#include <stdio.h>
#include <Windows.h>
int (*pFun)();
int H_WORK = 0;
int WorkAddress = 0;
DWORD dwThreadId;
int SetWindowLong返回 = 0, 消息值 = 0;
int StartWorkThread();
int(*函数指针)();
int 处理函数(HWND hwd, int msg, int wp, int lp);
HWND GetMainWindow();
DWORD WINAPI F_Work(_In_ LPVOID lpParameter);
#define 发送_游戏进程消息_运行标志_关闭 (WM_USER+0)
BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam);
int WINAPI
DllMain(HINSTANCE hinstDll, DWORD fdwReason, LPVOID lpvReserved) {
switch (fdwReason) {
case DLL_PROCESS_ATTACH: {
函数指针 = 处理函数;
消息值 = RegisterWindowMessage("sb");
SetWindowLong返回 = SetWindowLong(GetMainWindow(), GWL_WNDPROC, (LONG)(*函数指针));
pFun = StartWorkThread;
WorkAddress = (int)(*pFun);
_asm
{
call WorkAddress;
}
}
break;
case DLL_PROCESS_DETACH: {
SetWindowLong(GetMainWindow(), GWL_WNDPROC, SetWindowLong返回);
MessageBox(NULL, TEXT("DLL已从目标进程卸载"), TEXT("信息"), MB_ICONINFORMATION);
}
break;
}
return 1;
}
int StartWorkThread()
{
H_WORK = 0;
if (H_WORK == 0)
{
H_WORK = (int)CreateThread(NULL,0,F_Work,NULL,0,&dwThreadId);
return 1;
}
else
{
TerminateThread((HANDLE)H_WORK,0);
H_WORK = 0;
return 0;
}
}
DWORD WINAPI F_Work(_In_ LPVOID lpParameter)
{
SendMessage(GetMainWindow(), 发送_游戏进程消息_运行标志_关闭,0,0);
}
int 处理函数(HWND hwd, int msg, int wp, int lp)
{
int 进程句柄 = 0;
if (msg == 发送_游戏进程消息_运行标志_关闭)
{
MessageBox(NULL, TEXT("DLL已进入目标进程"), TEXT("信息"), MB_ICONINFORMATION);
}
return(CallWindowProc((WNDPROC)SetWindowLong返回, hwd, msg, wp, lp));
}
HWND GetMainWindow()
{
DWORD dwCurrentProcessId = GetCurrentProcessId();
if (!EnumWindows(EnumWindowsProc, (LPARAM)&dwCurrentProcessId))
{
return (HWND)dwCurrentProcessId;
}
return NULL;
}
BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
DWORD dwCurProcessId = *((DWORD*)lParam);
DWORD dwProcessId = 0;
GetWindowThreadProcessId(hwnd, &dwProcessId);
if (dwProcessId == dwCurProcessId && GetParent(hwnd) == NULL)
{
*((HWND *)lParam) = hwnd;
return FALSE;
}
return TRUE;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
