小弟想远程注射到指定进程然后HOOK此进程
下面是小弟的代码,导出SetHook();
// RemoteDll.cpp : Defines the initialization routines for the DLL.
//
#include "stdafx.h"
#include <afxdllx.h>
#include "TestCallClass.h"
#ifdef _MANAGED
#error Please read instructions in RemoteDll.cpp to compile with /clr
// If you want to add /clr to your project you must do the following:
// 1. Remove the above include for afxdllx.h
// 2. Add a .cpp file to your project that does not have /clr thrown and has
// Precompiled headers disabled, with the following text:
// #include <afxwin.h>
// #include <afxdllx.h>
#endif
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
DWORD WINAPI ThreadProc(LPVOID lpParameter);
void SetHook();
HHOOK hmouse;
LRESULT CALLBACK KeyboardProc(int ncode,WPARAM wParam,LPARAM lParam);
static AFX_EXTENSION_MODULE RemoteDllDLL = { NULL, NULL };
#ifdef _MANAGED
#pragma managed(push, off)
#endif
CTestCallClass testcallclass;
extern "C" int APIENTRY
DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
// Remove this if you use lpReserved
UNREFERENCED_PARAMETER(lpReserved);
if (dwReason == DLL_PROCESS_ATTACH)
{
TRACE0("RemoteDll.DLL Initializing!\n");
// Extension DLL one-time initialization
if (!AfxInitExtensionModule(RemoteDllDLL, hInstance))
return 0;
HANDLE Threadhandle;
Threadhandle=CreateThread(NULL,0,ThreadProc,NULL,0,0);
if (Threadhandle==NULL)
{
MessageBox(NULL,L"Create Thread Failure!",L"Error",MB_OK);
return -1;
}
Sleep(1000);
CloseHandle(Threadhandle);
new CDynLinkLibrary(RemoteDllDLL);
}
else if (dwReason == DLL_PROCESS_DETACH)
{
TRACE0("RemoteDll.DLL Terminating!\n");
// Terminate the library before destructors are called
AfxTermExtensionModule(RemoteDllDLL);
}
return 1; // ok
}
#ifdef _MANAGED
#pragma managed(pop)
#endif
DWORD WINAPI ThreadProc(LPVOID lpParameter)
{
testcallclass.Create(IDD_DLG_CALLTEST,NULL);
SetHook();
return 1;
}
void SetHook()
{
hmouse=SetWindowsHookEx(WH_KEYBOARD,KeyboardProc,NULL,GetCurrentThreadId());
if (hmouse==NULL)
{
MessageBox(NULL,L"Set KeyboardHook Failure!",L"Error",MB_OK);
return;
}
}
LRESULT CALLBACK KeyboardProc(int ncode,WPARAM wParam,LPARAM lParam)
{
if (VK_HOME==wParam)
{
if(!testcallclass.IsWindowVisible())
{
testcallclass.ShowWindow(SW_SHOWNORMAL);
return 1;
}
else
{
testcallclass.ShowWindow(SW_HIDE);
return 1;
}
}
MessageBox(NULL,L"KeyboardProc OK!",L"test",MB_OK); //测试此过程
CallNextHookEx(hmouse,ncode,wParam,lParam);
return 1;
}
比如注射到A进程后HOOK键盘上的HOME键,来控制对话框的显示和隐藏
小弟google了一下,有人说在DLL_PROCESS_ATTACH处理里不能下钩子,必须另开线程
小弟的代码编译后调用SetHook()后没有错提示,但是不能HOOK键盘上的HOME键
最后我在回调函数处理中加了
MessageBox(NULL,L"KeyboardProc OK!",L"test",MB_OK);
但是按下键盘的任意键都没有反映
如果说安装钩子不成功的话
会有MessageBox(NULL,L"Set KeyboardHook Failure!",L"Error",MB_OK);来提示
可是没有提示,说明安装成功
但是怎么HOOK不起作用呢?
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法