一直覺得學c++太 復雜了,里面很多類型,多得根本分不清,但網上資料很多是c++的,有些問題又用其它的解決不完美(會c#、java、python)
然后還是下決定搞一搞,因為搞c++,又不得不搞VC++,還得看看MFC,這花了我三天時間,看得累,光是不同類型之間的轉換就查了不少資料
好吧,開始搞dll注入,拿記事本開刀,用c#和easyhook輕易的就搞定了,一個注入程序,一個被注入dll
然后折騰c++,注入進去了還要跟主程序通信,然后就一起弄了一下,確實傷神,主要還是類型之間的問題,如果是相對於新手,網上大部分的資料都寫得太粗了,完全不知道變量的類型是什么
我就貼一下完整代碼,首先是先寫一個dll,用的c++寫的,准備注入到記事本中去的,這個dll新建比較容易,我用vs2015,直接建個c++的空項目,加一個cpp的文件開始寫就可以了,我也不敢說新手會不會加,但我現在是會了,所以只能描述一下了,代碼有些注釋了,打開了無妨,主要功能就是被注入后,向主進程(窗口標題為MFC3)發送WM_COPYDATA消息hello world
那個COPYDATASTRUCT結構體搞了我一天的時間,最后不斷拼出來的代碼,網上大多是MFC的,但我就是想用C++弄出來
//#include "stdafx.h"; #include <iostream>; using namespace std; #include <windows.h>; #include <tlhelp32.h>; #include <tchar.h>; BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam); HWND GetMainWindow(); void MyPostMessage(HWND hWnd); DWORD WINAPI MyThreadProc1( LPVOID pParam ); DWORD WINAPI MyThreadProc2( LPVOID pParam ); BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch ( ul_reason_for_call ) { case DLL_PROCESS_ATTACH: { MessageBox( NULL, "DLL已進入目標進程。", "信息", MB_ICONINFORMATION ); DWORD dwThreadId; HANDLE myThread1 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc1, NULL, 0, &dwThreadId); HANDLE myThread2 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc2, NULL, 0, &dwThreadId); break; } case DLL_PROCESS_DETACH: { MessageBox( NULL, "DLL已從目標進程卸載。", "信息", MB_ICONINFORMATION ); break; } } return TRUE; } DWORD WINAPI MyThreadProc1( LPVOID pParam ) { MessageBox( NULL, "DLL已進入線程1.", "信息", MB_ICONINFORMATION ); return 0; } DWORD WINAPI MyThreadProc2( LPVOID pParam ) { //MessageBox( NULL, "DLL已進入線程2.", "信息", MB_ICONINFORMATION ); //HWND hWnd = GetMainWindow(); //if (hWnd) // hWnd = ::FindWindowEx(hWnd, 0, TEXT("EDIT"), NULL); //if (hWnd) //{ // //MessageBox(hWnd, TEXT("開始注入"), TEXT("提示"), MB_OK); // MyPostMessage(hWnd); //} //else //{ // MessageBox(hWnd, TEXT("記事本不存在"), TEXT("提示"), MB_OK); //} const char szDlgTitle[] = "MFC3"; string m_msg = "hello world \r\n" ; HWND pWnd = ::FindWindow(NULL, szDlgTitle); if (pWnd) { string strData = "hello world"; COPYDATASTRUCT CopyData; CopyData.dwData = 0; CopyData.cbData = strData.size() + 1; CopyData.lpData = (void*)strData.c_str(); SendMessage(pWnd, WM_COPYDATA, 0, (LPARAM)&CopyData); } else MessageBox(NULL, "No such Things.。", "信息", MB_ICONINFORMATION); return 0; } BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) { DWORD dwCurProcessId = *((DWORD*)lParam); DWORD dwProcessId = 0; GetWindowThreadProcessId(hwnd, &dwProcessId); if (dwProcessId == dwCurProcessId && GetParent(hwnd) == NULL) { *((HWND *)lParam) = hwnd; return FALSE; } return TRUE; } HWND GetMainWindow() { DWORD dwCurrentProcessId = GetCurrentProcessId(); if (!EnumWindows(EnumWindowsProc, (LPARAM)&dwCurrentProcessId)) { return (HWND)dwCurrentProcessId; } return NULL; } void MyPostMessage(HWND hWnd) { for (int i = 0; i < 25; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 33; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 17; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 23; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); for (int i = 0; i < 19; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 12; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 27; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 8; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 35; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 35; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 87; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 89; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 90; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 91; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 94; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 92; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 90; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'^', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 88; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } for (int i = 0; i < 88; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 86; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 84; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 80; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 8; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 78; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 76; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 72; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 12; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 70; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'^', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 67; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 64; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 17; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 60; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 18; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 58; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 20; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 54; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 18; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 50; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 20; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 46; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 26; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 28; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 37; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 26; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 30; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 32; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'[', 1); for (int i = 0; i < 29; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 33; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 27; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 36; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 34; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'[', 1); for (int i = 0; i < 37; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 44; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 46; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'O', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 44; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); }
再來說注入程序,用的MFC做的,開始完全跟c++搞混了,蒙了,一點一點來吧,找入門教程把窗口show出來,有幾點說一下
#include <tlhelp32.h>;
#include <windows.h>;
這個導入一定要放在后面一點,要不會報錯,說windows.h 已經被導入過一次了
在BEGIN_MESSAGE_MAP 中注冊一下事件ON_WM_COPYDATA(),然后才能寫后面的代碼
受c#的影響,以為控件的name直接是可以在代碼中用的,但MFC是要添加變量的,在控件上右鍵添加變量,然后才能在代碼中用這個變量使用控件
MFC比c#這種使用起來的方便性,差了不是一點點,光就是如何建立一個只有窗體的項目,就研究了N久,在MFC的項目向導中,在程序類型記得選基於對話框,要不出來的一堆東西
用C++是可以寫窗體的,但真的比MFC還要麻煩,不過我會嘗試一下的!,整個主窗口的代碼如下:
// MFC3Dlg.cpp : 實現文件 // #include <iostream>; //using namespace std; //#include <tchar.h>; #include "stdafx.h" #include "MFC3.h" #include "MFC3Dlg.h" #include "afxdialogex.h" #include <tlhelp32.h>; #include <windows.h>; #ifdef _DEBUG #define new DEBUG_NEW #endif // CMFC3Dlg 對話框 CMFC3Dlg::CMFC3Dlg(CWnd* pParent /*=NULL*/) : CDialogEx(IDD_MFC3_DIALOG, pParent) , frmA(0) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CMFC3Dlg::DoDataExchange(CDataExchange* pDX) { CDialogEx::DoDataExchange(pDX); DDX_Control(pDX, IDC_EDIT1, m_editMultiLine); } BEGIN_MESSAGE_MAP(CMFC3Dlg, CDialogEx) ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BUTTON1, &CMFC3Dlg::OnBnClickedButton1) ON_BN_CLICKED(IDC_BUTTON2, &CMFC3Dlg::OnBnClickedButton2) ON_WM_COPYDATA() ON_BN_CLICKED(IDC_BUTTON3, &CMFC3Dlg::OnBnClickedButton3) END_MESSAGE_MAP() // CMFC3Dlg 消息處理程序 BOOL CMFC3Dlg::OnInitDialog() { CDialogEx::OnInitDialog(); // 設置此對話框的圖標。 當應用程序主窗口不是對話框時,框架將自動 // 執行此操作 SetIcon(m_hIcon, TRUE); // 設置大圖標 SetIcon(m_hIcon, FALSE); // 設置小圖標 // TODO: 在此添加額外的初始化代碼 return TRUE; // 除非將焦點設置到控件,否則返回 TRUE } // 如果向對話框添加最小化按鈕,則需要下面的代碼 // 來繪制該圖標。 對於使用文檔/視圖模型的 MFC 應用程序, // 這將由框架自動完成。 void CMFC3Dlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // 用於繪制的設備上下文 SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0); // 使圖標在工作區矩形中居中 int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // 繪制圖標 dc.DrawIcon(x, y, m_hIcon); } else { CDialogEx::OnPaint(); } } //當用戶拖動最小化窗口時系統調用此函數取得光標 //顯示。 HCURSOR CMFC3Dlg::OnQueryDragIcon() { return static_cast<HCURSOR>(m_hIcon); } void CMFC3Dlg::OnBnClickedButton1() { // TODO: 在此添加控件通知處理程序代碼 CString Cedit = _T("hello world \r\n"); AfxGetMainWnd()->SetWindowText(L"你的標題"); CString c2; m_editMultiLine.GetWindowTextW(c2); m_editMultiLine.SetWindowTextW ( c2+ Cedit); UpdateData(FALSE); m_editMultiLine.LineScroll(m_editMultiLine.GetLineCount() - 1, 0); } void CMFC3Dlg::OnBnClickedButton2() { // TODO: 在此添加控件通知處理程序代碼 CString str =_T( "MFC3"); CString m_msg=_T("hello world \r\n"); CWnd * pWnd = CWnd::FindWindow(NULL, str); UpdateData(TRUE); if (pWnd) { COPYDATASTRUCT cpd; cpd.dwData = 0; cpd.cbData = m_msg.GetLength(); cpd.lpData = (void*)str.GetBuffer(cpd.cbData); pWnd->SendMessage(WM_COPYDATA, 0, (LPARAM)&cpd); str.ReleaseBuffer(); } else MessageBox(_T("No such Things.")); } BOOL CMFC3Dlg::OnCopyData(CWnd* pWnd, COPYDATASTRUCT* pCopyDataStruct) { std::string str = (char*)pCopyDataStruct->lpData; CString c2; m_editMultiLine.GetWindowTextW(c2); c2 += "\r\n"; c2+= str.c_str() ; m_editMultiLine.SetWindowTextW(c2); return CDialog::OnCopyData(pWnd, pCopyDataStruct); } // 提升進程訪問權限 bool enableDebugPriv() { HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) ) { return false; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) { CloseHandle(hToken); return false; } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = sedebugnameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) { CloseHandle(hToken); return false; } return true; } // 根據進程名稱得到進程ID,如果有多個運行實例的話,返回第一個枚舉到的進程的ID DWORD processNameToId(LPCTSTR lpszProcessName) { HANDLE hSnapshot = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 pe; pe.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(hSnapshot, &pe)) { MessageBox(NULL, L"The frist entry of the process list has not been copyied to the buffer", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } while (Process32Next(hSnapshot, &pe)) { if (!wcscmp(lpszProcessName, pe.szExeFile )) { return pe.th32ProcessID; } } return 0; } LPCWSTR stringToLPCWSTR(std::string orig) { size_t origsize = orig.length() + 1; const size_t newsize = 100; size_t convertedChars = 0; wchar_t *wcstring = (wchar_t *)malloc(sizeof(wchar_t) *(orig.length() - 1)); mbstowcs_s(&convertedChars, wcstring, origsize, orig.c_str(), _TRUNCATE); return wcstring; } int dll_inject() { // 定義線程體的大小 const DWORD dwThreadSize = 5 * 1024; DWORD dwWriteBytes; // 提升進程訪問權限 //enableDebugPriv(); // 等待輸入進程名稱,注意大小寫匹配 //std::cout << "Please input the name of target process !" << std::endl; //LPCTSTR szExeName = "notepad.exe"; LPCTSTR szExeName = L"notepad.exe"; DWORD dwProcessId = processNameToId(szExeName); if (dwProcessId == 0) { MessageBox(NULL, L"The target process have not been found !", L"Notice", MB_ICONINFORMATION | MB_OK ); return -1; } // 根據進程ID得到進程句柄 HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); if (!hTargetProcess) { MessageBox(NULL, L"Open target process failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } // 在宿主進程中為線程體開辟一塊存儲區域 // 在這里需要注意MEM_COMMIT內存非配類型以及PAGE_EXECUTE_READWRITE內存保護類型 // 其具體含義請參考MSDN中關於VirtualAllocEx函數的說明。 void* pRemoteThread = VirtualAllocEx(hTargetProcess, 0, dwThreadSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (!pRemoteThread) { MessageBox(NULL, L"Alloc memory in target process failed !", L"notice", MB_ICONINFORMATION | MB_OK ); return 0; } // 設置需要注入的DLL名稱 char szDll[256]; memset(szDll, 0, 256); strcpy_s(szDll, "F:\\work\\code\\C++Pro\\x64\\Debug\\injectionDll.dll"); // 拷貝注入DLL內容到宿主空間 if (!WriteProcessMemory(hTargetProcess, pRemoteThread, (LPVOID)szDll, dwThreadSize, 0)) { MessageBox(NULL, L"Write data to target process failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); //::VirtualFreeEx(hTargetProcess, ptszRemoteBuf, dwSize, MEM_DECOMMIT); //::CloseHandle(hTargetProcess); return 0; } LPVOID pFunc = LoadLibraryA; //在宿主進程中創建線程 HANDLE hRemoteThread = CreateRemoteThread(hTargetProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteThread, 0, &dwWriteBytes); if (!hRemoteThread) { MessageBox(NULL, L"Create remote thread failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } // 等待LoadLibraryA加載完畢 WaitForSingleObject(hRemoteThread, INFINITE); VirtualFreeEx(hTargetProcess, pRemoteThread, dwThreadSize, MEM_COMMIT); CloseHandle(hRemoteThread); CloseHandle(hTargetProcess); return 0; } void CMFC3Dlg::OnBnClickedButton3() { // TODO: 在此添加控件通知處理程序代碼 dll_inject(); }