gusucode.com > VC++ 实现在其它程序窗口上创建按钮并控制-源码程序 > VC++ 实现在其它程序窗口上创建按钮并控制-源码程序\code\Rt_Ctrl\main.cpp
//Download by http://www.NewXing.com
//注入程序代码
#include "main.h"
BOOL WINAPI DllMain(HANDLE hInstance, ULONG Command, LPVOID Reserved)
{
return TRUE;
}
#pragma check_stack(off)
static DWORD WINAPI RemoteControlThread(LPVOID lpvoid)
{
try{
LPINJECT_DLL lpInject = (LPINJECT_DLL)lpvoid;
if (!lpInject){
return 0xffffffff;
}
HMODULE hMod = lpInject->prcLoadLib(lpInject->szLibPath);
if (!hMod){
return 0xfffffffe;
}
// #ifdef _UNICODE
// LPINIT_BTN Init_Btn = (LPINIT_BTN)lpInject->prcGetProcAddr(hMod, TEXT("RC_InitBtnW"));
// #else
LPINIT_BTN Init_Btn = (LPINIT_BTN)lpInject->prcGetProcAddr(hMod, MAKEINTRESOURCE(1));//TEXT("RC_InitBtnA"));
// #endif
if (!Init_Btn){
lpInject->prcFreeLib(hMod);
return 0xfffffffd;
}
if (!Init_Btn(lpInject->dwIDBtn, lpInject->szCaptionBtn, lpInject->rtBtn, lpInject->hWnd)){
lpInject->prcFreeLib(hMod);
return 0xfffffffc;
}
/* while (TRUE){
TCHAR szName[128];
wsprintf(szName, TEXT("%08d_%s_zy"), lpInject->hWnd, lpInject->szCaptionBtn);
HANDLE hMutex = z_OpenMutex(MUTEX_ALL_ACCESS, FALSE, szName);
if (hMutex){
CloseHandle(hMutex);
lpInject->prcFreeLib(hMod);
lpInject->prcFreeLib(hKernel32);
return 0;
}
Sleep(1000);
}
*/
lpInject->prcFreeLib(hMod);
// lpInject->prcFreeLib(hKernel32);
// return 0;
}
catch (...){
return 0xfffffffb;
}
return 0;
}
#pragma check_stack
BOOL InjectDLL_Info(LPINJECT_DLL lpInject, LPCSTR lpszLibFile, HWND hWnd, DWORD dwID, LPRECT pRtBtn, LPCTSTR szCaptionBtn)
{
try {
HMODULE hMod = ::GetModuleHandle(TEXT("kernel32"));
#ifdef _UNICODE
lpInject->prcLoadLib = (LPLOADLIBRARY)::GetProcAddress(hMod,TEXT("LoadLibraryW"));
#else
lpInject->prcLoadLib = (LPLOADLIBRARY)::GetProcAddress(hMod,TEXT("LoadLibraryA"));
#endif
lpInject->prcFreeLib = (LPFREELIBRARY)::GetProcAddress(hMod,TEXT("FreeLibrary"));
lpInject->prcGetProcAddr = (LPGETPROCADDRESS)::GetProcAddress(hMod,TEXT("GetProcAddress"));
strcpy(lpInject->szLibPath,lpszLibFile);
lpInject->dwIDBtn = dwID;
lpInject->hWnd = hWnd;
memcpy(&lpInject->rtBtn, pRtBtn, sizeof(RECT));
strcpy(lpInject->szCaptionBtn, szCaptionBtn);
}
catch (...){
return FALSE;
}
return TRUE;
}
BOOL WINAPI RT_CTRL_BTN(LPCSTR lpszLibFile, HWND hWnd, DWORD dwID, LPRECT pRtBtn, LPCTSTR szCaptionBtn)
{
try {
DWORD dwProcessID;
GetWindowThreadProcessId(hWnd, &dwProcessID);
HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION |
PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwProcessID );
if (!hProcess){
return FALSE;
}
INJECT_DLL InjectInfo;
InjectDLL_Info(&InjectInfo, lpszLibFile, hWnd, dwID, pRtBtn, szCaptionBtn);
LPBYTE lpThreadAddr=(LPBYTE)::VirtualAllocEx(hProcess, NULL, MAXINJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
LPINJECT_DLL param = (LPINJECT_DLL) VirtualAllocEx( hProcess, 0, sizeof(INJECT_DLL), MEM_COMMIT, PAGE_READWRITE );
WriteProcessMemory(hProcess, lpThreadAddr,&RemoteControlThread, MAXINJECTSIZE, 0);
WriteProcessMemory( hProcess, param, &InjectInfo, sizeof(InjectInfo), 0 );
DWORD dwThreadId;
HANDLE hThread = ::CreateRemoteThread(hProcess,NULL,0,
(unsigned long (__stdcall *)(void *))lpThreadAddr,
param, 0, &dwThreadId);
if (!hThread){
CloseHandle(hProcess);
VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE );
VirtualFreeEx( hProcess, param, 0, MEM_RELEASE );
return FALSE;
}
else {
CloseHandle(hThread);
CloseHandle(hProcess);
VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE );
VirtualFreeEx( hProcess, param, 0, MEM_RELEASE );
}
}
catch (...){
return FALSE;
}
return TRUE;
}