2023年12月24日发(作者:)

BOOL bMore = FALSE, bFound = FALSE, bRet = FALSE; HANDLE hSnapshot = INVALID_HANDLE_VALUE; HANDLE hProcess = NULL; MODULEENTRY32 me = { sizeof(me), }; LPTHREAD_START_ROUTINE pThreadProc = NULL; HMODULE hMod = NULL; TCHAR szProcName[MAX_PATH] = { 0, }; if (INVALID_HANDLE_VALUE == (hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID))) { _tprintf(L"EjectDll() : CreateToolhelp32Snapshot(%d) failed [%d]n", dwPID, GetLastError()); goto EJECTDLL_EXIT; } bMore = Module32First(hSnapshot, &me); for (; bMore; bMore = Module32Next(hSnapshot, &me))//查找模块句柄 { if (!_tcsicmp(le, szDllPath) || !_tcsicmp(ath, szDllPath)) { bFound = TRUE; break; } } if (!bFound) { _tprintf(L"EjectDll() : There is not %s module in process(%d) memoryn", szDllPath, dwPID); goto EJECTDLL_EXIT; } if (!(hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID))) { _tprintf(L"EjectDll() : OpenProcess(%d) failed [%d]n", dwPID, GetLastError()); goto EJECTDLL_EXIT; } hMod = GetModuleHandle(L""); if (hMod == NULL) { _tprintf(L"EjectDll() : GetModuleHandle("") failed [%d]n", GetLastError()); goto EJECTDLL_EXIT; } pThreadProc = (LPTHREAD_START_ROUTINE)GetProcAddress(hMod, "FreeLibrary"); if (pThreadProc == NULL) { _tprintf(L"EjectDll() : GetProcAddress("FreeLibrary") failed [%d]n", GetLastError()); goto EJECTDLL_EXIT; } if (!CreateRemoteThread(hProcess, NULL, 0, pThreadProc, eAddr, 0, NULL)) { _tprintf(L"EjectDll() : MyCreateRemoteThread() failedn"); goto EJECTDLL_EXIT; } bRet = TRUE;EJECTDLL_EXIT: if (hProcess) CloseHandle(hProcess); if (hSnapshot != INVALID_HANDLE_VALUE) CloseHandle(hSnapshot); return bRet;}

int main(){ //InjectDll(6836, L"C:");

#include #include #include #pragma warning(disable : 4996)HHOOK ghHook = NULL;HINSTANCE ghInstance = NULL;LRESULT CALLBACK KeyboardProc( _In_ int code, _In_ WPARAM wParam, _In_ LPARAM lParam){ TCHAR szPath[MAX_PATH] = {0,}; TCHAR sProcessName[MAX_PATH] = {0,}; if (code == 0 && !(lParam & 0x80000000))//如果是释放按键 { GetModuleFileName(NULL, szPath, MAX_PATH); _wsplitpath(szPath, NULL, NULL, sProcessName, NULL); if (0==_wcsicmp(sProcessName, L"notepad"))//如果进程名是notepad { return 1;//删除消息,不再往下传递 } } return CallNextHookEx(ghHook, code, wParam, lParam);//继续传递消息}

BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved){ switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: ghInstance = hModule;//获得本实例的模块句柄 break; case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE;}

extern "C"{ __declspec(dllexport) void HookStart() { ghHook = SetWindowsHookEx(WH_KEYBOARD, KeyboardProc, ghInstance, 0); } __declspec(dllexport) void HookStop() { if (ghHook) { UnhookWindowsHookEx(ghHook); ghHook = NULL; } }}