zoukankan      html  css  js  c++  java
  • 黑客常用WinAPI函数整理

    之前的博客写了很多关于Windows编程的内容,在Windows环境下的黑客必须熟练掌握底层API编程。为了使读者对黑客常用的Windows API有个更全面的了解以及方便日后使用API方法的查询,特将这些常用的API按照7大分类进行整理如下,希望对大家的学习有所帮助。

    一、进程

    创建进程:

    CreateProcess("C:\windows\notepad.exe",0,0,0,0,0,0,0,&si,&pi);

    WinExec("notepad",SW_SHOW);

    ShellExecute(0,"open","notepad","c:\a.txt","",SW_SHOW);

    ShellExecuteEx(&sei);

    遍历进程:

    CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);

    Process32First(hsnap,&pe32);

    Process32Next(hsnap,&pe32);

    终止进程:

    ExitProcess(0);

    TerminateProcess(hProc,0);

    打开进程:

    OpenProcess(PROCESS_ALL_ACCESS,0,pid);

    获取进程ID

    GetCurrentProcesssId();

    获取进程可执行文件路径:

    GetModuleFileName(NULL,buf,len);

    GetProcessImageFileName(hproc,buf,len);

    遍历进程模块信息:

    CreateToolhelp32Snapshot(TH32CS_SNAPMODILE,pid);

    Module32First(hsnap,&mdl32);

    Module32Next(hsnap,&mdl2);

    获取指定模块句柄:

    GetModuleHandle(“kernel32.dll”);

    获取模块内函数地址:

    GetProcessAddr(hmdl,”MessageBox”);

    动态加载DLL

    LoadLibrary(“user32.dll”);

    卸载DLL

    FreeLibrary(hDll);

    获取进程命令行参数:

    GetCommandLine();

    任何进程GetCommandLine函数地址后偏移一个字节后的4字节地址为命令行地址。

    读写远程进程数据:

    ReadProcessMemory(hproc,baseAddr,buf,len,&size);

    WriteProcessMemory(hproc,baseAddr,buf,len,&size);

    申请内存:

    VirtualAlloc(0,size,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

    VirtualAllocEx(hproc,0,size,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

    修改内存属性:

    VirtualProtect(addr,size,PAGE_EXECUTE_READWRITE,&oldAddr);

    VirtualProtectEx(hproc,addr,size,PAGE_EXECUTE_READWRITE,&oldAddr);

    释放内存:

    VirtualFree( addr, size, MEM_RELEASE);

    VirtualFreeEx(hproc, addr, size, MEM_RELEASE);

    获取系统版本(Win NT/2K/XP<0x80000000)

    getVersion();

    读写进程优先级:

    SetPriorityClass(hproc,Normal);

    GetPriority(hproc);

    SetProcessPriorityBoost(hproc,true);

    GetProcessPriorityBoost(hproc,pBool);

    二、线程

    创建线程(CreateThread的线程函数调用了strtokrand等需使用_endthread()释放内存)

    CreateThread(0,0,startAddr,&para,0,&tid);

    _beginthread(startAddr,0,0);

    _beginthreadex(0,0,startAddr,0,0,&tid);

    CreateRemoteThread(hproc,0,0,func,&para,0,&tid);

    获取线程ID

    GetCurrentThreadId();

    关闭线程句柄(减少内核对象使用次数,防止内存泄漏):

    CloseHandle(hthread);

    挂起与激活线程(维护暂停次数)

    SuspendThread(hthread);

    ResumeThread(hthread);

    获取线程退出代码:

    GetExitCode(hthread,&code);

    等待线程退出(线程受信状态或超时)

    WaitForSignleObject(htread,1000);

    WaitForMultipleObjects(num,handles,true,INFINITE);

    遍历线程:

    CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);

    Thread32First(hsnap,&mdl32);

    Thread32Next(hsnap,&mdl2);

    获取线程函数入口:

    ZwQueryInfomationThread(hthread,ThreadQuerySetWin32StartAddress,&buf,4,NULL);

    打开线程:

    OpenThread(THREAD_ALL_ACCESS,false,&tid);

    获取线程函数地址所属模块:

    GetMappedFileName(hproc,addr,buf,256);

    读写线程优先级:

    SetThreadPriority(hthread,Normal);

    GetThreadPriority(hthread);

    SetThreadPriorityBoost(hproc,true);

    GetThreadPriorityBoost(hproc,pBool);

    终止线程:

    ExitThread(5);

    TerminateThread(hthread,5);

    线程同步临界区对象:

    InitializeCriticalSection(&cs);

    EnterCriticalSection(&cs);

    LeaveCriticalSection(&cs);

    DeleteCriticalSection(&cs);

    线程同步事件内核对象:

    OpenEvent(EVENT_ALL_ACCESS,false,name);

    CreateEvent(NULL,false,true,NULL);

    WaitForSingleObject(hevnt,INFINITE);

    SetEvent(hevnt);

    ResetEvent(hevnt);

    线程同步互斥内核对象:

    CreateMutex(NULL,false,NULL);

    WaitForSingleObject(hmutex,INFINITE);

    ReleaseMutex(hmutex);

    OpenMutex(MUTEX_ALL_ACCESS,false,name);

    三、注册表

    创建键:

    RegCreateKeyEx(HKEY_CURRENT_USER,”TestNewKey”,0,0,REG_OPTION_VOLATILE,KEY_ALL_ACCESS,0,&subkey,&state);

    打开键:

    RegCreateKeyEx(HKEY_CURRENT_USER,”Control Panel”,0,KEY_ALL_ACCESS,&subkey);

    关闭键:

    RegCloseKey(hkey);

    遍历键:

    RegEnumKeyEx(hsubkey,index,keyname,&nameSize,0,0,0,&time);

    FileTimeToSystemTime(&time,&systime);

    RegQueryInfo(hsubkey,0,0,0,&count,0,0,0,0,0,0,0);

    删除键:

    RegDeleteKeyEx(hmainkey,subkeyName);

    创建值:

    RegSetValueEx(hsubkey,”test”,0,REG_WORD,(BYTE*)&value,4);

    遍历值:

    RegEnumValue(hsubkey,index,name,&nameSize,0,&type,valuebuf,valueLen);

    RegQueryValueEx(hsubkey,name,0,type,buf,&size);

    删除值:

    RegDeleteValue(hsubkey,valuename);

    四、文件

    创建/打开文件:

    CreateFile(“a.txt”,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);

    设置文件指针:

    SetFilePointer(hFile,0,NULL,FILE_END);

    读写文件:

    ReadFile(hFile,buf,len,&size,0);

    WriteFile(hFile,buf,len,&size,0);

    强制文件写入磁盘,清空文件高速缓冲区:

    FlushFileuffers(hFile);

    []锁文件区域:

    LockFile(hFile,0,0,100,0);

    UnlockFile(hFile,0,0,100,0);

    复制文件:

    CopyFile(src,des,true);

    CopyFileEx(src,des,func,&para,false, COPY_FILE_FAIL_IF_EXISTS);

    移动文件:

    MoveFile(src,des);

    MoveFileEx(src,des,false);

    MoveFileWithProgress(src,des,fun,&para, MOVEFILE_COPY_ALLOWED);

    删除文件:

    DeleteFile(filename);

    获取文件类型(FILE_TYPE_PIPE)

    GetFileType(hFile);

    获取文件大小:

    GetFileSize(hFile,&high);

    获取文件属性(例如FILE_ATTRIBUTE_DIRECTORY进行&运算)

    GetFileAttributes(hFile);

    遍历文件:

    FindFirstFile(nameMode,&wfd);

    FindNextFile(hFile,&wfd);

    创建管道:

    CreatePipe(&hRead,&hWrite,&sa,0);

    创建内存映射文件:

    CreateFile(“d:\a.txt”,GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,”myMap”);

    加载内存映射文件:

    MapViewOfFile(hmap,FILE_MAP_ALL_ACCESS,0,0,0);

    打开内存映射文件:

    OpenFileMapping(FILE_AMP_ALL_ACCESS,false,”myMap”);

    卸载内存映射文件:

    UnmapViewOfFile(baseAddr);

    强制写入内存映射文件到磁盘:

    FlushViewOfFile(baseAddr,len);

    创建文件夹(只能创建一层)

    CreateDirectory(“D:\a”,NULL);

    CreateDirectory(“C:\a”,”D:\b”,NULL);

    删除文件夹(只能删除空文件夹)

    RemoveDirectory(“C:\a”);

    检测逻辑驱动器:

    GetLogicalDrives();

    GetLogicalDriveStrings(len,buf);

    获取驱动器类型(DRIVE_CDROM)

    GetDriveType(“D:\”);

    五、网络

    打开网络资源枚举过程(winnetwk.hMpr.lib):

    WNetOpenEnum(RESOURCE_GLOBAL,RESOURCETYPE_ANY,0,NULL,hnet);

    枚举网络资源:

    WNetEnumResource(hnet,&count,pNetRsc,&size);

    关闭网络资源枚举过程:

    WNetCloseEnum(hnet);

    打开关闭WinSocket库:

    WSAStartup(version,&wsa);

    WSACleanup();

    创建套接字:

    socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);

    绑定套接字IP和端口:

    bind(sock,&addr,len);

    监听TCP连接:

    listen(sock,10);

    接收TCP连接请求:

    accept(sock,&addr,&len);

    客户端连接:

    connect(sock,&addr,len);

    发送TCP数据:

    send(sock,buf,len,0);

    接收TCP数据:

    recv(sock,buf,len,0);

    发送UDP数据:

    sendto(sock,buf,len,0,&addr,len);

    接收UDP数据:

    recvfrom(sock,buf,len,0,&addr,&len);

    六、服务

    打开SCM服务控制管理器:

    OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);

    创建服务:

    CreateService(mgr,"MyService"," MyService",SERVICE_ALL_ACCESS,      SERVICE_WIN32_OWN_PROCESS,SERVICE_AUTO_START,SERVICE_ERROR_IGNORE,path,NULL,NULL,NULL,NULL,NULL);

    打开服务对象:

    OpenService(mgr," MyService ",SERVICE_START);

    启动服务:

    StartService(serv,0,NULL);

    查询服务状态:

    QueryServiceStatus(serv,&state);

    关闭服务句柄:

    CloseServiceHandle(hdl);

    连接到SCM

    StartServiceCtrlDispatcher(DispatchTable);

    注册服务控制函数:

    RegisterServiceCtrlHandler("MyServicer",ServiceCtrl);

    设置服务状态:

    SetServiceStatus(hss,&ServiceStatus);

    控制服务:

    ControlService(serv,SERVICE_CONTROL_STOP,&state);

    删除服务:

    DeleteService(serv);

    遍历服务:

    EnumServicesStatus(hscm,SERVICE_WIN32|SERVICE_DRIVER,SERVICE_STATE_ALL,&srvSts,len,&size,&count,NULL);

    查询服务配置:

    QueryServiceConfig(hserv,&srvcfg,size,&size);

    七、消息

    发送消息:

    SendMessage(HWND_BROADCAST,WM_LBUTTONDOWN,0,0);

    接收消息:

    GetMessage(&msg,NULL,0,0);

    投递消息:

    PostMessage(HWND_BROADCAST,WM_LBUTTONDOWN,0,0);

    获取消息:

    PeekMessage(&msg,NULL,0,0);

    转换消息:

    TranslateMessage (&msg);

    分发消息:

    DispatchMessage (&msg);

    等待消息:

    WaitMessage();

    发送退出消息:

    PostQuitMessage(0);

    安装消息钩子:

    SetWindowsHookEx(WH_KEYBOARD,keyBoardProc,0,tid);

    卸载消息钩子:

    UnhookWindowsHookEx(hhk);

    以上是作者目前就相关技术所接触的最常用的一批API函数,这肯定不是最完整的,但是都是博主从一份份资料中挖掘出来的,也希望读者能多多补充,相互进步!

  • 相关阅读:
    远程服务器git搭建
    Ubuntu安装配置MySQL数据库,Apache,PHP
    html radio check
    opencv 抠图联通块(c接口)
    Vim命令
    二维码
    zTree Jquery eCharts
    Java进阶篇设计模式之二 ----- 工厂模式
    SpringBoot整合Netty并使用Protobuf进行数据传输(附工程)
    SpringBoot整合Jsp和Thymeleaf (附工程)
  • 原文地址:https://www.cnblogs.com/xumaojun/p/8532014.html
Copyright © 2011-2022 走看看