[求助] 求教通过CreateRemoteThread远程执行LoadLibraryW注入DLL后,在DLL里面设置全局Hook无效
发表于:
2019-11-14 18:46
[求助] 求教通过CreateRemoteThread远程执行LoadLibraryW注入DLL后,在DLL里面设置全局Hook无效
通过CreateRemoteThread注入dll是成功了,DllMain中能执行其它操作了,但是在DLL文件中SetWindowsHookEx执行不到钩子回调函数,请问是什么原因?
这是DLL文件中的测试代码,
CreateRemoteThread执行代码就不贴出来了,能注入成功,MessageBox能正常弹出,就是Hook回调执行不到。
HHOOK g_hHook = NULL;
LRESULT CALLBACK LowLevelKeyboardProc(int code, WPARAM wParam, LPARAM lParam)
{
if (HC_ACTION == code && wParam == WM_KEYUP) {
LPKBDLLHOOKSTRUCT pKbhs = (LPKBDLLHOOKSTRUCT)lParam;
if (pKbhs->vkCode == VK_F12) {
MessageBox(NULL, _T("F12"), _T("F12"), 0);
}
}
return CallNextHookEx(g_hHook, code, wParam, lParam);
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
MessageBox(NULL, _T("DLL注入成功"), _T("消息"), 0);
if (g_hHook == NULL) {
g_hHook = SetWindowsHookEx(WH_KEYBOARD_LL, LowLevelKeyboardProc, hModule, 0);
}
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
