MFC:Win32-Dll及MFC-Dll编写调用
来源:互联网 发布:菜鸟网络总部地址 编辑:程序博客网 时间:2024/05/10 23:28
一、win32-dll
1、编写
代码如下:
Math.h
#ifdef MATH_EXPORTS#define MATH_API __declspec(dllexport)#else#define MATH_API __declspec(dllimport)#endifextern MATH_API double PI;MATH_API int Add(int a ,int b);MATH_API int Sub(int a, int b);MATH_API int Mod(int a, int b);Math.cpp
#include "stdafx.h"#include "Math.h"MATH_API double PI = 3.1415926;MATH_API int Add(int a,int b){ return a + b;}MATH_API int Sub(int a, int b){return a - b;}MATH_API int Mod(int a, int b){return a % b;}Math.def(这个需要自己手动新建项中添加)
LIBRARY "Math"DESCRIPTION "ADD SUB MOD"EXPORTSAdd @1Sub @2Mod @3PI DATA
2、调用
初始化这些:
typedef int(*M_add)(int, int);typedef int(*M_sub)(int, int);typedef int(*M_mod)(int, int);M_add myadd;M_sub mysub;M_mod mymod;
HINSTANCE hinst;
hinst = ::LoadLibrary(_T("Math.dll"));
void CMathTestDlg::OnBnClickedAdd(){ASSERT(hinst);myadd = (M_add)::GetProcAddress(hinst,"Add");int a = 15, b = 6;int res = myadd(a,b);CString str;str.Format(_T("a+b=%d"), res);AfxMessageBox(str);}void CMathTestDlg::OnBnClickedSub(){ASSERT(hinst);mysub = (M_sub)::GetProcAddress(hinst, "Sub");int a = 15, b = 6;int res = mysub(a, b);CString str;str.Format(_T("a-b=%d"), res);AfxMessageBox(str);}void CMathTestDlg::OnBnClickedMod(){ASSERT(hinst);mymod = (M_mod)::GetProcAddress(hinst, "Mod");int a = 15, b = 6;int res = mymod(a, b);CString str;str.Format(_T("a求余b=%d"), res);AfxMessageBox(str);}
二、MFC-dll
1、MFC-Dll会在加载的时候,调用InitInstance中的代码,退出加载时,调用ExitInstance中的代码
2、声明部分
//不同Instance共享的该变量hinst#pragma data_seg("SHARED")static HINSTANCE hinst = NULL; //本dll的实例句柄 (MFCMath.dll)#pragma data_seg()#pragma comment(linker, "/section:SHARED,RWS")HANDLE hProcess = NULL; //所处进程的句柄BOOL bHook = FALSE;//是否Hook了函数BOOL inject_status = FALSE; //是否对API进行了HookBYTE OldCode[5];//老的系统API入口代码BYTE NewCode[5];//要跳转的API代码 (jmp xxxx)typedef int (*M_add)(int a, int b);//Math.dll中的Add函数定义M_add m_add;//Math.dll中的Add函数FARPROC pf_add; //指向Add函数的远指针 void HookOn(); //开启钩子void HookOff(); //关闭钩子void Inject(); //具体进行注射,替换入口的函数int Myadd(int a, int b); //我们定义的新的add()函数
3、InitInstance中的代码,加载时运行
BOOL CMFCMathApp::InitInstance(){hinst = AfxGetInstanceHandle(); //本dll句柄hProcess = OpenProcess(PROCESS_ALL_ACCESS,NULL,::GetCurrentProcessId());Inject();return CWinApp::InitInstance();}
4、ExitInstance中的代码,退出时运行
int CMFCMathApp::ExitInstance(){if (bHook)HookOff();return CWinApp::ExitInstance();}
5、其他代码
void Inject(){if (inject_status == FALSE) {inject_status = TRUE;HMODULE hmod = ::LoadLibrary(_T("Math.dll"));//载入原Math.dllm_add = (M_add)::GetProcAddress(hmod, "Add");pf_add = (FARPROC)m_add;if (pf_add == NULL) {AfxMessageBox(L"注入失败");}_asm{lea edi, OldCodemov esi, pf_addcldmovsdmovsb}NewCode[0] = 0xe9;//第一个字节0xe9相当于jmp指令 //获取Myadd()的相对地址_asm{lea eax, Myaddmov ebx, pf_addsub eax, ebxsub eax, 5mov dword ptr[NewCode + 1], eax}HookOn();AfxMessageBox(L"注入成功");}}void HookOn(){ASSERT(hProcess != NULL);DWORD dwTemp = 0;DWORD dwOldProtect;//将内存保护模式改为可写,老模式保存入dwOldProtectVirtualProtectEx(hProcess, pf_add, 5, PAGE_READWRITE, &dwOldProtect);//将所属进程中add的前5个字节改为Jmp Myadd WriteProcessMemory(hProcess, pf_add, NewCode, 5, 0);//将内存保护模式改回为dwOldProtectVirtualProtectEx(hProcess, pf_add, 5, dwOldProtect, &dwTemp);bHook = TRUE;}//将所属进程中add()的入口代码恢复void HookOff(){ASSERT(hProcess != NULL);DWORD dwTemp = 0;DWORD dwOldProtect;VirtualProtectEx(hProcess, pf_add, 5, PAGE_READWRITE, &dwOldProtect);WriteProcessMemory(hProcess, pf_add, OldCode, 5, 0);VirtualProtectEx(hProcess, pf_add, 5, dwOldProtect, &dwTemp);bHook = FALSE;}int Myadd(int a, int b){//截获了对add()的调用,我们给a,b都加1a = a + 1;b = b + 1;HookOff();//关掉Myadd()钩子防止死循环int ret = m_add(a, b);HookOn();//开启Myadd()钩子return ret;}
6、调用的方法
::LoadLibrary(_T("MFCMath.dll"));此时会把Math.dll的入口替换Myadd的入口
如果在Myadd中使用了Math.dll中的Add函数,记住把入口再换回来,就是HookOff,调用完以后,再HookOn换回来。
::FreeLibrary()。可以释放掉在加载的dll
三、恶搞MessageBoxW函数
//不同Instance共享的该变量hinst#pragma data_seg("SHARED")static HINSTANCE hinst = NULL; //本dll的实例句柄 (MFCMath.dll)#pragma data_seg()#pragma comment(linker, "/section:SHARED,RWS")HANDLE hProcess = NULL; //所处进程的句柄BOOL bHook = FALSE;//是否Hook了函数BOOL inject_status = FALSE; //是否对API进行了HookBYTE OldCode[5];//老的系统API入口代码BYTE NewCode[5];//要跳转的API代码 (jmp xxxx)typedef int (WINAPI *MyMsg)(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType);//Math.dll中的Add函数定义MyMsg m_msg;//Math.dll中的Add函数FARPROC pf_add; //指向Add函数的远指针 void HookOn(); //开启钩子void HookOff(); //关闭钩子void Inject(); //具体进行注射,替换入口的函数int WINAPI Myadd(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType); //我们定义的新的add()函数BOOL CMFCMathApp::InitInstance(){hinst = AfxGetInstanceHandle(); //本dll句柄hProcess = OpenProcess(PROCESS_ALL_ACCESS,NULL,::GetCurrentProcessId());Inject();return CWinApp::InitInstance();}int CMFCMathApp::ExitInstance(){if (bHook)HookOff();return CWinApp::ExitInstance();}void Inject(){if (inject_status == FALSE) {inject_status = TRUE;HMODULE hmod = ::LoadLibrary(_T("User32.dll"));//载入原Math.dllm_msg = (MyMsg)::GetProcAddress(hmod, "MessageBoxW");pf_add = (FARPROC)m_msg;_asm{lea edi, OldCodemov esi, pf_addcldmovsdmovsb}NewCode[0] = 0xe9;//第一个字节0xe9相当于jmp指令 //获取Myadd()的相对地址_asm{lea eax, Myaddmov ebx, pf_addsub eax, ebxsub eax, 5mov dword ptr[NewCode + 1], eax}HookOn();}}void HookOn(){ASSERT(hProcess != NULL);DWORD dwTemp = 0;DWORD dwOldProtect;//将内存保护模式改为可写,老模式保存入dwOldProtectVirtualProtectEx(hProcess, pf_add, 5, PAGE_READWRITE, &dwOldProtect);//将所属进程中add的前5个字节改为Jmp Myadd WriteProcessMemory(hProcess, pf_add, NewCode, 5, 0);//将内存保护模式改回为dwOldProtectVirtualProtectEx(hProcess, pf_add, 5, dwOldProtect, &dwTemp);bHook = TRUE;}//将所属进程中add()的入口代码恢复void HookOff(){ASSERT(hProcess != NULL);DWORD dwTemp = 0;DWORD dwOldProtect;VirtualProtectEx(hProcess, pf_add, 5, PAGE_READWRITE, &dwOldProtect);WriteProcessMemory(hProcess, pf_add, OldCode, 5, 0);VirtualProtectEx(hProcess, pf_add, 5, dwOldProtect, &dwTemp);bHook = FALSE;}int WINAPI Myadd(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType){lpText = _T("被掉包了,哈哈");HookOff();//关掉Myadd()钩子防止死循环int ret = m_msg(hWnd, lpText, lpCaption, uType);HookOn();//开启Myadd()钩子return ret;}
0 0
- MFC:Win32-Dll及MFC-Dll编写调用
- DLL编写+MFC调用程序
- MFC DLL还是Win32 DLL?
- MFC中调用C#编写的DLL
- MFC 调用 DLL
- MFC 调用VB dll
- BCB 调用MFC DLL
- MFC调用libvlc.dll
- mfc调用dll
- MFC中DLL调用
- MFC中调用DLL
- MFC静态调用dll
- MFC调用dll文件
- Win32 DLL中使用MFC
- win32 dll 和MFC dll的区别
- win32 dll 和MFC dll的区别
- C++中DLL种类:WIN32、MFC、ATL及CLR
- 《DLL for Win32/MFC》Part 4, MFC DLL Object
- poj2823线段树
- HttpHandler与HttpModule的用处与区别
- Spark生态系统项目
- css实现垂直水平居中
- 寻找第k小的数字
- MFC:Win32-Dll及MFC-Dll编写调用
- 程序员对产品的思考暨项目总结:一品茶香
- Pinot中的Dictionary Index源码分析
- 校第十六届大学生程序设计竞赛暨2016省赛集训队选拔赛1002
- Python笔记(4)——Python Web框架
- 解释型语言与编译型语言
- 《华为研发》 张利华
- Nine-patch图片的制作
- JavaScript BOM