Board logo

标题: [原创文章] 全局动态调用 [打印本页]
作者: ice_xke    时间: 2010-10-19 12:30     标题: 全局动态调用

全局动态调用笔记
" d% y7 ]# Q8 [6 Ysvchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h( i0 ?0 A! U8 i" O# N' E
----------------------------------------
: ^% z$ t; N. [) Q4 SDTDY.h:
9 S: L% B& Z$ x# h. g: E2 _) F, f+ D4 q) l: U9 N
#if _MSC_VER>1000
6 v7 P8 N& U" L, i( v0 i1 a0 ~4 p) M3 C, l#pragma once6 m+ U% Y6 A& |: J, z4 g3 v
#endif //_MSC_VER>1000
9 f0 z8 P3 @' }( \7 V; k3 K0 K" |- n$ |#include<windows.h>
3 M7 B- l5 V( K/ z& |) g9 h; n! x1 m4 `  f( z5 j; c
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
# M0 Z+ k1 `4 p& Z4 Bclass DTDY
  S; V/ h7 J6 h' s# S! `' J{
# c9 X- D* }5 V% X" Epublic:
4 t$ \+ W4 W& Z9 H% S6 UDTDY();
1 x: _9 _7 e% Y6 T6 B' E" Pvirtual ~DTDY();" t5 L$ j& U+ L
public:8 w5 o% `4 m. u
static pGetModuleFileNameA MyGetModuleFileName;' `' M( H" _! Y, J  v2 Y
static BOOL FunInitiallization();8 i: }( u) Y% z  R  I( P& ]
};5 w* {# S: P% Q" d
#endif
' ^0 ?; `' B1 \0 s+ z) o. f----------------------------------------0 e# Z, E: |( g6 U

  T) ^7 i+ x2 t6 g4 s. f, JDTDY.cpp:% |  s$ @( z  ~& G* c9 p7 C# [' v

% t, Z, v3 W2 W$ g#include "DTDY.h"
7 F1 `- ^$ ^6 s5 MpGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
: H* b3 h, p2 l- d  t6 |DTDY:TDY()" z7 F) Z, q. Q" j! z/ c% G( t
{+ Q5 Q, k, e: U5 S4 b' X7 s9 @
}
4 z+ T8 n+ `4 c4 e3 ^DTDY::~DTDY()
4 D4 d0 [' M. I& o{
" z, Z( P  _" j4 J$ i1 B" ?5 h8 V% x}
# R! M" t) c# V( I- YBOOL DTDY::FunInitiallization(). H) H8 w7 j. g# I1 j
{4 Z& c9 Y0 S3 ?4 Y# b( D5 S7 z( u
HMODULE hModule=LoadLibrary("kernel32.dll");
: X; k$ g/ X  |, G0 I8 y* T7 sMyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
. J6 B( r7 T4 r' C% v' Y' Bif(!MyGetModuleFileName=) return FALSE;
% e4 Z. y( ]% F* [4 i7 i& G) \& i8 U" q
return TRUE;
# A1 s; ?  u6 `) Z( b. e}
- i- C* t6 v- ^9 _) |! T----------------------------------------
7 N0 R; r1 m9 }. f* k0 t) Psvchost.cpp:# c# H9 ]5 a5 B/ \/ ?; b1 b6 H

: m8 f# K6 J! X5 S' V#include "DTDY.h"
  i0 g& v+ e# S5 a$ V9 i
" W2 \8 y1 a- `% [* ^BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
* J' m5 B$ t2 Y2 |5 v- S{
7 h- q4 X2 }* v# l3 |switch(ul_reason_for_call)
5 ~- _( `& m9 i& c{
. n7 T4 M  O5 W3 pcase DLL_PROCESS_ATTACH:
' r- \- t, e' b- gif(!DTDY::FunInitiallization()) return FALSE;  u- Y" a( f: W; K; m' d

! n5 \5 R) r0 t. [" Mbreak;
! E, L7 U# T' s3 |* _4 k; i7 {( P}, w9 ]% E  r( q/ q/ j
}9 `% p8 k% z2 j

6 X7 T# N% X. d0 m% R- P5 J; i4 _+ C3 r0 @! e+ f
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
2 u. s) \6 |7 Y* f" ^/ @: X改写为% f( A. k+ i3 J3 I& i7 {7 _
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
8 T  A9 o" g  D* {$ |$ o* h# |1 h% I----------------------------------------
+ z3 k6 d( A- }KernelManager.cpp:
' i+ |0 z! B: R) ?2 U+ A: w
3 Y; P' U; q; M3 _4 K6 L#include "../DTDY.h") u2 n/ `* i2 w0 O
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
' ~% |) c2 s$ ^, I8 W+ U& n5 l改写为: ?- @& \% `: _! Z4 G+ q' S* _$ I
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
  W/ m# {. T& ~5 W----------------------------------------



欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2