菜鸟问题。。。。(200分)

pertty · 2006-11-29

下面是dll工程文件： library drHook; { Important note about DLL memory management: ShareMem must be the  first unit in your library's USES clause AND your project's (select  Project-View Source) USES clause if your DLL exports any procedures or  functions that pass strings as parameters or function results. This  applies to all strings passed to and from your DLL--even those that  are nested in records and classes. ShareMem is the interface unit to  the BORLNDMM.DLL shared memory manager, which must be deployed along  with your DLL. To avoid using BORLNDMM.DLL, pass string information  using PChar or ShortString parameters. } uses  SysUtils,  Classes,  Unit2 in 'Unit2.pas',  Unit1 in 'Unit1.pas' {Form1}; var {$R *.res} exports  CreateKeyboardHook,  DestroyKeyboardHook; begin  hNextHookProc := 0;  procSaveExit := ExitProc;  ExitProc := @KeyboardHookExit; end. dll中键盘钩子unit： unit Unit2; interface uses  Windows, SysUtils,forms; var  hNextHookProc: HHook;  procSaveExit: Pointer; function KeyboardHookProc(code: Integer; wparam: WPARAM;  lparam: LPARAM): LRESULT stdcall; export; function CreateKeyboardHook: BOOL; stdcall; export; function DestroyKeyboardHook: BOOL; stdcall; export; procedure KeyboardHookExit; implementation uses Unit1; var  hthradhandle:dword;  dwthradid:dword; function KeyboardHookProc(code: Integer; wparam: WPARAM;  lparam: LPARAM): LRESULT; const  _KeyProcessMask = $80000000; var    GameSwitch: Word;    //程序热键    hwnd:dword;    classname: pchar; begin  Result := 0;  if code < 0 then  begin    Result := Windows.CallNextHookEx(hNextHookProc, code, wparam, lparam);    Exit;  end;  hwnd:=findwindow(nil,'Element Client');  if ((lparam and _KeyProcessMask) = 0) and (wparam = GameSwitch) then  begin    hwnd:=getforegroundwindow ();                           //获取当前窗体句柄    GetMem (classname, 255);    getclassname (hwnd, classname, 255);    if form1 <> nil then Form1.show                 //如果dll窗体加载了就显示    else begin        try        Form1 := TForm1.CreateParented (hwnd) ;       //dllform创建        Form1.Show;        except        Form1.free;        end;        end;      freeMem(classname);  end; end; function CreateKeyboardHook: BOOL; begin  Result := false;  if hNextHookProc <> 0 then    exit;  hNextHookProc := Windows.SetWindowsHookEx(WH_KEYBOARD, @KeyboardHookProc,    hInstance, 0);  Result := hNextHookProc <> 0; end; function DestroyKeyboardHook: BOOL; begin  if hNextHookProc <> 0 then  begin    Windows.UnhookWindowsHookEx(hNextHookProc);    hNextHookProc := 0;  end;  Result := hNextHookProc = 0; end; procedure KeyboardHookExit; begin  if hNextHookProc <> 0 then    DestroyKeyboardHook;  ExitProc := procSaveExit; end;  GameSwitch := VK_HOME;  //定义程序热键  hthradhandle := createthread(nil,0,@CreateKeyboardHook,nil,0,dwthradid); end. dll中窗体unit： unit Unit1; interface uses  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,  Dialogs; type  TForm1 = class(TForm)  private    { Private declarations }  public    { Public declarations }  end; var  Form1: TForm1; implementation {$R *.dfm} end. 下面是调用主程序工程文件代码： unit Unit1; interface uses  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,  Dialogs, StdCtrls, Buttons; type  TForm1 = class(TForm)    BitBtn1: TBitBtn;    BitBtn2: TBitBtn;    Memo1: TMemo;    procedure BitBtn1Click(Sender: TObject);    procedure FormDestroy(Sender: TObject);  private    { Private declarations }  public    { Public declarations }  end; var  Form1: TForm1; implementation {$R *.dfm} function CreateKeyboardHook: BOOL; external 'drHook.dll'; function DestroyKeyboardHook: BOOL; external 'drHook.dll'; procedure GetDebugPrivs;   //提升程序权限过程 var  hToken: THandle;  tkp: TTokenPrivileges;  retval: dword; begin  If (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, hToken)) then  begin    LookupPrivilegeValue(nil, 'SeDebugPrivilege'  , tkp.Privileges[0].Luid);    tkp.PrivilegeCount := 1;    tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;    AdjustTokenPrivileges(hToken, False, tkp, 0, nil, retval);  end; end; procedure TForm1.BitBtn1Click(Sender: TObject); var  h:longword; //放句柄，中间顺便暂放下PID  tmp:longword;//这个专门来占格式收集垃圾  DllName

char;  Mysize:longword;//放字符串长度  Parameter

ointer;//放那个参数的指针（位置在目标进程内） begin  GetDebugPrivs;             //提升权限  DLLName:=pchar(extractfilepath(paramstr(0))+'drHook.dll');  //下面是代码注入  Mysize:=strlen(Dllname)+1;  GetWindowThreadProcessId(FindWindow('Element Client', nil), @h);  h:=OpenProcess(PROCESS_ALL_ACCESS, False, h);  Parameter:= VirtualAllocEx(h, nil, Mysize, MEM_COMMIT, PAGE_READWRITE);  WriteProcessMemory(h, Parameter, Pointer(DllName), MySize, tmp);  CreateRemoteThread(h,nil,  0, GetProcAddress(GetModuleHandle         ('KERNEL32.DLL'), 'LoadLibraryA'), Parameter, 0 , tmp); end; procedure TForm1.FormDestroy(Sender: TObject); begin   DestroyKeyboardHook; end; end. 这个该死的问题已经困扰我n天了。。。谁能帮我解决就给分。  就是一个在游戏中调出窗口的问题。。我这个要用到dll注入。。当然如果有其他的方法也可以！ QQ 378798095

pertty · 2006-12-01

居然没有人知道。。。。。

lihanbo · 2006-12-01

我比你菜鸟多了!!!

tianlove · 2006-12-01

[

]看不懂,菜鸟来学习

dcs_dcs · 2006-12-01

我也是菜鸟

pertty · 2006-12-02

受不了你们了。。。

Writer · 2006-12-02

往代码里专是没用的，关键是你懂了理原没……

pertty · 2006-12-02

嗯，有道理，但是我就是写不了啊。。。 还有，什么书比较全点的介绍delphi

菜鸟问题。。。。(200分)

pertty

Unregistered / Unconfirmed

pertty

Unregistered / Unconfirmed

lihanbo

Unregistered / Unconfirmed

tianlove

Unregistered / Unconfirmed

dcs_dcs

Unregistered / Unconfirmed

pertty

Unregistered / Unconfirmed

Writer

Unregistered / Unconfirmed

pertty

Unregistered / Unconfirmed

Similar threads