S.l.e!ep.￠%

像打了激速一樣，以四倍的速度運轉，開心的工作
簡單、開放、平等的公司文化；尊重個性、自由與個人價值；

posts - 1098, comments - 335, trackbacks - 0, articles - 1

About ShutDown of Windows（四）

Posted on 2009-11-17 21:54 S.l.e!ep.￠% 閱讀(208) 評論(0) 編輯收藏引用所屬分類: RootKit

接著 About ShutDown of Windows（三）
折騰著，沒多大收獲

Create 了一個 MFC 的DLL

CHookDLLApp?theApp;

HHOOK?g_Hook?=?NULL;

LRESULT?CALLBACK?MyKeyHook(int?code,?WPARAM?wParam,?LPARAM?lParam)
{
#if?(_WIN32_WINNT?<?0x0400)
/*
*?Structure?used?by?WH_KEYBOARD_LL
????*/
????typedef?struct?tagKBDLLHOOKSTRUCT?{
????????DWORD???vkCode;
????????DWORD???scanCode;
????????DWORD???flags;
????????DWORD???time;
????????DWORD???dwExtraInfo;
????}?KBDLLHOOKSTRUCT,?FAR?*LPKBDLLHOOKSTRUCT,?*PKBDLLHOOKSTRUCT;
#endif
????
????PKBDLLHOOKSTRUCT?kbDLLHOOK?=?(PKBDLLHOOKSTRUCT)lParam;
????
????const?char?*info?=?NULL;
????
????if?(wParam?==?WM_KEYDOWN)
????????info?=?"key?down";????
????else?if?(wParam?==?WM_KEYUP)
????????info?=?"key?up";
????else?if?(wParam?==?WM_SYSKEYDOWN)
????????info?=?"sys?key?down";????
????else?if?(wParam?==?WM_SYSKEYUP)
????????info?=?"sys?key?up";
????
????FILE*?f?=?fopen("hook.txt",?"a+");
????
????CString?strLog;
????strLog.Format("%s?-?vkCode?[%04x],?[%c]?scanCode?[%04x]\n",?info,?kbDLLHOOK->vkCode,?kbDLLHOOK->vkCode,?kbDLLHOOK->scanCode);
????
????fwrite(strLog,?1,?strLog.GetLength(),?f);
????fclose(f);
????
????//?always?call?next?hook
????return?CallNextHookEx(g_Hook,?code,?wParam,?lParam);
}??????

void?Hook()
{
????//?TODO:?Add?extra?initialization?here
#ifndef?WH_KEYBOARD_LL
#define?WH_KEYBOARD_LL?13
#endif

????g_Hook?=?SetWindowsHookEx(WH_KEYBOARD_LL,?MyKeyHook,?AfxGetApp()->m_hInstance,?0);
????
????if(?g_Hook?==?NULL?)
????????AfxMessageBox("Failed?to?Set?Hook");

}

;?HookDLL.def?:?Declares?the?module?parameters?for?the?DLL.

LIBRARY??????"HookDLL"
DESCRIPTION??'HookDLL?Windows?Dynamic?Link?Library'

EXPORTS
????;?Explicit?exports?can?go?here
????Hook?????????@1

Create 了一個MFC的工程

BOOL?CHookTestDlg::OnInitDialog()
{
????CDialog::OnInitDialog();

????//?Add?"About

"?menu?item?to?system?menu.

????//?IDM_ABOUTBOX?must?be?in?the?system?command?range.
????ASSERT((IDM_ABOUTBOX?&?0xFFF0)?==?IDM_ABOUTBOX);
????ASSERT(IDM_ABOUTBOX?<?0xF000);

????CMenu*?pSysMenu?=?GetSystemMenu(FALSE);
????if?(pSysMenu?!=?NULL)
????{
????????CString?strAboutMenu;
????????strAboutMenu.LoadString(IDS_ABOUTBOX);
????????if?(!strAboutMenu.IsEmpty())
????????{
????????????pSysMenu->AppendMenu(MF_SEPARATOR);
????????????pSysMenu->AppendMenu(MF_STRING,?IDM_ABOUTBOX,?strAboutMenu);
????????}
????}

????//?Set?the?icon?for?this?dialog.??The?framework?does?this?automatically
????//??when?the?application's?main?window?is?not?a?dialog
????SetIcon(m_hIcon,?TRUE);????????????//?Set?big?icon
????SetIcon(m_hIcon,?FALSE);????????//?Set?small?icon
????
????//?TODO:?Add?extra?initialization?here
#ifndef?WH_KEYBOARD_LL
????#define?WH_KEYBOARD_LL?13
#endif
????
//?????g_Hook?=?SetWindowsHookEx(WH_KEYBOARD_LL,?MyKeyHook,?AfxGetApp()->m_hInstance,?0);
//?????
//?????if(?g_Hook?==?NULL?)
//?????????AfxMessageBox("Failed?to?Set?Hook");

????TCHAR?szPath[MAX_PATH]?=?{0};
????GetModuleFileName(NULL,?szPath,?MAX_PATH);
????PathRenameExtension(szPath,?_T(""));

????typedef?void?(*TYPE_pfnLoadLibrary)();
????TYPE_pfnLoadLibrary?pfnLoadLibrary?=?NULL;

????HMODULE?Module?=?LoadLibrary(szPath);
????pfnLoadLibrary?=?(TYPE_pfnLoadLibrary)GetProcAddress(Module,?"Hook");
????
????pfnLoadLibrary();

????return?TRUE;??//?return?TRUE??unless?you?set?the?focus?to?a?control
}

時間太緊，沒做一些異常判斷處理
HOOK成功了，用 SysCheck 工具一看, 只看到了 HookTest.exe 里面加載了一個HookDLL.dll

采用 injecteddll 工具也沒有看到所謂的“注入”DLL

是否“注入”成功，不得所知
所謂的“注入”又該怎么看到的呢？明天再解決它。

只有注冊用戶登錄后才能發表評論。
【推薦】100%開源！大型工業跨平臺軟件C++源碼提供，建模，組態！

相關文章: Load Driver protect_pwd.txt Windows下Hook API技術 inline hook 對付API-splicing的一種簡單方法修改IAT實現API HOOK API-HOOK and ANTI-API-HOOK For Ring3 API Hook jmp 法 DirectX Input 鍵盤實現收藏一個反鍵盤記錄工具的分析不用hook 實現掛機鎖

網站導航: 博客園 IT新聞 BlogJava 博問 Chat2DB 管理

S.l.e!ep.￠%

About ShutDown of Windows（四）

日歷

公告

常用鏈接

留言簿(5)

隨筆分類(1107)

隨筆檔案(1098)

文章檔案(1)

相冊

收藏夾(3)

DataStruct

搜索

積分與排名

最新評論

閱讀排行榜

評論排行榜