一直觉得学c++太 复杂了,里面很多类型,多得根本分不清,但网上资料很多是c++的,有些问题又用其它的解决不完美(会c#、java、python)
然后还是下决定搞一搞,因为搞c++,又不得不搞VC++,还得看看MFC,这花了我三天时间,看得累,光是不同类型之间的转换就查了不少资料
好吧,开始搞dll注入,拿记事本开刀,用c#和easyhook轻易的就搞定了,一个注入程序,一个被注入dll
然后折腾c++,注入进去了还要跟主程序通信,然后就一起弄了一下,确实伤神,主要还是类型之间的问题,如果是相对于新手,网上大部分的资料都写得太粗了,完全不知道变量的类型是什么
我就贴一下完整代码,首先是先写一个dll,用的c++写的,准备注入到记事本中去的,这个dll新建比较容易,我用vs2015,直接建个c++的空项目,加一个cpp的文件开始写就可以了,我也不敢说新手会不会加,但我现在是会了,所以只能描述一下了,代码有些注释了,打开了无妨,主要功能就是被注入后,向主进程(窗口标题为MFC3)发送WM_COPYDATA消息hello world
那个COPYDATASTRUCT结构体搞了我一天的时间,最后不断拼出来的代码,网上大多是MFC的,但我就是想用C++弄出来
//#include "stdafx.h"; #include <iostream>; using namespace std; #include <windows.h>; #include <tlhelp32.h>; #include <tchar.h>; BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam); HWND GetMainWindow(); void MyPostMessage(HWND hWnd); DWORD WINAPI MyThreadProc1( LPVOID pParam ); DWORD WINAPI MyThreadProc2( LPVOID pParam ); BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch ( ul_reason_for_call ) { case DLL_PROCESS_ATTACH: { MessageBox( NULL, "DLL已进入目标进程。", "信息", MB_ICONINFORMATION ); DWORD dwThreadId; HANDLE myThread1 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc1, NULL, 0, &dwThreadId); HANDLE myThread2 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc2, NULL, 0, &dwThreadId); break; } case DLL_PROCESS_DETACH: { MessageBox( NULL, "DLL已从目标进程卸载。", "信息", MB_ICONINFORMATION ); break; } } return TRUE; } DWORD WINAPI MyThreadProc1( LPVOID pParam ) { MessageBox( NULL, "DLL已进入线程1.", "信息", MB_ICONINFORMATION ); return 0; } DWORD WINAPI MyThreadProc2( LPVOID pParam ) { //MessageBox( NULL, "DLL已进入线程2.", "信息", MB_ICONINFORMATION ); //HWND hWnd = GetMainWindow(); //if (hWnd) // hWnd = ::FindWindowEx(hWnd, 0, TEXT("EDIT"), NULL); //if (hWnd) //{ // //MessageBox(hWnd, TEXT("开始注入"), TEXT("提示"), MB_OK); // MyPostMessage(hWnd); //} //else //{ // MessageBox(hWnd, TEXT("记事本不存在"), TEXT("提示"), MB_OK); //} const char szDlgTitle[] = "MFC3"; string m_msg = "hello world " ; HWND pWnd = ::FindWindow(NULL, szDlgTitle); if (pWnd) { string strData = "hello world"; COPYDATASTRUCT CopyData; CopyData.dwData = 0; CopyData.cbData = strData.size() + 1; CopyData.lpData = (void*)strData.c_str(); SendMessage(pWnd, WM_COPYDATA, 0, (LPARAM)&CopyData); } else MessageBox(NULL, "No such Things.。", "信息", MB_ICONINFORMATION); return 0; } BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) { DWORD dwCurProcessId = *((DWORD*)lParam); DWORD dwProcessId = 0; GetWindowThreadProcessId(hwnd, &dwProcessId); if (dwProcessId == dwCurProcessId && GetParent(hwnd) == NULL) { *((HWND *)lParam) = hwnd; return FALSE; } return TRUE; } HWND GetMainWindow() { DWORD dwCurrentProcessId = GetCurrentProcessId(); if (!EnumWindows(EnumWindowsProc, (LPARAM)&dwCurrentProcessId)) { return (HWND)dwCurrentProcessId; } return NULL; } void MyPostMessage(HWND hWnd) { for (int i = 0; i < 25; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 33; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 17; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 23; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); for (int i = 0; i < 19; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 12; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 27; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 8; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 35; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 35; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 87; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 89; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 90; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 91; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 94; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 92; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 90; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'^', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 88; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } for (int i = 0; i < 88; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 86; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 84; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 80; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 8; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 78; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 76; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 72; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 12; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 70; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'^', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 67; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 64; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 17; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 60; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 18; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 58; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 20; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 54; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 18; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 50; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 20; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 46; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 26; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 28; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 37; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 26; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 30; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 32; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'[', 1); for (int i = 0; i < 29; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 33; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 27; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 36; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 34; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'[', 1); for (int i = 0; i < 37; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 44; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 46; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L'\', 1); PostMessageW(hWnd, WM_CHAR, L'O', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 44; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); }
再来说注入程序,用的MFC做的,开始完全跟c++搞混了,蒙了,一点一点来吧,找入门教程把窗口show出来,有几点说一下
#include <tlhelp32.h>;
#include <windows.h>;
这个导入一定要放在后面一点,要不会报错,说windows.h 已经被导入过一次了
在BEGIN_MESSAGE_MAP 中注册一下事件ON_WM_COPYDATA(),然后才能写后面的代码
受c#的影响,以为控件的name直接是可以在代码中用的,但MFC是要添加变量的,在控件上右键添加变量,然后才能在代码中用这个变量使用控件
MFC比c#这种使用起来的方便性,差了不是一点点,光就是如何建立一个只有窗体的项目,就研究了N久,在MFC的项目向导中,在程序类型记得选基于对话框,要不出来的一堆东西
用C++是可以写窗体的,但真的比MFC还要麻烦,不过我会尝试一下的!,整个主窗口的代码如下:
// MFC3Dlg.cpp : 实现文件 // #include <iostream>; //using namespace std; //#include <tchar.h>; #include "stdafx.h" #include "MFC3.h" #include "MFC3Dlg.h" #include "afxdialogex.h" #include <tlhelp32.h>; #include <windows.h>; #ifdef _DEBUG #define new DEBUG_NEW #endif // CMFC3Dlg 对话框 CMFC3Dlg::CMFC3Dlg(CWnd* pParent /*=NULL*/) : CDialogEx(IDD_MFC3_DIALOG, pParent) , frmA(0) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CMFC3Dlg::DoDataExchange(CDataExchange* pDX) { CDialogEx::DoDataExchange(pDX); DDX_Control(pDX, IDC_EDIT1, m_editMultiLine); } BEGIN_MESSAGE_MAP(CMFC3Dlg, CDialogEx) ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BUTTON1, &CMFC3Dlg::OnBnClickedButton1) ON_BN_CLICKED(IDC_BUTTON2, &CMFC3Dlg::OnBnClickedButton2) ON_WM_COPYDATA() ON_BN_CLICKED(IDC_BUTTON3, &CMFC3Dlg::OnBnClickedButton3) END_MESSAGE_MAP() // CMFC3Dlg 消息处理程序 BOOL CMFC3Dlg::OnInitDialog() { CDialogEx::OnInitDialog(); // 设置此对话框的图标。 当应用程序主窗口不是对话框时,框架将自动 // 执行此操作 SetIcon(m_hIcon, TRUE); // 设置大图标 SetIcon(m_hIcon, FALSE); // 设置小图标 // TODO: 在此添加额外的初始化代码 return TRUE; // 除非将焦点设置到控件,否则返回 TRUE } // 如果向对话框添加最小化按钮,则需要下面的代码 // 来绘制该图标。 对于使用文档/视图模型的 MFC 应用程序, // 这将由框架自动完成。 void CMFC3Dlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // 用于绘制的设备上下文 SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0); // 使图标在工作区矩形中居中 int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // 绘制图标 dc.DrawIcon(x, y, m_hIcon); } else { CDialogEx::OnPaint(); } } //当用户拖动最小化窗口时系统调用此函数取得光标 //显示。 HCURSOR CMFC3Dlg::OnQueryDragIcon() { return static_cast<HCURSOR>(m_hIcon); } void CMFC3Dlg::OnBnClickedButton1() { // TODO: 在此添加控件通知处理程序代码 CString Cedit = _T("hello world "); AfxGetMainWnd()->SetWindowText(L"你的标题"); CString c2; m_editMultiLine.GetWindowTextW(c2); m_editMultiLine.SetWindowTextW ( c2+ Cedit); UpdateData(FALSE); m_editMultiLine.LineScroll(m_editMultiLine.GetLineCount() - 1, 0); } void CMFC3Dlg::OnBnClickedButton2() { // TODO: 在此添加控件通知处理程序代码 CString str =_T( "MFC3"); CString m_msg=_T("hello world "); CWnd * pWnd = CWnd::FindWindow(NULL, str); UpdateData(TRUE); if (pWnd) { COPYDATASTRUCT cpd; cpd.dwData = 0; cpd.cbData = m_msg.GetLength(); cpd.lpData = (void*)str.GetBuffer(cpd.cbData); pWnd->SendMessage(WM_COPYDATA, 0, (LPARAM)&cpd); str.ReleaseBuffer(); } else MessageBox(_T("No such Things.")); } BOOL CMFC3Dlg::OnCopyData(CWnd* pWnd, COPYDATASTRUCT* pCopyDataStruct) { std::string str = (char*)pCopyDataStruct->lpData; CString c2; m_editMultiLine.GetWindowTextW(c2); c2 += " "; c2+= str.c_str() ; m_editMultiLine.SetWindowTextW(c2); return CDialog::OnCopyData(pWnd, pCopyDataStruct); } // 提升进程访问权限 bool enableDebugPriv() { HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) ) { return false; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) { CloseHandle(hToken); return false; } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = sedebugnameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) { CloseHandle(hToken); return false; } return true; } // 根据进程名称得到进程ID,如果有多个运行实例的话,返回第一个枚举到的进程的ID DWORD processNameToId(LPCTSTR lpszProcessName) { HANDLE hSnapshot = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 pe; pe.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(hSnapshot, &pe)) { MessageBox(NULL, L"The frist entry of the process list has not been copyied to the buffer", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } while (Process32Next(hSnapshot, &pe)) { if (!wcscmp(lpszProcessName, pe.szExeFile )) { return pe.th32ProcessID; } } return 0; } LPCWSTR stringToLPCWSTR(std::string orig) { size_t origsize = orig.length() + 1; const size_t newsize = 100; size_t convertedChars = 0; wchar_t *wcstring = (wchar_t *)malloc(sizeof(wchar_t) *(orig.length() - 1)); mbstowcs_s(&convertedChars, wcstring, origsize, orig.c_str(), _TRUNCATE); return wcstring; } int dll_inject() { // 定义线程体的大小 const DWORD dwThreadSize = 5 * 1024; DWORD dwWriteBytes; // 提升进程访问权限 //enableDebugPriv(); // 等待输入进程名称,注意大小写匹配 //std::cout << "Please input the name of target process !" << std::endl; //LPCTSTR szExeName = "notepad.exe"; LPCTSTR szExeName = L"notepad.exe"; DWORD dwProcessId = processNameToId(szExeName); if (dwProcessId == 0) { MessageBox(NULL, L"The target process have not been found !", L"Notice", MB_ICONINFORMATION | MB_OK ); return -1; } // 根据进程ID得到进程句柄 HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); if (!hTargetProcess) { MessageBox(NULL, L"Open target process failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } // 在宿主进程中为线程体开辟一块存储区域 // 在这里需要注意MEM_COMMIT内存非配类型以及PAGE_EXECUTE_READWRITE内存保护类型 // 其具体含义请参考MSDN中关于VirtualAllocEx函数的说明。 void* pRemoteThread = VirtualAllocEx(hTargetProcess, 0, dwThreadSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (!pRemoteThread) { MessageBox(NULL, L"Alloc memory in target process failed !", L"notice", MB_ICONINFORMATION | MB_OK ); return 0; } // 设置需要注入的DLL名称 char szDll[256]; memset(szDll, 0, 256); strcpy_s(szDll, "F:\work\code\C++Pro\x64\Debug\injectionDll.dll"); // 拷贝注入DLL内容到宿主空间 if (!WriteProcessMemory(hTargetProcess, pRemoteThread, (LPVOID)szDll, dwThreadSize, 0)) { MessageBox(NULL, L"Write data to target process failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); //::VirtualFreeEx(hTargetProcess, ptszRemoteBuf, dwSize, MEM_DECOMMIT); //::CloseHandle(hTargetProcess); return 0; } LPVOID pFunc = LoadLibraryA; //在宿主进程中创建线程 HANDLE hRemoteThread = CreateRemoteThread(hTargetProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteThread, 0, &dwWriteBytes); if (!hRemoteThread) { MessageBox(NULL, L"Create remote thread failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } // 等待LoadLibraryA加载完毕 WaitForSingleObject(hRemoteThread, INFINITE); VirtualFreeEx(hTargetProcess, pRemoteThread, dwThreadSize, MEM_COMMIT); CloseHandle(hRemoteThread); CloseHandle(hTargetProcess); return 0; } void CMFC3Dlg::OnBnClickedButton3() { // TODO: 在此添加控件通知处理程序代码 dll_inject(); }