hinstance
hProcessId: Cardinal;// KeyHookStruct:^THardwareHookStruct;
mMode:Integer; {$R *.dfm}function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;
begin
Result :=0;if nCode<0 then
Result := CallNextHookEx(hHk,nCode,WParam,LParam)
else
begin
GetKeyboardState(kbArray);if (bShow=False) And (kbArray[myKey]=1) then
begin
bShow:=True;
Form1:=TForm1.Create(Application);
ShowCursor(true);
try
SetWindowPos(Form1.Handle, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE Or SWP_NOSIZE);Result :=1;
SuspendThread(hThread);
Form1.ShowModal;
ShowCursor(true);
ResumeThread(hThread);
kbArray[myKey] := 0;
SetKeyboardState(kbArray);finally
Form1.Free;
end;
end
else
begin
Result := CallNextHookEx(hHk,nCode,WParam,LParam);
end;
end;
end;function HookOn(lpHwnd:HWND;lpType:Longint): Longint;stdcall; export;
begin
mhwnd:=lpHwnd;
if hHk<>0 then UnHookWindowsHookEx(hHk);
hThread :=GetWindowThreadProcessId(mhwnd,hmod);//其实,这个地方可以判断一下你的键盘什么是什么,再决定要不要执行下面的hHk :=SetWindowsHookEx(lpType,@HookProc,hInstance,hThread); // WH_KEYBOARD
Result :=hHk
end;function HookOff:Boolean;stdcall; export;
begin
if hHk<>0 then
begin
UnHookWindowsHookEx(hHk);
hHk :=0;
Result :=true;
end
else
Result :=false;
end;procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
bShow:=False;
end;procedure TForm1.FormDestroy(Sender: TObject);
begin
bShow:=False;
end;procedure TForm1.Button1Click(Sender: TObject);
begin
Form1.close;
end;procedure TForm1.FormActivate(Sender: TObject);
begin
ShowCursor(true);
end;end.好了。第三步,奖前面的编译好,再另新建一个应用将前面的生成的dll文件 复制到这个工程下为这个工程的窗体添加一个按钮然后整个的代码如下unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls;type
TForm1 = class(TForm)
Button1: TButton;
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Button1Click(Sender: TObject);private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
function HookOn(lpHwnd:HWND;lpType:Longint):Longint;stdcall;external 'Hook32.dll' name 'HookOn';
function HookOff:Boolean;stdcall;external 'Hook32.dll' name 'HookOff';
implementation{$R *.dfm}procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
hookoff;
end;procedure TForm1.Button1Click(Sender: TObject);
varh1:HWND;
beginh1:=FindWindow(NIL,'a.txt - 记事本');//这是窗口的句柄,要自己找到后,填写入。
HookOn(h1,WH_KEYBOARD);end;end.
好了,,打开那个标题的记事本。 点一下按钮, 然后到那个记事本里随便输什么。。看是不是跳出一个窗体了??
注入某个窗口的进程之扣,通过键盘消息来激活dll中的窗体信息以下我的例子是 往 a.txt -记事本 这个窗体中进程中注入后,然后你在使用这个记本事的是时候,随便按什么键就会调用 dll的窗体了(当然,你要指定特定的按键也可以,自己再写代码做判断了)下面开始第一步,当然是新建 dll 向寻了在 dpr文件中的代码如下
library Hook32;
uses
SysUtils,
Forms,
Classes,
myDLl in 'myDLl.pas' {Form1};
{$R *.res}exports
HookOn,HookOff;begin
{Application.Initialize;
Application.Run; }
end.
第二步,新建一个窗体,添加 一个按键,一个memo ,一个 edit 等三个控件
再添如下代码unit myDLl;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Edit1: TEdit;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure FormDestroy(Sender: TObject);
procedure FormActivate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;
function HookOn(lpHwnd:HWND;lpType:Longint):Longint;stdcall;export;
function HookOff:Boolean;stdcall;export;implementation
{type KeyboardBytes=record
kbArray:array[0..255] of byte;
end;}var
hHk: HHOOK=0;
hMOUSEHk: HHOOK=0;
mhwnd:HWND=0;
bShow:Boolean=False;
myKey:Byte=VK_F7;
kbArray:TKeyboardState;
hThread: Cardinal;
hmod: Pointer; //Hinstance
hProcessId: Cardinal;// KeyHookStruct:^THardwareHookStruct;
mMode:Integer; {$R *.dfm}function HookProc(nCode:Integer;WParam: WPARAM;LParam:LPARAM):LRESULT;stdcall;
begin
Result :=0;if nCode<0 then
Result := CallNextHookEx(hHk,nCode,WParam,LParam)
else
begin
GetKeyboardState(kbArray);if (bShow=False) And (kbArray[myKey]=1) then
begin
bShow:=True;
Form1:=TForm1.Create(Application);
ShowCursor(true);
try
SetWindowPos(Form1.Handle, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE Or SWP_NOSIZE);Result :=1;
SuspendThread(hThread);
Form1.ShowModal;
ShowCursor(true);
ResumeThread(hThread);
kbArray[myKey] := 0;
SetKeyboardState(kbArray);finally
Form1.Free;
end;
end
else
begin
Result := CallNextHookEx(hHk,nCode,WParam,LParam);
end;
end;
end;function HookOn(lpHwnd:HWND;lpType:Longint): Longint;stdcall; export;
begin
mhwnd:=lpHwnd;
if hHk<>0 then UnHookWindowsHookEx(hHk);
hThread :=GetWindowThreadProcessId(mhwnd,hmod);//其实,这个地方可以判断一下你的键盘什么是什么,再决定要不要执行下面的hHk :=SetWindowsHookEx(lpType,@HookProc,hInstance,hThread); // WH_KEYBOARD
Result :=hHk
end;function HookOff:Boolean;stdcall; export;
begin
if hHk<>0 then
begin
UnHookWindowsHookEx(hHk);
hHk :=0;
Result :=true;
end
else
Result :=false;
end;procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
bShow:=False;
end;procedure TForm1.FormDestroy(Sender: TObject);
begin
bShow:=False;
end;procedure TForm1.Button1Click(Sender: TObject);
begin
Form1.close;
end;procedure TForm1.FormActivate(Sender: TObject);
begin
ShowCursor(true);
end;end.好了。第三步,奖前面的编译好,再另新建一个应用将前面的生成的dll文件 复制到这个工程下为这个工程的窗体添加一个按钮然后整个的代码如下unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls;type
TForm1 = class(TForm)
Button1: TButton;
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure Button1Click(Sender: TObject);private
{ Private declarations }
public
{ Public declarations }
end;var
Form1: TForm1;
function HookOn(lpHwnd:HWND;lpType:Longint):Longint;stdcall;external 'Hook32.dll' name 'HookOn';
function HookOff:Boolean;stdcall;external 'Hook32.dll' name 'HookOff';
implementation{$R *.dfm}procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
hookoff;
end;procedure TForm1.Button1Click(Sender: TObject);
varh1:HWND;
beginh1:=FindWindow(NIL,'a.txt - 记事本');//这是窗口的句柄,要自己找到后,填写入。
HookOn(h1,WH_KEYBOARD);end;end.
好了,,打开那个标题的记事本。 点一下按钮, 然后到那个记事本里随便输什么。。看是不是跳出一个窗体了??
代碼太多,這會兒不在傢阿!呵呵