【3.A.S.T】网络安全爱好者's Archiver

黑客学习

ice_xke 发表于 2010-10-19 12:30

全局动态调用

全局动态调用笔记NZ4F | Mq2l+B-ur q*M[
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.hg^qyvBx:J,zm O
----------------------------------------d.@~6aw6Z `&C.O
DTDY.h:G x1O1Ca:XfW~(K"x
B.T3FV)YD!g!}F6eg
#if _MSC_VER>1000
w6HP5u ? X6D'L #pragma once {F;l,x:i'|.HcI
#endif //_MSC_VER>1000 } ?h6oNIZ DN
#include<windows.h>Z9l(~mF3z,gf
0x J2B9Yw |6|s
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
G:a.iP;?Iu8L class DTDY
2g)G0M/SIE [&OU {WF:LEQKq
public:
],Wm9~(Y&z0f;j*? DTDY();)K`b| ^lR
virtual ~DTDY();
DnkN:FBT public:'uJI X7[2i m*w
static pGetModuleFileNameA MyGetModuleFileName;
-|C(Y^{/x$E3@&f5n static BOOL FunInitiallization();)p/N P.k)Qe oO
};
.b#rQ rrlbuv #endif
}[DQ$@kF\` ----------------------------------------
,z)Ub{1Wb !jA^BW,Qq,m'T:]
DTDY.cpp:0}ctj-}
"sA t"Ur1eLH
#include "DTDY.h"
0w i)Lq`Uv pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;zF+DcI#ELs
DTDY:TDY()
z!I$^T m^\v {K6[Y L.|
}yU4OPC
DTDY::~DTDY()X3_.P:A x'k&[ ES
{/B#W Vj:N/w8s:?#M!i
}
L8LDik3zf+G BOOL DTDY::FunInitiallization()
(sHNsD1R {%}1[o#]n,RH*[I
HMODULE hModule=LoadLibrary("kernel32.dll");;\.N-K'u0bT"q
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
y-e`,gjQ8k if(!MyGetModuleFileName=) return FALSE;
7Z&x8B P!Q4AEex d l(t^;c.?
return TRUE;
8At`,N?Q#|{ }EC&N#V-_5D%}
----------------------------------------jcKJ\ SH~8tA
svchost.cpp:
Z0|Q x(]4W6i E6[Fxq
#include "DTDY.h"
#e:h!b"m*cyGT\ R$iCm0y-a b
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)ZJb8HA1f_
{
1E!XN Fn(|V switch(ul_reason_for_call)7T;Ky(cq.A
{
k%UVz/Rl case DLL_PROCESS_ATTACH:
P[q3N \+T,t if(!DTDY::FunInitiallization()) return FALSE;W&Q6x5PER,}%WzO

-pG@Y0|.r"Db[ break;6{J(`!C+I(|
}
!aOI,Te$b }
u o3V(\n-A^+K $u-qqP5j8sz7Fft
y.z X6DK,y*H
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
%D:m)Z:OO wYN C 改写为*s(M9{? \%srD+p;[
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));$s.i0w)P'RvMR
----------------------------------------@JV-HD6R f
KernelManager.cpp:
&[:k8[{t} f9g
O+R Y }G._J-q #include "../DTDY.h"
{,^$j9y B GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
5wHTud5A,x 改写为
"[e-x5N DM:\F DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));-O,n,@"vA!Uv
----------------------------------------

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.