Category

Development Platform
Home > SourceCode/Document > Windows Develop > Hook api > View Code
mydll.cpp
Package: HookAPI [view]
Upload User: nbcables
Upload Date: 2007-01-11
Package Size: 1243k
Code Size: 2k
Category:

Hook api

Development Platform:

Visual C++

mydll.cpp:Code Content
  1. // ------------------------------------- //
  2. // 您如果要使用本文件,请不要删除本说明  //
  3. // ------------------------------------- //
  4. //             HOOKAPI 开发例子          //
  5. //   Copyright 2002 编程沙龙 Paladin     //
  6. //       www.ProgramSalon.com            //
  7. // ------------------------------------- //
  9. #include "stdafx.h"
  10. #include <stdio.h>
  12. #include "mydll.h"
  13. #include "util.h"
  14. #include "psapi.h"
  15. #include "tlhelp32.h"
  16. #include "ps.h"
  18. HINSTANCE g_hInstance =NULL;
  20. BOOL APIENTRY DllMain( HANDLE hModule, 
  21.                        DWORD  ul_reason_for_call, 
  22.                        LPVOID lpReserved
  23.  )
  24. {
  25. g_hInstance =(HINSTANCE)hModule;
  27.     return TRUE;
  28. }
  30. // 截获执行notepad.exe文件的例子,在explorer中点击winntnotepad.exe,然后
  31. // 使用任务管理器查看进程,就发现有个notepad2.exe进程
  33. DWORD WINAPI myCreateProcessW(
  34. LPCWSTR lpApplicationName,
  35. LPWSTR lpCommandLine, 
  36. LPSECURITY_ATTRIBUTES lpProcessAttributes,
  37. LPSECURITY_ATTRIBUTES lpThreadAttributes,
  38. BOOL bInheritHandles,
  39. DWORD dwCreationFlags,
  40. LPVOID lpEnvironment,
  41. LPCWSTR lpCurrentDirectory,
  42. LPSTARTUPINFOW lpStartupInfo,
  43. LPPROCESS_INFORMATION lpProcessInformation
  44. )
  45. {
  46. char cmd[600];
  47. int len =WideCharToMultiByte( CP_ACP, 0, lpCommandLine, -1, cmd, sizeof(cmd),NULL,NULL); 
  48. cmd[len] =0;
  50. WriteLog("CreateProcessW :cmd=%s", cmd);
  51. strtok(cmd, " ");  //去掉空格
  52. strupr(cmd);
  53. if(cmd[0] =='"')  // 去掉引号
  54. {
  55. memmove(cmd, &cmd[1], strlen(cmd)-1);
  56. cmd[strlen(cmd)-2] =0;
  57. }
  59. if(strstr(cmd, "NOTEPAD.EXE"))  // 复制文件并将命令定位到c:notepad2.exe
  60. {
  61. WriteLog("found ok, cmd=%s", cmd);
  62. CopyFile(cmd, "c:\notepad2.exe", 0);  //可以在此处解密notepad.exe为notepad2.exe
  63. strcpy(cmd, "c:\notepad2.exe");
  64. }
  65. WCHAR wcmd[600];
  66. len =MultiByteToWideChar( CP_ACP, 0, cmd, strlen(cmd), wcmd, sizeof(wcmd)); 
  67. wcmd[len] =0;
  69. BOOL ifsuccess = CreateProcessW(NULL/*lpApplicationName*/,
  70. wcmd, lpProcessAttributes,
  71. lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment,
  72. lpCurrentDirectory, lpStartupInfo, lpProcessInformation);
  73. DWORD err =GetLastError();
  74. SetLastError(err);
  75. return (DWORD)ifsuccess;
  76. }
  78. MYAPIINFO myapi_info[] =
  79. {
  80. {"KERNEL32.DLL", "CreateProcessW(1,2,3,4,5,6,7,8,9,10)", "myCreateProcessW"},
  81. {NULL,NULL,NULL}
  82. };
  84. MYAPIINFO *GetMyAPIInfo()
  85. {
  86. return &myapi_info[0];
  87. }