编译平台 DEV C++ 4.9.9.2
/* Replace "dll.h" with the name of your header */
#include "dll.h"
#include <windows.h>
HMODULE hModule_User32;
BYTE NewBytesA[8] = {0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0};
BYTE OldBytesA[8] = {0}; BYTE NewBytesW[8] = {0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0};
BYTE OldBytesW[8] = {0}; FARPROC CreateWindowExA_Addr;
FARPROC CreateWindowExW_Addr;HWND WINAPI MyCreateWindowExA(DWORD dwExStyle,LPCTSTR IpClassName,LPCTSTR lpWindowName,DWORD dwStyle,int x,int y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE__* hInstance,LPVOID lpParam)
{
MessageBox(0,lpWindowName,0,0);
WriteProcessMemory( INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr, (void*)OldBytesA, 8, NULL);
HWND hWnd = CreateWindowExA(dwExStyle,IpClassName,lpWindowName,dwStyle,x,y,nWidth,nHeight,hWndParent,hMenu,hInstance,lpParam);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr,(void*)NewBytesA, 8, NULL);
return hWnd;
}HWND WINAPI MyCreateWindowExW(DWORD dwExStyle,LPCWSTR IpClassName,LPCWSTR lpWindowName,DWORD dwStyle,int x,int y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE__* hInstance,LPVOID lpParam)
{
MessageBoxW(0,lpWindowName,0,0);
WriteProcessMemory( INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr, (void*)OldBytesW, 8, NULL);
HWND hWnd = CreateWindowExW(dwExStyle,IpClassName,lpWindowName,dwStyle,x,y, nWidth,nHeight,hWndParent,hMenu,hInstance,lpParam);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr,(void*)NewBytesW, 8, NULL);
return hWnd;
}BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{if (reason == DLL_PROCESS_ATTACH)
{
MessageBox(0,"B",0,0);
hModule_User32 = LoadLibrary("User32.dll");
CreateWindowExA_Addr = GetProcAddress(hModule_User32, "CreateWindowExA");
CreateWindowExW_Addr = GetProcAddress(hModule_User32, "CreateWindowExW");
*(DWORD*)(NewBytesA + 1) = (DWORD)MyCreateWindowExA;
*(DWORD*)(NewBytesW + 1) = (DWORD)MyCreateWindowExW;
ReadProcessMemory(INVALID_HANDLE_VALUE,(void *)CreateWindowExA_Addr,OldBytesA,8,NULL);
ReadProcessMemory(INVALID_HANDLE_VALUE,(void *)CreateWindowExW_Addr,OldBytesW,8,NULL);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr,(void*)NewBytesA, 8, NULL);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr,(void*)NewBytesW, 8, NULL);
}
else ;
return TRUE;
}
使用LoadLibrary("HOOK.DLL")或LoadLibraryEx("HOOK.DLL",0,DONT_RESOLVE_DLL_REFERENCES)返回值不为0,都没有弹出messagebox;用powertool也能看见HOOK.DLL,但是没有发现API HOOK;
求解
/* Replace "dll.h" with the name of your header */
#include "dll.h"
#include <windows.h>
HMODULE hModule_User32;
BYTE NewBytesA[8] = {0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0};
BYTE OldBytesA[8] = {0}; BYTE NewBytesW[8] = {0xB8, 0x0, 0x0, 0x40, 0x0, 0xFF, 0xE0, 0x0};
BYTE OldBytesW[8] = {0}; FARPROC CreateWindowExA_Addr;
FARPROC CreateWindowExW_Addr;HWND WINAPI MyCreateWindowExA(DWORD dwExStyle,LPCTSTR IpClassName,LPCTSTR lpWindowName,DWORD dwStyle,int x,int y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE__* hInstance,LPVOID lpParam)
{
MessageBox(0,lpWindowName,0,0);
WriteProcessMemory( INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr, (void*)OldBytesA, 8, NULL);
HWND hWnd = CreateWindowExA(dwExStyle,IpClassName,lpWindowName,dwStyle,x,y,nWidth,nHeight,hWndParent,hMenu,hInstance,lpParam);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr,(void*)NewBytesA, 8, NULL);
return hWnd;
}HWND WINAPI MyCreateWindowExW(DWORD dwExStyle,LPCWSTR IpClassName,LPCWSTR lpWindowName,DWORD dwStyle,int x,int y,int nWidth,int nHeight,HWND hWndParent,HMENU hMenu,HINSTANCE__* hInstance,LPVOID lpParam)
{
MessageBoxW(0,lpWindowName,0,0);
WriteProcessMemory( INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr, (void*)OldBytesW, 8, NULL);
HWND hWnd = CreateWindowExW(dwExStyle,IpClassName,lpWindowName,dwStyle,x,y, nWidth,nHeight,hWndParent,hMenu,hInstance,lpParam);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr,(void*)NewBytesW, 8, NULL);
return hWnd;
}BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{if (reason == DLL_PROCESS_ATTACH)
{
MessageBox(0,"B",0,0);
hModule_User32 = LoadLibrary("User32.dll");
CreateWindowExA_Addr = GetProcAddress(hModule_User32, "CreateWindowExA");
CreateWindowExW_Addr = GetProcAddress(hModule_User32, "CreateWindowExW");
*(DWORD*)(NewBytesA + 1) = (DWORD)MyCreateWindowExA;
*(DWORD*)(NewBytesW + 1) = (DWORD)MyCreateWindowExW;
ReadProcessMemory(INVALID_HANDLE_VALUE,(void *)CreateWindowExA_Addr,OldBytesA,8,NULL);
ReadProcessMemory(INVALID_HANDLE_VALUE,(void *)CreateWindowExW_Addr,OldBytesW,8,NULL);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr,(void*)NewBytesA, 8, NULL);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr,(void*)NewBytesW, 8, NULL);
}
else ;
return TRUE;
}
使用LoadLibrary("HOOK.DLL")或LoadLibraryEx("HOOK.DLL",0,DONT_RESOLVE_DLL_REFERENCES)返回值不为0,都没有弹出messagebox;用powertool也能看见HOOK.DLL,但是没有发现API HOOK;
求解
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{
MessageBox(0,"B",0,0);
if (reason == DLL_PROCESS_ATTACH)
{ hModule_User32 = LoadLibrary("User32.dll");
CreateWindowExA_Addr = GetProcAddress(hModule_User32, "CreateWindowExA");
CreateWindowExW_Addr = GetProcAddress(hModule_User32, "CreateWindowExW");
*(DWORD*)(NewBytesA + 1) = (DWORD)MyCreateWindowExA;
*(DWORD*)(NewBytesW + 1) = (DWORD)MyCreateWindowExW;
ReadProcessMemory(INVALID_HANDLE_VALUE,(void *)CreateWindowExA_Addr,OldBytesA,8,NULL);
ReadProcessMemory(INVALID_HANDLE_VALUE,(void *)CreateWindowExW_Addr,OldBytesW,8,NULL);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExA_Addr,(void*)NewBytesA, 8, NULL);
WriteProcessMemory(INVALID_HANDLE_VALUE, (void*)CreateWindowExW_Addr,(void*)NewBytesW, 8, NULL);
}
else ;
return TRUE;
}
我觉得有可能是DllMain没编译进去,看看什么情况.....然后试试用VS编译下......