uidlg.cpp

把任何动态库导入其他进程。

// UIDlg.cpp : implementation file
//

#include "stdafx.h"
#include "UI.h"
#include "UIDlg.h"
#include <Shlwapi.h> 
#pragma comment(lib,"Shlwapi.lib")

#include <Tlhelp32.h>
#include <psapi.h>

#pragma comment(lib, "psapi")
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif


/*

  #define     WM_COMPAREIMAGE WM_USER +100 

  

void CTestCompareDlg::OnBnClickedButton1() 

{ 

    HANDLE hProcess = NULL; 

    DWORD dwProcessId = 0; 

    HWND hServerWnd = ::FindWindow(NULL,"CompareServer"); 

    if(hServerWnd == NULL) 

    { 

       //Need create the process 

       return ; 

    } 

    ::GetWindowThreadProcessId(hServerWnd,&dwProcessId); 

    hProcess = OpenProcess(PROCESS_VM_OPERATION| 

       PROCESS_VM_WRITE|PROCESS_VM_READ,FALSE,dwProcessId); 

    if(hProcess == NULL) return ; 

  

    MyInfo * pMyInfo = NULL; 

  

    pMyInfo = (MyInfo *)VirtualAllocEx(hProcess,NULL, 

       sizeof(MyInfo),MEM_COMMIT,PAGE_READWRITE); 

  

    if(pMyInfo == NULL) return ; 

    MyInfo myInfo; 

    myInfo.blue = 20.01; 

    myInfo.red = 3333; 

  

    WriteProcessMemory(hProcess,pMyInfo,&myInfo,sizeof(MyInfo),NULL); 

  

    ::SendMessage(hServerWnd,WM_COMPAREIMAGE,sizeof(MyInfo),(LPARAM)pMyInfo); 

    

    DWORD dwRead = 0; 

    MyInfo myInfo2; 

    BOOL bRet = ::ReadProcessMemory(hProcess,pMyInfo,&myInfo2,sizeof(MyInfo),&dwRead); 

  

    dwRead = GetLastError(); 

    m_log.Format("red =%.2f,blue=%.2f",myInfo2.blue,myInfo2.red); 

    TRACE(m_log); 

    VirtualFreeEx(hProcess,pMyInfo,0,MEM_RELEASE); 

    UpdateData(FALSE); 

} 

  

SERVER 程序： 

LRESULT    CMyWindow::OnCompareImage(HWND hWnd,WPARAM wParam,LPARAM lParam) 

{ 

    if(wParam <sizeof(MyInfo)) return -1; 

    MyInfo * pMyInfo = (MyInfo *)lParam; 

  

    sprintf(m_strLog,"client:red=%.2f,blue=%.2f",pMyInfo->red,pMyInfo->blue); 

    ::TextOut(GetDC(hWnd),0,50,m_strLog,strlen(m_strLog)); 

    pMyInfo->blue = 1.0; 

    pMyInfo->red = 2.0; 

    return 0; 

} 

*/

/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
	CAboutDlg();

// Dialog Data
	//{{AFX_DATA(CAboutDlg)
	enum { IDD = IDD_ABOUTBOX };
	//}}AFX_DATA

	// ClassWizard generated virtual function overrides
	//{{AFX_VIRTUAL(CAboutDlg)
	protected:
	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
	//}}AFX_VIRTUAL

// Implementation
protected:
	//{{AFX_MSG(CAboutDlg)
	//}}AFX_MSG
	DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
	//{{AFX_DATA_INIT(CAboutDlg)
	//}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAboutDlg)
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
	//{{AFX_MSG_MAP(CAboutDlg)
		// No message handlers
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CUIDlg dialog

CUIDlg::CUIDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CUIDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CUIDlg)
		// NOTE: the ClassWizard will add member initialization here
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CUIDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CUIDlg)
	DDX_Control(pDX, IDC_EDIT1, m_appname);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CUIDlg, CDialog)
	//{{AFX_MSG_MAP(CUIDlg)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_BUTTON1, OnButton1)
	ON_BN_CLICKED(IDC_BUTTON2, OnButton2)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CUIDlg message handlers

BOOL CUIDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Add "About..." menu item to system menu.

	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		CString strAboutMenu;
		strAboutMenu.LoadString(IDS_ABOUTBOX);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
	
	// TODO: Add extra initialization here
	m_appname.SetWindowText("IEXPLORE.EXE");
	return TRUE;  // return TRUE  unless you set the focus to a control
}

void CUIDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CUIDlg::OnPaint() 
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CUIDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}


int SgmGetModuleDir(HMODULE hMod, char * lpszPath, const int MAX_Len)
{
	char szPath[MAX_PATH];
	
	ZeroMemory(lpszPath, MAX_Len);
	DWORD dwLen = GetModuleFileName(hMod, szPath, MAX_PATH);
	
	--dwLen;
	while(szPath[dwLen] != '\\' && szPath[dwLen] != '/') --dwLen;
	
	memcpy(lpszPath, szPath, dwLen);
	return dwLen;
}

DWORD GetAppID(char* appname)
{
	char exeName[MAX_PATH + 1] = { 0 };
	strcpy(exeName, appname);
	
	DWORD PID = 0;
	HANDLE snapshothandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);   
	PROCESSENTRY32 processentry;   
	processentry.dwSize = sizeof(PROCESSENTRY32);   
	BOOL finded = Process32First(snapshothandle, &processentry);   
	while (finded != NULL)   
	{
		if (strcmp(exeName, strlwr(processentry.szExeFile)) == 0)
		{
			PID = processentry.th32ProcessID;
			break;
		}
		finded = Process32Next(snapshothandle, &processentry);   
	}   
	CloseHandle(snapshothandle);
	return PID;
}

DWORD    LoadRemoteLibrary(DWORD PID,char* pathdll)
{
	DWORD  hLibModule = 0;
	HANDLE hProcess = 	OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | 
		PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ,	FALSE, PID);		
	if ( hProcess!= NULL )
	{
		
		HANDLE hThread;
		char   szLibPath [_MAX_PATH];
		void*  pLibRemote = 0;
		
		HMODULE hKernel32 = ::GetModuleHandle("Kernel32");

		strcpy(szLibPath,pathdll);

		pLibRemote = ::VirtualAllocEx( hProcess, NULL, sizeof(szLibPath), MEM_COMMIT, PAGE_READWRITE );
		if( pLibRemote == NULL )
			return -1;
		::WriteProcessMemory(hProcess, pLibRemote, (void*)szLibPath,sizeof(szLibPath),NULL);

		hThread = ::CreateRemoteThread( hProcess, NULL, 0,	
			(LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32,"LoadLibraryA"),pLibRemote, 0, NULL );
		
		if(hThread ==NULL )
			return -1;

       ::WaitForSingleObject( hThread, INFINITE );

	   ::GetExitCodeThread( hThread, &hLibModule );

		if( hLibModule == NULL )
			return -1;

		::CloseHandle( hThread );
        ::VirtualFreeEx( hProcess, pLibRemote, sizeof(szLibPath), MEM_RELEASE );

	  ::CloseHandle( hThread );
	}
	CloseHandle( hProcess );
	return hLibModule;
}

int FreeRemoteLibrary(DWORD PID,DWORD ExitCode,char* pathdll )
{
	HANDLE hProcess = 	OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | 
		PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ,	FALSE, PID);		
	if ( hProcess!= NULL )
	{
		
		HANDLE hThread;
		HMODULE hKernel32 = ::GetModuleHandle("Kernel32");
		
		hThread = ::CreateRemoteThread( hProcess,NULL, 0,(LPTHREAD_START_ROUTINE) ::GetProcAddress(hKernel32,"FreeLibrary"),
			(void*)ExitCode,	0, NULL );
		if( hThread == NULL )	
			return -1;
		
		::WaitForSingleObject( hThread, INFINITE );
		::CloseHandle( hThread );
	}
	CloseHandle( hProcess );
	return 0;
}

DWORD  RRCode;
void CUIDlg::OnButton1() 
{
	char path[512];
	SgmGetModuleDir(GetModuleHandle(NULL), path, 512);
	
	char path1[512];
	memset(path1,0,512);
	wsprintf(path1,"%s\\VAProxy.dll", path);

	CString appname;
	m_appname.GetWindowText(appname);

    appname.MakeLower();
    DWORD AppId=GetAppID((char *)(LPCTSTR)appname);
	
	if(AppId==0)
	{
		return;
	}
	
	RRCode=LoadRemoteLibrary(AppId,path1);
}

void CUIDlg::OnButton2() 
{
	// TODO: Add your control notification handler code here

	char path[512];
	SgmGetModuleDir(GetModuleHandle(NULL), path, 512);
	
	char path1[512];
	memset(path1,0,512);
	wsprintf(path1,"%s\\VAProxy.dll", path);
	
	CString appname;
	m_appname.GetWindowText(appname);
	
    appname.MakeLower();
    DWORD AppId=GetAppID((char *)(LPCTSTR)appname);
	
	if(AppId==0)
	{
		return;
	}
	 FreeRemoteLibrary(AppId,RRCode,path1);
}