一直觉得学c++太 复杂了,里面很多类型,多得根本分不清,但网上资料很多是c++的,有些问题又用其它的解决不完美(会c#、java、python)
然后还是下决定搞一搞,因为搞c++,又不得不搞VC++,还得看看MFC,这花了我三天时间,看得累,光是不同类型之间的转换就查了不少资料
好吧,开始搞dll注入,拿记事本开刀,用c#和easyhook轻易的就搞定了,一个注入程序,一个被注入dll
然后折腾c++,注入进去了还要跟主程序通信,然后就一起弄了一下,确实伤神,主要还是类型之间的问题,如果是相对于新手,网上大部分的资料都写得太粗了,完全不知道变量的类型是什么
我就贴一下完整代码,首先是先写一个dll,用的c++写的,准备注入到记事本中去的,这个dll新建比较容易,我用vs2015,直接建个c++的空项目,加一个cpp的文件开始写就可以了,我也不敢说新手会不会加,但我现在是会了,所以只能描述一下了,代码有些注释了,打开了无妨,主要功能就是被注入后,向主进程(窗口标题为MFC3)发送WM_COPYDATA消息hello world
那个COPYDATASTRUCT结构体搞了我一天的时间,最后不断拼出来的代码,网上大多是MFC的,但我就是想用C++弄出来
//#include "stdafx.h";
#include <iostream>;
using namespace std;
#include <windows.h>;
#include <tlhelp32.h>;
#include <tchar.h>;
BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam);
HWND GetMainWindow();
void MyPostMessage(HWND hWnd);
DWORD WINAPI MyThreadProc1( LPVOID pParam );
DWORD WINAPI MyThreadProc2( LPVOID pParam );
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch ( ul_reason_for_call )
{
case DLL_PROCESS_ATTACH:
{
MessageBox( NULL, "DLL已进入目标进程。", "信息", MB_ICONINFORMATION );
DWORD dwThreadId;
HANDLE myThread1 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc1, NULL, 0, &dwThreadId);
HANDLE myThread2 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc2, NULL, 0, &dwThreadId);
break;
}
case DLL_PROCESS_DETACH:
{
MessageBox( NULL, "DLL已从目标进程卸载。", "信息", MB_ICONINFORMATION );
break;
}
}
return TRUE;
}
DWORD WINAPI MyThreadProc1( LPVOID pParam )
{
MessageBox( NULL, "DLL已进入线程1.", "信息", MB_ICONINFORMATION );
return 0;
}
DWORD WINAPI MyThreadProc2( LPVOID pParam )
{
//MessageBox( NULL, "DLL已进入线程2.", "信息", MB_ICONINFORMATION );
//HWND hWnd = GetMainWindow();
//if (hWnd)
// hWnd = ::FindWindowEx(hWnd, 0, TEXT("EDIT"), NULL);
//if (hWnd)
//{
// //MessageBox(hWnd, TEXT("开始注入"), TEXT("提示"), MB_OK);
// MyPostMessage(hWnd);
//}
//else
//{
// MessageBox(hWnd, TEXT("记事本不存在"), TEXT("提示"), MB_OK);
//}
const char szDlgTitle[] = "MFC3";
string m_msg = "hello world \r\n" ;
HWND pWnd = ::FindWindow(NULL, szDlgTitle);
if (pWnd)
{
string strData = "hello world";
COPYDATASTRUCT CopyData;
CopyData.dwData = 0;
CopyData.cbData = strData.size() + 1;
CopyData.lpData = (void*)strData.c_str();
SendMessage(pWnd, WM_COPYDATA, 0, (LPARAM)&CopyData);
}
else
MessageBox(NULL, "No such Things.。", "信息", MB_ICONINFORMATION);
return 0;
}
BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)
{
DWORD dwCurProcessId = *((DWORD*)lParam);
DWORD dwProcessId = 0;
GetWindowThreadProcessId(hwnd, &dwProcessId);
if (dwProcessId == dwCurProcessId && GetParent(hwnd) == NULL)
{
*((HWND *)lParam) = hwnd;
return FALSE;
}
return TRUE;
}
HWND GetMainWindow()
{
DWORD dwCurrentProcessId = GetCurrentProcessId();
if (!EnumWindows(EnumWindowsProc, (LPARAM)&dwCurrentProcessId))
{
return (HWND)dwCurrentProcessId;
}
return NULL;
}
void MyPostMessage(HWND hWnd)
{
for (int i = 0; i < 25; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L',', 1);
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 33; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 7; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 17; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 16; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 15; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 23; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L']', 1);
for (int i = 0; i < 19; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 13; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 12; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L']', 1);
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 24; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 15; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 27; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L']', 1);
for (int i = 0; i < 10; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 9; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 31; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 11; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 31; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 8; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 7; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 35; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 7; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 35; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 6; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 5; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 39; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 39; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 4; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 3; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 87; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 89; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 90; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 91; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 93; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 94; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 93; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 93; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 93; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 93; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
for (int i = 0; i < 93; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 92; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 90; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'^', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 3; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 88; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 4; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
for (int i = 0; i < 88; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 4; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 86; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L' ', 1);
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 5; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 84; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 3; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 7; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 80; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 5; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 8; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 78; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 6; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 9; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 76; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 7; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 11; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 72; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 9; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 12; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'=', 1);
for (int i = 0; i < 70; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'^', 1);
for (int i = 0; i < 10; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 13; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 67; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 11; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 15; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 64; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 13; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 17; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 60; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
for (int i = 0; i < 15; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 18; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 58; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 16; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 20; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 54; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 18; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 22; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 50; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 20; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 24; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 46; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 22; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 26; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 42; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 24; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 28; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 37; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 26; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 30; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 32; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'[', 1);
for (int i = 0; i < 29; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 33; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 27; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 31; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 36; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 22; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 34; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 39; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 16; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'[', 1);
for (int i = 0; i < 37; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 42; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
for (int i = 0; i < 10; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'/', 1);
PostMessageW(hWnd, WM_CHAR, L'.', 1);
for (int i = 0; i < 39; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 44; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L',', 1);
for (int i = 0; i < 6; i++) {
PostMessageW(hWnd, WM_CHAR, L'O', 1);
}
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 42; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
for (int i = 0; i < 46; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'.', 1);
PostMessageW(hWnd, WM_CHAR, L'\\', 1);
PostMessageW(hWnd, WM_CHAR, L'O', 1);
PostMessageW(hWnd, WM_CHAR, L'`', 1);
for (int i = 0; i < 44; i++) {
PostMessageW(hWnd, WM_CHAR, L' ', 1);
}
PostMessageW(hWnd, WM_CHAR, L'\n', 1);
}
再来说注入程序,用的MFC做的,开始完全跟c++搞混了,蒙了,一点一点来吧,找入门教程把窗口show出来,有几点说一下
#include <tlhelp32.h>;
#include <windows.h>;
这个导入一定要放在后面一点,要不会报错,说windows.h 已经被导入过一次了
在BEGIN_MESSAGE_MAP 中注册一下事件ON_WM_COPYDATA(),然后才能写后面的代码
受c#的影响,以为控件的name直接是可以在代码中用的,但MFC是要添加变量的,在控件上右键添加变量,然后才能在代码中用这个变量使用控件
MFC比c#这种使用起来的方便性,差了不是一点点,光就是如何建立一个只有窗体的项目,就研究了N久,在MFC的项目向导中,在程序类型记得选基于对话框,要不出来的一堆东西
用C++是可以写窗体的,但真的比MFC还要麻烦,不过我会尝试一下的!,整个主窗口的代码如下:
// MFC3Dlg.cpp : 实现文件
//
#include <iostream>;
//using namespace std;
//#include <tchar.h>;
#include "stdafx.h"
#include "MFC3.h"
#include "MFC3Dlg.h"
#include "afxdialogex.h"
#include <tlhelp32.h>;
#include <windows.h>;
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
// CMFC3Dlg 对话框
CMFC3Dlg::CMFC3Dlg(CWnd* pParent /*=NULL*/)
: CDialogEx(IDD_MFC3_DIALOG, pParent)
, frmA(0)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CMFC3Dlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
DDX_Control(pDX, IDC_EDIT1, m_editMultiLine);
}
BEGIN_MESSAGE_MAP(CMFC3Dlg, CDialogEx)
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_BUTTON1, &CMFC3Dlg::OnBnClickedButton1)
ON_BN_CLICKED(IDC_BUTTON2, &CMFC3Dlg::OnBnClickedButton2)
ON_WM_COPYDATA()
ON_BN_CLICKED(IDC_BUTTON3, &CMFC3Dlg::OnBnClickedButton3)
END_MESSAGE_MAP()
// CMFC3Dlg 消息处理程序
BOOL CMFC3Dlg::OnInitDialog()
{
CDialogEx::OnInitDialog();
// 设置此对话框的图标。 当应用程序主窗口不是对话框时,框架将自动
// 执行此操作
SetIcon(m_hIcon, TRUE); // 设置大图标
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
// 如果向对话框添加最小化按钮,则需要下面的代码
// 来绘制该图标。 对于使用文档/视图模型的 MFC 应用程序,
// 这将由框架自动完成。
void CMFC3Dlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
// 使图标在工作区矩形中居中
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialogEx::OnPaint();
}
}
//当用户拖动最小化窗口时系统调用此函数取得光标
//显示。
HCURSOR CMFC3Dlg::OnQueryDragIcon()
{
return static_cast<HCURSOR>(m_hIcon);
}
void CMFC3Dlg::OnBnClickedButton1()
{
// TODO: 在此添加控件通知处理程序代码
CString Cedit = _T("hello world \r\n");
AfxGetMainWnd()->SetWindowText(L"你的标题");
CString c2;
m_editMultiLine.GetWindowTextW(c2);
m_editMultiLine.SetWindowTextW ( c2+ Cedit);
UpdateData(FALSE);
m_editMultiLine.LineScroll(m_editMultiLine.GetLineCount() - 1, 0);
}
void CMFC3Dlg::OnBnClickedButton2()
{
// TODO: 在此添加控件通知处理程序代码
CString str =_T( "MFC3");
CString m_msg=_T("hello world \r\n");
CWnd * pWnd = CWnd::FindWindow(NULL, str);
UpdateData(TRUE);
if (pWnd)
{
COPYDATASTRUCT cpd;
cpd.dwData = 0;
cpd.cbData = m_msg.GetLength();
cpd.lpData = (void*)str.GetBuffer(cpd.cbData);
pWnd->SendMessage(WM_COPYDATA, 0, (LPARAM)&cpd);
str.ReleaseBuffer();
}
else
MessageBox(_T("No such Things."));
}
BOOL CMFC3Dlg::OnCopyData(CWnd* pWnd, COPYDATASTRUCT* pCopyDataStruct)
{
std::string str = (char*)pCopyDataStruct->lpData;
CString c2;
m_editMultiLine.GetWindowTextW(c2);
c2 += "\r\n";
c2+= str.c_str() ;
m_editMultiLine.SetWindowTextW(c2);
return CDialog::OnCopyData(pWnd, pCopyDataStruct);
}
// 提升进程访问权限
bool enableDebugPriv()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)
)
{
return false;
}
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle(hToken);
return false;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL))
{
CloseHandle(hToken);
return false;
}
return true;
}
// 根据进程名称得到进程ID,如果有多个运行实例的话,返回第一个枚举到的进程的ID
DWORD processNameToId(LPCTSTR lpszProcessName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(hSnapshot, &pe))
{
MessageBox(NULL,
L"The frist entry of the process list has not been copyied to the buffer",
L"Notice",
MB_ICONINFORMATION | MB_OK
);
return 0;
}
while (Process32Next(hSnapshot, &pe))
{
if (!wcscmp(lpszProcessName, pe.szExeFile ))
{
return pe.th32ProcessID;
}
}
return 0;
}
LPCWSTR stringToLPCWSTR(std::string orig)
{
size_t origsize = orig.length() + 1;
const size_t newsize = 100;
size_t convertedChars = 0;
wchar_t *wcstring = (wchar_t *)malloc(sizeof(wchar_t) *(orig.length() - 1));
mbstowcs_s(&convertedChars, wcstring, origsize, orig.c_str(), _TRUNCATE);
return wcstring;
}
int dll_inject()
{
// 定义线程体的大小
const DWORD dwThreadSize = 5 * 1024;
DWORD dwWriteBytes;
// 提升进程访问权限
//enableDebugPriv();
// 等待输入进程名称,注意大小写匹配
//std::cout << "Please input the name of target process !" << std::endl;
//LPCTSTR szExeName = "notepad.exe";
LPCTSTR szExeName = L"notepad.exe";
DWORD dwProcessId = processNameToId(szExeName);
if (dwProcessId == 0)
{
MessageBox(NULL,
L"The target process have not been found !",
L"Notice",
MB_ICONINFORMATION | MB_OK
);
return -1;
}
// 根据进程ID得到进程句柄
HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (!hTargetProcess)
{
MessageBox(NULL,
L"Open target process failed !",
L"Notice",
MB_ICONINFORMATION | MB_OK
);
return 0;
}
// 在宿主进程中为线程体开辟一块存储区域
// 在这里需要注意MEM_COMMIT内存非配类型以及PAGE_EXECUTE_READWRITE内存保护类型
// 其具体含义请参考MSDN中关于VirtualAllocEx函数的说明。
void* pRemoteThread = VirtualAllocEx(hTargetProcess, 0, dwThreadSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!pRemoteThread)
{
MessageBox(NULL,
L"Alloc memory in target process failed !",
L"notice",
MB_ICONINFORMATION | MB_OK
);
return 0;
}
// 设置需要注入的DLL名称
char szDll[256];
memset(szDll, 0, 256);
strcpy_s(szDll, "F:\\work\\code\\C++Pro\\x64\\Debug\\injectionDll.dll");
// 拷贝注入DLL内容到宿主空间
if (!WriteProcessMemory(hTargetProcess, pRemoteThread, (LPVOID)szDll, dwThreadSize, 0))
{
MessageBox(NULL,
L"Write data to target process failed !",
L"Notice",
MB_ICONINFORMATION | MB_OK
);
//::VirtualFreeEx(hTargetProcess, ptszRemoteBuf, dwSize, MEM_DECOMMIT);
//::CloseHandle(hTargetProcess);
return 0;
}
LPVOID pFunc = LoadLibraryA;
//在宿主进程中创建线程
HANDLE hRemoteThread = CreateRemoteThread(hTargetProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteThread, 0, &dwWriteBytes);
if (!hRemoteThread)
{
MessageBox(NULL,
L"Create remote thread failed !",
L"Notice",
MB_ICONINFORMATION | MB_OK
);
return 0;
}
// 等待LoadLibraryA加载完毕
WaitForSingleObject(hRemoteThread, INFINITE);
VirtualFreeEx(hTargetProcess, pRemoteThread, dwThreadSize, MEM_COMMIT);
CloseHandle(hRemoteThread);
CloseHandle(hTargetProcess);
return 0;
}
void CMFC3Dlg::OnBnClickedButton3()
{
// TODO: 在此添加控件通知处理程序代码
dll_inject();
}
来源:oschina
链接:https://my.oschina.net/u/4306876/blog/4292337