npextend.cpp

扩展记事本功能的VC程序

#include <windows.h>

void ALRemoteInsertdll(DWORD,LPCTSTR);

HWND texthwnd;
HINSTANCE hLibrary;  
FARPROC pfn;
double winver = NULL; 

int WINAPI WinMain(HINSTANCE,HINSTANCE,LPSTR lpCmdLine,int)
{
	PROCESS_INFORMATION pi;
	STARTUPINFO si;
	memset(&si, 0, sizeof(si));    
	si.cb = sizeof(si); 
	si.dwFlags = STARTF_USESHOWWINDOW;
	si.wShowWindow =SW_HIDE;
 
	char* cmdline1;
	char strs1[MAX_PATH]="Notepad.exe ";
	cmdline1=lpCmdLine;	
	strcat(strs1,cmdline1);

	try{
	BYTE i = CreateProcess(	NULL, 
						strs1,
						NULL, 
						NULL, 
						FALSE,
						NORMAL_PRIORITY_CLASS, 
						NULL,   
						NULL, 
						&si, 
						&pi);
	if(!i)
		throw "  \"Notepad.exe\"文件未找到!";
	WaitForInputIdle(pi.hProcess, INFINITE);
	}
	catch(char* str)
	{
		MessageBox(NULL,str,NULL,MB_OK);
		return FALSE;
	}
	
	char str[20];
	OSVERSIONINFO osvi;
	osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
	GetVersionEx(&osvi);		
	wsprintf(str,"%d.%d",osvi.dwMajorVersion,osvi.dwMinorVersion);
	winver = atof(str);	

	char dllname[18] = "DllExtend.dll";
	try{
		DWORD i = SearchPath(NULL,dllname,NULL,NULL,NULL,NULL);
		if(!i)
			throw "\"DllExtend.dll\"文件丢失!";

		if(winver >= 5.0)       
			ALRemoteInsertdll(pi.dwProcessId,dllname);   
		else
		{																			
			hLibrary=LoadLibrary(dllname);  
			pfn=GetProcAddress(hLibrary,"SetHook");
			(*pfn)();
		}
	}
	catch(char* str)
	{
		MessageBox(NULL,str,NULL,MB_OK);
		return FALSE;
	}

	texthwnd=FindWindow("Notepad",NULL);
	ShowWindow(texthwnd,SW_SHOW);

	CloseHandle(pi.hThread); 
	CloseHandle(pi.hProcess);
	ExitProcess(0);
	return FALSE;
}

void ALRemoteInsertdll(DWORD dwProcessId,LPCTSTR pszDllFile)
{
	HANDLE hThread = NULL;
	HANDLE hProcess = NULL;
	LPTSTR pszDllFileRemote = NULL;

	__try
	{	
		hProcess = OpenProcess( PROCESS_CREATE_THREAD|
							    PROCESS_VM_OPERATION|
								PROCESS_VM_WRITE,
								FALSE,
								dwProcessId);
		if(hProcess == NULL)
			__leave;

		int cb =lstrlen(pszDllFile);
		pszDllFileRemote = (LPSTR)VirtualAllocEx(hProcess,
												NULL,	
												cb,
												MEM_COMMIT,	
												PAGE_READWRITE);
		if(pszDllFileRemote == NULL)
			__leave;

		if(!WriteProcessMemory(hProcess,
								pszDllFileRemote,
								(PVOID)pszDllFile,
								cb,	
								NULL))
			__leave;
		
		PTHREAD_START_ROUTINE pThreadLib = (PTHREAD_START_ROUTINE)
			GetProcAddress(GetModuleHandle(TEXT("Kernel32")),"LoadLibraryA");
		if(pThreadLib == NULL)
			__leave;
		
		hThread = CreateRemoteThread(hProcess,
									NULL,
									0,
									pThreadLib,
									pszDllFileRemote,
									0,
									NULL);
		if(hThread == NULL)
			__leave;
		
		WaitForSingleObject(hThread,INFINITE);
	}
	__finally
	{
		if(pszDllFileRemote != NULL)
			VirtualFreeEx(hProcess,pszDllFileRemote,0,MEM_RELEASE);

		if(hThread != NULL)	
			CloseHandle(hThread);

		if(hProcess != NULL)
			CloseHandle(hProcess);
	}
	return;
}