标签:window clu als std virt ios getc 实现 ***
三个模块
1,game.exe,三个方法,控制台输入指令(‘A‘,‘B‘,‘R‘)分别控制三个方法的调用;
2,WGDll.dll,要注入到game进程中的dll文件;
3,myconsole.exe,用来注入dll文件的程序;
先开启game进程,然后用myconsole把dll注入到game,dll模块和myconsole模块利用共享内存实现进程通信,在myconsole的控制台输入指令,dllmokuai接受指令,调用game模块的方法,达到控制game的目的
game模块
#includevoid attack()
{
printf("**********attack**********");
return;
}
void rest()
{
printf("**********rest**********\n");
return;
}
void blood()
{
printf("**********blood**********\n");
return;
}
int main()
{
char orderChar;
printf("**********GAME BEGIN**********\n");
while (1)
{
orderChar = getchar();
switch (orderChar)
{
case ‘A‘:
attack();
break;
case ‘R‘:
rest();
break;
case ‘B‘:
blood();
break;
case ‘Q‘:
printf("**********GAME OVER**********\n");
return 0;
}
}
return 0;
}
dll模块
// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include
#include
#includeusing namespace std;
#define _MAP_ TEXT("gameDll")
#define ATTACK 0x0641740
#define REST 0x0641800
#define BLOOD 0x06417a0
HANDLE hMapFile;
LPTSTR lpBuffer;
TCHAR dwType;
DWORD WINAPI ThreadProc(LPVOID lpParameter)
{
HANDLE hMapFile = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, _MAP_);
if (!hMapFile)
{
printf("OpenMappingFile Error : %d", GetLastError());
return 0;
}
lpBuffer = (LPTSTR)MapViewOfFile(hMapFile, FILE_MAP_ALL_ACCESS, 0, 0, BUFSIZ);
for (;;)
{
Sleep(2000);
if (lpBuffer != NULL)
{
// CopyMemory(&dwType, lpBuffer, 4);
wmemcpy_s(&dwType, 4, lpBuffer, 1);
wcout endl;
}
if (dwType == L‘A‘)
{
//MessageBox(NULL, TEXT("AAAAA"), TEXT("AAAAA"), MB_OK);
__asm
{
mov eax, ATTACK
call eax
}
//dwType = 0;
//CopyMemory(lpBuffer, &dwType, 4);
}
if (dwType == L‘B‘)
{
//MessageBox(NULL, TEXT("BBBBBB"), TEXT("BBBBBBB"), MB_OK);
__asm
{
mov eax, BLOOD
call eax
}
//dwType = 0;
//CopyMemory(lpBuffer, &dwType, 4);
}
if (dwType == L‘R‘)
{
//MessageBox(NULL, TEXT("RRRRRRR"), TEXT("RRRRRRR"), MB_OK);
__asm
{
mov eax, REST
call eax
}
//dwType = 0;
//CopyMemory(lpBuffer, &dwType, 4);
}
if (dwType == L‘Q‘)
{
//MessageBox(NULL, TEXT("QQQQQQQ"), TEXT("QQQQQQ"), MB_OK);
UnmapViewOfFile(lpBuffer);
}
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
MessageBox(NULL, TEXT("hehe"), TEXT("HAHA"), MB_OKCANCEL);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ThreadProc, NULL, 0, NULL);
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
myconsole模块
#include
#include
#include
#include
#includeusing namespace std;
#define _MAP_ TEXT("gameDll")
HANDLE hFileMapping;
LPTSTR lpBuffer;
BOOL init()
{
hFileMapping = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 0x1000, _MAP_);
if (hFileMapping==NULL)
{
printf("create filemapping failed error : %d", GetLastError());
return FALSE;
}
lpBuffer = (LPTSTR)MapViewOfFile(hFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, BUFSIZ);
if (lpBuffer==NULL)
{
printf("create filemappingview failed error : %d", GetLastError());
return FALSE;
}
return TRUE;
}
DWORD GetPid(const TCHAR* pDest)
{
HANDLE hProcessHandle;
PROCESSENTRY32 pe32 = {0};
hProcessHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if (hProcessHandle == INVALID_HANDLE_VALUE)
{
return FALSE;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
//const TCHAR* pDest = TEXT("game.exe");
while (Process32Next(hProcessHandle,&pe32))
{
//printf("%s\n", pe32.szExeFile);
if (wcscmp(pe32.szExeFile,pDest)==0)
{
CloseHandle(hProcessHandle);
return pe32.th32ProcessID;
wcout ":" endl;
}
}
return 0;
}
BOOL LoadDll(DWORD pID,const TCHAR* pName)
{
HANDLE hDestProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
DWORD pLEN = sizeof(WCHAR)*wcslen(pName)+1;
LPVOID lpStart = VirtualAllocEx(hDestProcess, NULL, pLEN, MEM_COMMIT, PAGE_READWRITE);
BOOL bRET = WriteProcessMemory(hDestProcess, lpStart, pName, pLEN, NULL);
if (!bRET)
{
cout "writeprocessmemory failed error : %d" endl;
CloseHandle(hDestProcess);
return FALSE;
}
HMODULE hModule = GetModuleHandle(TEXT("Kernel32.dll"));
if (!hModule)
{
cout "get kernel32 failed error :" endl;
CloseHandle(hDestProcess);
return FALSE;
}
DWORD f = (DWORD)GetProcAddress(hModule, "LoadLibraryW");
if (!f)
{
cout "get loadLibraryA failed error :" endl;
CloseHandle(hDestProcess);
CloseHandle(hModule);
return FALSE;
}
CreateRemoteThread(hDestProcess,NULL,0, (LPTHREAD_START_ROUTINE)f,lpStart,NULL,NULL);
CloseHandle(hDestProcess);
CloseHandle(hModule);
return TRUE;
}
int main()
{
init();
const TCHAR* pName = TEXT("game.exe");
DWORD pid = GetPid(pName);
wcout endl;
TCHAR DLLNAME[] = TEXT("D:\\vs-workspace\\WGDll\\Debug\\WGDll.dll");
TCHAR* DNAME = DLLNAME;
BOOL fl = LoadDll(pid, DNAME);
if (fl)
{
cout "haha" endl;
}
TCHAR gameCmd[] = { L‘A‘,L‘B‘,L‘R‘ };
TCHAR tempp;
int randnum = 0;
for (;;)
{
randnum = rand()%3;
tempp = gameCmd[randnum];
wcout endl;
CopyMemory(lpBuffer, &tempp,4);
wmemcpy_s(lpBuffer, 4, &tempp, 1);
Sleep(2000);
}
getchar();
return 0;
}
Windows进程通信-共享内存空间
标签:window clu als std virt ios getc 实现 ***
原文地址:https://www.cnblogs.com/a-s-m/p/12297825.html