Jump to content
SlicK

Subclasarea ferestrelor

By SlicK, in Tutoriale in romana

Recommended Posts

SlicK Newbie

SlicK

Posted
Posted 

  Subclasarea ferestrelor prin injectarea unui dll

Autor: SlicK
Data: 5/26/2007
Website: rstzone.net
Mediu de programare: Dev-C++ 4.9.9.2/WIN32
Nivel: Mediu

>>  Introducere

  Un fisier cu extensia dll(acronim de la "Dynamic Link Library") este o colectie
de functii care pot fi folosite de un program sau mai multe in acelasi timp.
Avantajul unui dll este ca nu este incarcat in memoria RAM la rularea programului
salvand astfel memorie pentru alte procese.

  Tehnica pe care o voi prezenta in continuare numita "Dll Injection" este o metoda
prin care putem rula un cod propriu(aflat in dll) in spatiul de memorie al altui
program modificad comportamentul acestuia.

>> Exemplificare

  In acest tutorial voi prezenta cum putem injecta un dll in Notepad adaugandu-i un meniu propriu

  Pentru a injecta un dll in spatiul de memorie al altui program avem nevoie noi insine  
de un program care sa faca acest lucru. Codul urmator face acest lucru.

===== loader.cpp ======

#include <windows.h>

BOOL DllInject(HANDLE,LPSTR); // delaram functia

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
  while(1) // ciclu pana la gasirea unei ferestre "Notepad"
  {
    Sleep(100); // evitam supraincarcarea
    HWND hwNot=FindWindow("Notepad",NULL); //cautam fereastra
    if(hwNot!=NULL)
    {
      DWORD pid; GetWindowThreadProcessId(hwNot,&pid); // obtinem PID'ul
      HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid); // deschidem procesul
      if(hProcess!=NULL)
      {
        if(!DllInject(hProcess,"C:\\<DIRECTOR>\\dll.dll")) // injectam dll'ul in procesul respectiv
        {
          MessageBox(NULL,"Eroare la injectare","Eroare",MB_OK|MB_ICONERROR);
        }
        break;
      }
    }
  }
  return(0);
}

// aceasta este functia care injecteaza un dll intr'un proces (credit rohitab.com)
BOOL DllInject(HANDLE hProcess,LPSTR lpszDllPath)
{
  HMODULE hmKernel=GetModuleHandle("Kernel32");
  if(hmKernel==NULL || hProcess==NULL) return(FALSE);
  int nPathLen=lstrlen(lpszDllPath)+1;
  LPVOID lpvMem=VirtualAllocEx(hProcess,NULL,nPathLen,MEM_COMMIT,PAGE_READWRITE);
  WriteProcessMemory(hProcess,lpvMem,lpszDllPath,nPathLen,NULL);
  DWORD dwWaitResult,dwExitResult=0;
  HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)GetProcAddress(hmKernel,"LoadLibraryA"),lpvMem,0,NULL);
  if(hThread!=NULL)
  {
    dwWaitResult=WaitForSingleObject(hThread,10000);
    GetExitCodeThread(hThread,&dwExitResult);
    CloseHandle(hThread);
  }
  VirtualFreeEx(hProcess,lpvMem,0,MEM_RELEASE);
  return ((dwWaitResult!=WAIT_TIMEOUT) && (dwExitResult>0));
}

=======================

  Pana aici am reusit sa injectam un dll in fereastra Notepad. Dar care este Dll'ul?

Codul urmator trebuie compilat intr-un proiect de tip DLL.

===== dll.cpp =====

#include <windows.h>

DWORD WINAPI Main(); // declaram cele doua functii
LRESULT CALLBACK NewWndProc(HWND,UINT,WPARAM,LPARAM);

LONG OldWndProc; // procedura de fereastra Notepad

//acesta este entry pointul intr-un dll, la fel ca "WinMain"
extern "C" BOOL WINAPI DllMain(HINSTANCE hInst,DWORD Reason,LPVOID Null)
{
  switch(Reason)
  {
    case DLL_PROCESS_ATTACH: //cand dll'ul este atasat la un proces
    {
      MessageBox(NULL,"Dll Atasat","DLL",MB_OK);
      CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)&Main,NULL,0,NULL); // creeam un thread nou pentru a nu bloca aplicatia
    }
    break;

    case DLL_PROCESS_DETACH: //cand dll'ul este detasat de un proces(cant procesul este inchis)
    {
      MessageBox(NULL,"Dll Detasat","DLL",MB_OK);
    }
    break;
  }
  return true;
}

// functia din noul thread
DWORD WINAPI Main()
{
  HWND hwNot=FindWindow("Notepad",NULL); // cautam fereastra Notepad
// in continuare vom obtine meniul original al Notepad-ului si-i voi adauga o sectiune proprie
  HMENU hOldMen=GetMenu(hwNot);
  HMENU hNewMen=CreateMenu();
  AppendMenu(hOldMen,MF_STRING | MF_POPUP,(unsigned int)hNewMen,"Tutorial");
  AppendMenu(hNewMen,MF_STRING,2000,"Buton"); // 2000 este indentificatorul meniului nou
  DrawMenuBar(hwNot);

// Subclasam procedura de fereastra a Notepad-ului cu o procedura proprie pentru
// a putea intercepta mesajele trmise de diferitele elemente ale ferestrei
// in cazul de fata atunci cand este selectat meniul nou
  OldWndProc=SetWindowLong(hwNot,GWL_WNDPROC,(long)NewWndProc);
  ExitThread(0);
}

// procedura de fereastra noua
LRESULT CALLBACK NewWndProc(HWND hWnd,UINT Message,WPARAM wParam,LPARAM lParam)
{
  switch(Message)
  {
    case WM_COMMAND: // mesajul pe care il primeste fereastra
    {
      if(wParam==2000)
      {
        MessageBox(HWND_DESKTOP, "Ai selectat meniul nou!","Tutorial",MB_OK);
      }
    }
  }
// trimitem mesajele mai departe catre procedura de fereastra originala
  return CallWindowProc((WNDPROC)OldWndProc,hWnd,Message,wParam,lParam);
}


===================

  Cam atat cu acest tutorial. Sper ca ati prins ideea si va va folosi vreodata

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...