我原意是用过Unit21.exe启动TraceMe.exe,然后拦截所有进程的键盘控格的响应,但实际情况是当我的Unit21.exe启动后,键盘响应正常,当
按下OnButton1后,TraceMe.exe被启动,这时键盘响应仍然正常。然后当TraceMe.exe退出后,所有进程的键盘控格响应被拦截。为什么
TraceMe.exe没退出时不发生拦截键盘响应呢?请高手指教,小弟先行谢过。
Unit21Dlg.cpp中有个输入文本框和一个按钮OnButton1 关键代码如下:
_declspec(dllimport) void setHook();
void CUnit21Dlg::OnButton1()
{
HANDLE gamehandle;
int a,b;
char aa[65],c[20];
sprintf(aa,TEXT("D:\\Ptools\\test\\DllTest\\Debug\\DllTest.dll"));
STARTUPINFO si={sizeof(si)};
PROCESS_INFORMATION pi;
ZeroMemory( &pi, sizeof(pi) );
ZeroMemory( &si, sizeof(si) );
a=lstrlen("D:\\Ptools\\test\\TraceMe\\Debug\\TraceMe.exe")+1;
b=a*sizeof(WCHAR);
CreateProcess(NULL,TEXT("D:\\Ptools\\test\\TraceMe\\Debug\\TraceMe.exe"),
NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);
tid=pi.dwThreadId/*GetCurrentThreadId()*/;
itoa(tid,c,10);
MessageBox(c,NULL,0);
gamehandle=OpenProcess(PROCESS_CREATE_THREAD|PROCESS_VM_OPERATION |PROCESS_VM_WRITE,0,
pi.dwProcessId);
PVOID pszLibFileRemote = (PWSTR)VirtualAllocEx(gamehandle, NULL,b, MEM_COMMIT, PAGE_READWRITE);
WriteProcessMemory(gamehandle,pszLibFileRemote,(PVOID)aa,b,NULL);
LoadLibraryA(aa);
WaitForSingleObject(gamehandle, INFINITE);
}
点击OnButton1后启动d:\Ptools\test\TraceMe\Debug\TraceMe.exe进程并远线程注入DllTest.dll,DllTest.dll代码如下:
#include "stdafx.h"
#include <stdlib.h>
HHOOK DTHook;
LRESULT CALLBACK KeyBoardProc(int nCode, WPARAM wParam, LPARAM lParam);
void setHook()
{
DTHook=SetWindowsHookEx(WH_KEYBOARD,KeyBoardProc,GetModuleHandle("DllTest"),0);
}
int tempId;
char arrayId[10];
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
//MessageBox(NULL,"ok",NULL,1);
setHook();
break;
case DLL_THREAD_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_DETACH:
break;
}
return true;
}
LRESULT CALLBACK KeyBoardProc(int nCode, WPARAM wParam, LPARAM lParam)
{
if (VK_SPACE==wParam)
{
return 1;
}
else
return CallNextHookEx(DTHook,nCode,wParam,lParam);
}
[课程]FART 脱壳王!加量不加价!FART作者讲授!
