全局钩子（HOOK），挂接API，远程线程(100分)

catkiller · 2006-01-04

请问各位高手，我写了一个dll，想让系统rundll32.exe启动这个dll，该如何实现。虽然我知道那几种方式可以，但不知道怎么开头，请高手能给个例子。谢谢

divelove2003 · 2006-01-04

帮顶。。。。。。

jingtao · 2006-01-26

随便写即可. rundll32.exe c:/p.dll,**** 其中fuck是你dll导出的过程名称

dongejkle · 2006-01-28

帮顶! http://www.source520.com 站长开发推广同盟站长朋友的终极驿站 同时拥有海量源码电子经典书籍下载 http://www.source520.com/search/search.asp "编程.站长"论坛搜索引擎-----为中国站长注入动力!

全文检索 · 2006-03-16

收藏 我现在只能做到用explorer.exe启动自已的DLL

hzm7512 · 2006-04-24

procedure FindAProcess(const AFilename: string; const PathMatch: Boolean; var ProcessID: DWORD); var  lppe: TProcessEntry32;  SsHandle: Thandle;  FoundAProc, FoundOK: boolean; begin  ProcessID :=0;  SsHandle := CreateToolHelp32SnapShot(TH32CS_SnapProcess, 0);  FoundAProc := Process32First(Sshandle, lppe);  while FoundAProc do  begin    if PathMatch then      FoundOK := AnsiStricomp(lppe.szExefile, PChar(AFilename)) = 0    else      FoundOK := AnsiStricomp(PChar(ExtractFilename(lppe.szExefile)), PChar(ExtractFilename(AFilename))) = 0;    if FoundOK then    begin      ProcessID := lppe.th32ProcessID;      break;    end;    FoundAProc := Process32Next(SsHandle, lppe);  end;  CloseHandle(SsHandle); end; function EnabledDebugPrivilege(const bEnabled: Boolean): Boolean; var  hToken: THandle;  tp: TOKEN_PRIVILEGES;  a: DWORD; const  SE_DEBUG_NAME = 'SeDebugPrivilege'; begin  Result := False;  if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken)) then  begin    tp.PrivilegeCount := 1;    LookupPrivilegeValue(nil, SE_DEBUG_NAME, tp.Privileges[0].Luid);    if bEnabled then      tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED    else      tp.Privileges[0].Attributes := 0;    a := 0;    AdjustTokenPrivileges(hToken, False, tp, SizeOf(tp), nil, a);    Result := GetLastError = ERROR_SUCCESS;    CloseHandle(hToken);  end; end; function AttachToProcess(const HostFile, GuestFile: string; const PID: DWORD = 0): DWORD; var  hRemoteProcess: THandle;  dwRemoteProcessId: DWORD;  cb: DWORD;  pszLibFileRemote: Pointer;  iReturnCode: Boolean;  TempVar: DWORD;  pfnStartAddr: TFNThreadStartRoutine;  pszLibAFilename: PwideChar; begin  Result := 0;  EnabledDebugPrivilege(True);  Getmem(pszLibAFilename, Length(GuestFile) * 2 + 1);  StringToWideChar(GuestFile, pszLibAFilename, Length(GuestFile) * 2 + 1);  if PID > 0 then     dwRemoteProcessID := PID  else     FindAProcess(HostFile, False, dwRemoteProcessID);  hRemoteProcess := OpenProcess(PROCESS_CREATE_THREAD + {ÔÊÐíÔ¶³Ì´´½¨Ïß³Ì}      PROCESS_VM_OPERATION + {ÔÊÐíÔ¶³ÌVM²Ù×÷}      PROCESS_VM_WRITE, {ÔÊÐíÔ¶³ÌVMÐ´}      FALSE, dwRemoteProcessId);  cb := (1 + lstrlenW(pszLibAFilename)) * sizeof(WCHAR);  pszLibFileRemote := PWIDESTRING(VirtualAllocEx(hRemoteProcess, nil, cb, MEM_COMMIT, PAGE_READWRITE));  TempVar := 0;  iReturnCode := WriteProcessMemory(hRemoteProcess, pszLibFileRemote, pszLibAFilename, cb, TempVar);  if iReturnCode then  begin    pfnStartAddr := GetProcAddress(GetModuleHandle('Kernel32'), 'LoadLibraryW');    TempVar := 0;    Result := CreateRemoteThread(hRemoteProcess, nil, 0, pfnStartAddr, pszLibFileRemote, 0, TempVar);  end;  Freemem(pszLibAFilename); end; procedure TForm1.Button1Click(Sender: TObject); begin   AttachToProcess('QQ.exe', 'D:/iNDS-Top/Client/NDSDLL.dll'); end;

全局钩子（HOOK），挂接API，远程线程(100分)

catkiller

Unregistered / Unconfirmed

divelove2003

Unregistered / Unconfirmed

jingtao

Unregistered / Unconfirmed

dongejkle

Unregistered / Unconfirmed

全文检索

Unregistered / Unconfirmed

hzm7512

Unregistered / Unconfirmed

Similar threads