C# EasyHook MessageBox 示例(极简而全)
2021-05-01 09:26
标签:nap tostring sap 成功 lob win64 obj ssi emulator 完整代码,原创无藏私,绝对实用。Windows10 X64 下调试通过,对 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 注入后,长时间运行稳定,未见异常。 要注入的全局dll(需强命名): 注入主程序: 完整代码下载地址:http://download.csdn.net/download/nanfei01055/9999598 C# EasyHook MessageBox 示例(极简而全) 标签:nap tostring sap 成功 lob win64 obj ssi emulator 原文地址:http://www.cnblogs.com/nanfei/p/7787645.htmlusing System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using EasyHook;
using System.Threading;
using System.Diagnostics;
using System.Windows.Forms;
namespace ClassLibrary1
{
[Serializable]
public class HookParameter
{
public string Msg { get; set; }
public int HostProcessId { get; set; }
}
public class Main : EasyHook.IEntryPoint
{
public LocalHook MessageBoxWHook = null;
public LocalHook MessageBoxAHook = null;
public Main(
RemoteHooking.IContext context,
String channelName
, HookParameter parameter
)
{
MessageBox.Show(parameter.Msg, "Hooked");
}
public void Run(
RemoteHooking.IContext context,
String channelName
, HookParameter parameter
)
{
try
{
MessageBoxWHook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "MessageBoxW"),
new DMessageBoxW(MessageBoxW_Hooked),
this);
MessageBoxWHook.ThreadACL.SetExclusiveACL(new Int32[1]);
MessageBoxAHook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "MessageBoxA"),
new DMessageBoxW(MessageBoxA_Hooked),
this);
MessageBoxAHook.ThreadACL.SetExclusiveACL(new Int32[1]);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
try
{
while (true)
{
Thread.Sleep(10);
}
}
catch
{
}
}
#region MessageBoxW
[DllImport("user32.dll", EntryPoint = "MessageBoxW", CharSet = CharSet.Unicode)]
public static extern IntPtr MessageBoxW(int hWnd, string text, string caption, uint type);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode)]
delegate IntPtr DMessageBoxW(int hWnd, string text, string caption, uint type);
static IntPtr MessageBoxW_Hooked(int hWnd, string text, string caption, uint type)
{
return MessageBoxW(hWnd, "Hooked - " + text, "Hooked - " + caption, type);
}
#endregion
#region MessageBoxA
[DllImport("user32.dll", EntryPoint = "MessageBoxA", CharSet = CharSet.Ansi)]
public static extern IntPtr MessageBoxA(int hWnd, string text, string caption, uint type);
[UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr DMessageBoxA(int hWnd, string text, string caption, uint type);
static IntPtr MessageBoxA_Hooked(int hWnd, string text, string caption, uint type)
{
return MessageBoxA(hWnd, "Hooked - " + text, "Hooked - " + caption, type);
}
#endregion
}
}
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Threading;
using System.Reflection;
using ClassLibrary1;
using EasyHook;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace WindowsFormsApplication8
{
public partial class Form1 : Form
{
[DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool IsWow64Process([In] IntPtr process, [Out] out bool wow64Process);
public Form1()
{
InitializeComponent();
}
private bool RegGACAssembly()
{
var dllName = "EasyHook.dll";
var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
if (!System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
{
new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
Thread.Sleep(100);
}
dllName = "ClassLibrary1.dll";
dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath);
if (!System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
{
new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
Thread.Sleep(100);
}
return true;
}
private static bool InstallHookInternal(int processId)
{
try
{
var parameter = new HookParameter
{
Msg = "已经成功注入目标进程",
HostProcessId = RemoteHooking.GetCurrentProcessId()
};
RemoteHooking.Inject(
processId,
InjectionOptions.Default,
typeof(HookParameter).Assembly.Location,
typeof(HookParameter).Assembly.Location,
string.Empty,
parameter
);
}
catch (Exception ex)
{
Debug.Print(ex.ToString());
return false;
}
return true;
}
private static bool IsWin64Emulator(int processId)
{
var process = Process.GetProcessById(processId);
if (process == null)
return false;
if ((Environment.OSVersion.Version.Major > 5)
|| ((Environment.OSVersion.Version.Major == 5) && (Environment.OSVersion.Version.Minor >= 1)))
{
bool retVal;
return !(IsWow64Process(process.Handle, out retVal) && retVal);
}
return false; // not on 64-bit Windows Emulator
}
private void button1_Click(object sender, EventArgs e)
{
var p = Process.GetProcessById(int.Parse(textBox1.Text));
if (p == null)
{
MessageBox.Show("指定的进程不存在!");
return;
}
if(IsWin64Emulator(p.Id) != IsWin64Emulator(Process.GetCurrentProcess().Id))
{
var currentPlat = IsWin64Emulator(Process.GetCurrentProcess().Id) ? 64 : 32;
var targetPlat = IsWin64Emulator(p.Id) ? 64 : 32;
MessageBox.Show(string.Format("当前程序是{0}位程序,目标进程是{1}位程序,请调整编译选项重新编译后重试!", currentPlat, targetPlat));
return;
}
RegGACAssembly();
InstallHookInternal(p.Id);
}
private void Form1_Load(object sender, EventArgs e)
{
}
}
}
文章标题:C# EasyHook MessageBox 示例(极简而全)
文章链接:http://soscw.com/essay/80800.html