Scribd
Upload
48 views

Dllmain - CPP: Defines The Entry Point For The DLL Application

The document discusses injecting a DLL into a target program to hook its window procedure. It provides C++ code that defines a DllMain function to attach and detach the DLL. When attached, it uses SetWindowLong to hook the target program's window procedure and redirect messages to the DLL's WindowProc function. WindowProc intercepts the WM_CLOSE and WM_COMMAND messages to launch Calculator instead of closing the program or perform other tasks.

Uploaded by

Chocolatebuon
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
48 views

Dllmain - CPP: Defines The Entry Point For The DLL Application

The document discusses injecting a DLL into a target program to hook its window procedure. It provides C++ code that defines a DllMain function to attach and detach the DLL. When attached, it uses SetWindowLong to hook the target program's window procedure and redirect messages to the DLL's WindowProc function. WindowProc intercepts the WM_CLOSE and WM_COMMAND messages to launch Calculator instead of closing the program or perform other tasks.

Uploaded by

Chocolatebuon
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

ý tưởng là Inject vào chuơng trình cần Hook rồi gọi hàm SetWindowLong()

Cpp code:
Lựa chọn code | Ẩn/Hiện code

// dllmain.cpp : Defines the entry point for the DLL


application.
#include "stdafx.h"
DWORD dwOldWndProc = 0;

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam); //


duoc goi tu ham EnumWindow,lparam la tham so truyen tu
enumwindow,hwnd la do win tu truyen khi duyet qua tat ca cac
cua so,ham tra ve true khi van con cua so tiep theo.
HWND ThisHwnd();// lay handle cua chuong trinh dang nap dll
LRESULT CALLBACK WindowProc(HWND hwnd,UINT uMsg,WPARAM
wParam,LPARAM lParam);

BOOL APIENTRY DllMain( HMODULE hModule,


                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    HWND hwndThis = 0;
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:// khi ham LoadLibary duoc goi
        hwndThis = ThisHwnd();//tim handle ma cua so da nap no
        dwOldWndProc = SetWindowLong(hwndThis, GWL_WNDPROC,
(LONG)WindowProc);

break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH://khi ham freelibary
        break;
    }
    return TRUE;
}
//If fdwReason is DLL_PROCESS_ATTACH, lpvReserved is NULL
for dynamic loads and non-NULL for static loads.

//If fdwReason is DLL_PROCESS_DETACH, lpvReserved is NULL if


FreeLibrary has been called or the DLL load failed and non-
NULL if the process is terminating.
LRESULT CALLBACK WindowProc(HWND hwnd,UINT uMsg,WPARAM
wParam,LPARAM lParam)
{
    wchar_t duy[MAX_PATH] = {NULL};
    wchar_t menu_text[MAX_PATH] = {NULL};
    switch(uMsg)
    {
    case WM_CLOSE:
        swprintf_s(duy, MAX_PATH, L"HWND: %i", hwnd);
        WinExec("C:\\Windows\\System32\\calc.exe", NULL);
        break;
    case WM_COMMAND://kick vao menu open
        swprintf_s(duy, MAX_PATH, L"ID: %i, HANDLE: %i", LOWORD(wParam), HIWORD(wParam));
        OutputDebugStringW(duy);
        if(LOWORD(wParam) == 2)
            WinExec("C:\\Windows\\System32\\calc.exe", NULL);
   break;
default:
        return
CallWindowProc((WNDPROC)dwOldWndProc,hwnd,uMsg,wParam,lParam);
        break;
    };
    return 0;
};

HWND ThisHwnd()
{
    HWND hWnd = 0;
    EnumWindows(EnumWindowsProc, (LPARAM)&hWnd);
    return hWnd;
};

BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam)


{
    DWORD dwPid = 0;
    GetWindowThreadProcessId(hwnd, &dwPid);
    if(dwPid == GetCurrentProcessId())
    {
        *((HWND*)lParam) = hwnd;
        return FALSE;
    };
    return TRUE;
};
- Đoạn code này khi có bất cứ hành động nào close (Bấm nút close, bấm vào File/Exit) thì nó tự tạo
calc.exe và ko tự thoát .

You might also like