dllmain.c

标取词vc代码 欢迎大家下载

#include <windows.h>
#include <STDIO.H>

HHOOK hMouseHook;
LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam);
static	char fname[64],modulename[64],trash[640];
static BOOL  BeenHooked=FALSE;
BOOL flag=FALSE;
DWORD SysFunc1,SysFunc2,SysFunc3,SysFunc4;
DWORD MyFunc1,MyFunc2,MyFunc3,MyFunc4;

BOOL ChangeFuncEntry(HANDLE,int);
BOOL IsSysDll(char *name);
void SendText(HDC hdc,LPCSTR lpszString,UINT cbString);
//list all modules
char modules[100][16];
static int index=0;
static RECT  rect;

BOOL APIENTRY DllMain(HANDLE hModule,DWORD reason,LPVOID lpReserved)
{
	switch( reason )
	{
	case DLL_PROCESS_ATTACH:
		GetModuleFileName(GetModuleHandle(NULL),modulename,64);
		CharLower(modulename);
		//MessageBox(NULL,modulename,"inject into process",MB_OK);
		//wsprintf(trash,"%ld %ld\n%ld %ld\n%ld %ld\n%ld %ld",SysFunc1,MyFunc1,SysFunc2,MyFunc2,SysFunc3,MyFunc3,SysFunc4,MyFunc4);
		//MessageBox(NULL,"",trash,MB_OK);

		
		/*if(strcmp(modulename,"notepad.exe"))
			flag=TRUE;
		MessageBox(NULL,modulename,"inject into process",MB_OK);*/
		break;
	case DLL_PROCESS_DETACH:
		break;
	}
    return TRUE;
}

BOOL InstallMouseHook() 
{
	hMouseHook =SetWindowsHookEx(WH_MOUSE,(HOOKPROC)MouseProc,GetModuleHandle("hookdll.dll"),0);//GetCurrentThreadId());
	if ( hMouseHook == NULL)
		return FALSE;
    return TRUE ;
}
BOOL UninstallMouseHook()
{
	UnhookWindowsHookEx(hMouseHook);
	return TRUE;
}
LRESULT CALLBACK MouseProc(int nCode, WPARAM wParam, LPARAM lParam)
{
	LPMOUSEHOOKSTRUCT lpMouseHookStruct;
	HWND hwnd;
	POINT MousePoint;
	static POINT old;
	int i;
	char modulelist[1600];
	DWORD base;
	MEMORY_BASIC_INFORMATION    mbi;

//"E:\Program Files\DevStudio\SharedIDE\bin\Msdev.exe"
//"c:\\temp\\testhook\\debug\\testhook.exe"
	
	if (nCode < 0)  // do not process the message 
		return CallNextHookEx(hMouseHook, nCode,	wParam, lParam);
	//if(strcmp(modulename,"c:\\notepad.exe"))
	//	return CallNextHookEx(hMouseHook, nCode,	wParam, lParam);

	base=0;
	while(VirtualQuery (base, &mbi, sizeof (mbi))>0)
	{
		if(mbi.Type==MEM_IMAGE)
			ChangeFuncEntry((DWORD)mbi.BaseAddress,1);
		base=(DWORD)mbi.BaseAddress+mbi.RegionSize;
	}
	//if(!BeenHooked)
	{
		/*BeenHooked=TRUE;
		ChangeFuncEntry(GetModuleHandle(NULL),1);
		ChangeFuncEntry(GetModuleHandle("imm32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("comctl32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("shell32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("comdlg32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("advapi32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("rpcrt4.dll"),1);
		ChangeFuncEntry(GetModuleHandle("user32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("kernel32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("ntdll.dll"),1);
		ChangeFuncEntry(GetModuleHandle("msvcrt.dll"),1);
		//for msdev
		ChangeFuncEntry(GetModuleHandle("devshl.dll"),1);
		ChangeFuncEntry(GetModuleHandle("mfc42.dll"),1);
		ChangeFuncEntry(GetModuleHandle("oleaut32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("lz32.dll"),1);
		ChangeFuncEntry(GetModuleHandle("version.dll"),1);
		ChangeFuncEntry(GetModuleHandle("ole32.dll"),1);
		*/
		/*UnChangeFuncEntry(GetModuleHandle(NULL));
		UnChangeFuncEntry(GetModuleHandle("imm32.dll"));
		UnChangeFuncEntry(GetModuleHandle("comctl32.dll"));
		UnChangeFuncEntry(GetModuleHandle("shell32.dll"));
		UnChangeFuncEntry(GetModuleHandle("comdlg32.dll"));
		UnChangeFuncEntry(GetModuleHandle("advapi32.dll"));
		UnChangeFuncEntry(GetModuleHandle("rpcrt4.dll"));
		UnChangeFuncEntry(GetModuleHandle("user32.dll"));
		UnChangeFuncEntry(GetModuleHandle("kernel32.dll"));
		UnChangeFuncEntry(GetModuleHandle("ntdll.dll"));
		UnChangeFuncEntry(GetModuleHandle("msvcrt.dll"));
		//for msdev
		UnChangeFuncEntry(GetModuleHandle("devshl.dll"));
		UnChangeFuncEntry(GetModuleHandle("mfc42.dll"));
		UnChangeFuncEntry(GetModuleHandle("oleaut32.dll"));
		UnChangeFuncEntry(GetModuleHandle("lz32.dll"));
		UnChangeFuncEntry(GetModuleHandle("version.dll"));
		UnChangeFuncEntry(GetModuleHandle("ole32.dll"));
		*/
	}
	
	 
 	 if ( wParam == WM_MOUSEMOVE ) {
		 lpMouseHookStruct = (LPMOUSEHOOKSTRUCT)lParam;
		 MousePoint=lpMouseHookStruct->pt;
		 //if(old.x==MousePoint.x&&old.y==MousePoint.y)
		 //	 return CallNextHookEx(hMouseHook, nCode,	wParam, lParam);
		 old.x=MousePoint.x;
		 old.y=MousePoint.y;

		 hwnd=WindowFromPoint(MousePoint);
		 ScreenToClient(hwnd,&MousePoint);
		 rect.left=MousePoint.x-100;
		 rect.top=MousePoint.y-3;
		 rect.right=MousePoint.x+100;
		 rect.bottom=MousePoint.y+3;
		 InvalidateRect(hwnd,&rect,FALSE);
		 //InvalidateRect(hwnd,NULL,FALSE);
	 }
	 return CallNextHookEx(hMouseHook, nCode, wParam, lParam);
}
BOOL ChangeFuncEntry(HMODULE hmodule,int level)
{
    PIMAGE_DOS_HEADER pDOSHeader;
    PIMAGE_NT_HEADERS pNTHeader;
    PIMAGE_IMPORT_DESCRIPTOR pImportDesc;
	BOOL bSuccess = FALSE;
	char buffer[1024],buffer1[1024];
    static int times=0;
	//int i,j;
    BOOL you=FALSE;
	DWORD MyFunc1; 
    DWORD dwProtect,temp;

	/*if(!strcmp(modulename,"c:\\notepad.exe"))
	{
	GetModuleFileName(hmodule,fname,64);
	wsprintf(buffer,"module is %s.level=%d",fname,level);
	MessageBox(NULL,buffer,"",MB_OK);
	}*/
	/*get system functions and my functions' entry*/
	SysFunc1=(DWORD)GetProcAddress(GetModuleHandle("gdi32.dll"),"TextOutA");
	MyFunc1= (DWORD)GetProcAddress(GetModuleHandle("hookdll.dll"),"MyTextOutA");
	SysFunc2=(DWORD)GetProcAddress(GetModuleHandle("gdi32.dll"),"TextOutW");
	MyFunc2= (DWORD)GetProcAddress(GetModuleHandle("hookdll.dll"),"MyTextOutW");
	SysFunc3=(DWORD)GetProcAddress(GetModuleHandle("gdi32.dll"),"ExtTextOutA");
	MyFunc3= (DWORD)GetProcAddress(GetModuleHandle("hookdll.dll"),"MyExtTextOutA");
	SysFunc4=(DWORD)GetProcAddress(GetModuleHandle("gdi32.dll"),"ExtTextOutW");
	MyFunc4= (DWORD)GetProcAddress(GetModuleHandle("hookdll.dll"),"MyExtTextOutW");
	
	pDOSHeader=(PIMAGE_DOS_HEADER)hmodule;
	
	
	wsprintf(buffer,"textoua are %ld %ld\n%ld %ld\n%ld %ld\n%ld %ld\n",SysFunc1,MyFunc1,SysFunc2,MyFunc2,SysFunc3,MyFunc3,SysFunc4,MyFunc4);
	//MessageBox(NULL,buffer,"",MB_OK);
	

    if (IsBadReadPtr(hmodule, sizeof(PIMAGE_NT_HEADERS)))
        return FALSE;
    
    if (pDOSHeader->e_magic != IMAGE_DOS_SIGNATURE)
        return FALSE;
    
    pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pDOSHeader+(DWORD)pDOSHeader->e_lfanew);
    if (pNTHeader->Signature != IMAGE_NT_SIGNATURE)
        return FALSE;
    
    pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)hmodule+(DWORD)pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
    
    if (pImportDesc == (PIMAGE_IMPORT_DESCRIPTOR)pNTHeader) 
		return FALSE;
    
	while (pImportDesc->Name) 
	{
		PIMAGE_THUNK_DATA pThunk;
		strcpy(buffer,(char*)((DWORD)hmodule+(DWORD)pImportDesc->Name));
		CharLower(buffer);

		/*if(!strcmp(buffer,"kernel32.dll")||
			//!strcmp(buffer,"user32.dll")||	
			!strcmp(buffer,"imm32.dll")||	
			//!strcmp(buffer,"comctl32.dll")||	
			//!strcmp(buffer,"comdlg32.dll")||	
			!strcmp(buffer,"ntdll.dll")||
			!strcmp(buffer,"advapi32.dll")||
			!strcmp(buffer,"hookdll.dll"))
			//MessageBox(NULL,buffer,"system dll",MB_OK);
			//return 0;*/
		if(strcmp(buffer,"gdi32.dll"))
		{
			pImportDesc++;
			continue;
		}
		else //if(!strcmp(buffer,"gdi32.dll"))
		{
			//GetModuleFileName(hmodule,fname,64);
			//wsprintf(buffer,"find gdi32 in %s",fname);
			//wsprintf(buffer1,"level is %d",level);
			//MessageBox(NULL,buffer,buffer1,MB_OK);
			pThunk=(PIMAGE_THUNK_DATA)((DWORD)hmodule+(DWORD)pImportDesc->FirstThunk);
			while (pThunk->u1.Function) 
			{
				if ((pThunk->u1.Function) == SysFunc1) 
				{
					//MessageBox(NULL,fname,"textoua textoua textoua textoua textoua",MB_OK);
					if(!IsBadWritePtr((LPVOID)(&pThunk->u1.Function), sizeof(DWORD)))
						(pThunk->u1.Function)=MyFunc1;
					else
					{
						if(VirtualProtect((LPVOID)(&pThunk->u1.Function), sizeof(DWORD),PAGE_EXECUTE_READWRITE, &dwProtect))
						{
							(pThunk->u1.Function)=MyFunc1;
							VirtualProtect((LPVOID)(&pThunk->u1.Function), sizeof(DWORD),dwProtect,&temp);
						}
						else
							MessageBox(NULL,fname,"textoua UNABLE UNABLE UNABLE UNABLE ",MB_OK);
					}
				}
				else if((pThunk->u1.Function) == SysFunc2)
				{