I always think that learning c + + is too complex, and there are many types in it, which are too many to distinguish at all. However, most of the online materials are c + +, and some problems are not solved perfectly with other methods (can be used in c, java, python)
Then I decided to do it. Because I had to do c + +, I had to do VC + +, and I had to look at MFC. It took me three days. I was tired. I looked up a lot of information just because of the transformation between different types
Well, start dll injection, start with Notepad, and use c ා and easyhook to do it easily. An injection program, an injected dll
Then I tossed c + +, injected it and communicated with the main program, and then I worked it out together. It really hurt my mind. It's mainly about types. Compared with novices, most of the information on the Internet is too rough, and I don't know what the types of variables are
I'll post the complete code. First, I'll write a dll in c + +, which is ready to be injected into Notepad. It's easy to create a new dll. I'll use vs2015 to directly build an empty c + + project, and add a cpp file to start writing. I'm not sure if the novice will add it, but I can only describe it now. The code has some comments. Type The main function is to send WM to the main process (the window title is MFC3) after being injected_ COPYDATA message hello world
The COPYDATASTRUCT structure has been working for me for a day, and the code that has been spelled out continuously in the end is mostly MFC on the Internet, but I just want to work it out in C + +
//#include "stdafx.h"; #include <iostream>; using namespace std; #include <windows.h>; #include <tlhelp32.h>; #include <tchar.h>; BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam); HWND GetMainWindow(); void MyPostMessage(HWND hWnd); DWORD WINAPI MyThreadProc1( LPVOID pParam ); DWORD WINAPI MyThreadProc2( LPVOID pParam ); BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { switch ( ul_reason_for_call ) { case DLL_PROCESS_ATTACH: { MessageBox( NULL, "DLL Target process entered.", "information", MB_ICONINFORMATION ); DWORD dwThreadId; HANDLE myThread1 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc1, NULL, 0, &dwThreadId); HANDLE myThread2 = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MyThreadProc2, NULL, 0, &dwThreadId); break; } case DLL_PROCESS_DETACH: { MessageBox( NULL, "DLL Uninstalled from target process.", "information", MB_ICONINFORMATION ); break; } } return TRUE; } DWORD WINAPI MyThreadProc1( LPVOID pParam ) { MessageBox( NULL, "DLL Entered thread 1.", "information", MB_ICONINFORMATION ); return 0; } DWORD WINAPI MyThreadProc2( LPVOID pParam ) { //MessageBox( NULL, "DLL Entered thread 2.", "information", MB_ICONINFORMATION ); //HWND hWnd = GetMainWindow(); //if (hWnd) // hWnd = ::FindWindowEx(hWnd, 0, TEXT("EDIT"), NULL); //if (hWnd) //{ // //MessageBox(hWnd, TEXT("Start injection"), TEXT("Tips"), MB_OK); // MyPostMessage(hWnd); //} //else //{ // MessageBox(hWnd, TEXT("Notepad does not exist"), TEXT("Tips"), MB_OK); //} const char szDlgTitle[] = "MFC3"; string m_msg = "hello world \r\n" ; HWND pWnd = ::FindWindow(NULL, szDlgTitle); if (pWnd) { string strData = "hello world"; COPYDATASTRUCT CopyData; CopyData.dwData = 0; CopyData.cbData = strData.size() + 1; CopyData.lpData = (void*)strData.c_str(); SendMessage(pWnd, WM_COPYDATA, 0, (LPARAM)&CopyData); } else MessageBox(NULL, "No such Things.. ", "information", MB_ICONINFORMATION); return 0; } BOOL CALLBACK EnumWindowsProc(HWND hwnd, LPARAM lParam) { DWORD dwCurProcessId = *((DWORD*)lParam); DWORD dwProcessId = 0; GetWindowThreadProcessId(hwnd, &dwProcessId); if (dwProcessId == dwCurProcessId && GetParent(hwnd) == NULL) { *((HWND *)lParam) = hwnd; return FALSE; } return TRUE; } HWND GetMainWindow() { DWORD dwCurrentProcessId = GetCurrentProcessId(); if (!EnumWindows(EnumWindowsProc, (LPARAM)&dwCurrentProcessId)) { return (HWND)dwCurrentProcessId; } return NULL; } void MyPostMessage(HWND hWnd) { for (int i = 0; i < 25; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 33; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 17; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 23; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L']', 1); for (int i = 0; i < 19; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 12; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 27; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L']', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 8; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 35; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 35; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 87; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 89; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 90; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 91; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 94; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); for (int i = 0; i < 93; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 92; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 90; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'^', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 88; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } for (int i = 0; i < 88; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 4; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 86; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L' ', 1); PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 84; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 3; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 80; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 5; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 8; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 78; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 76; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 7; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 72; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 9; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 12; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'=', 1); for (int i = 0; i < 70; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'^', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 67; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 11; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 64; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 13; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 17; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 60; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); for (int i = 0; i < 15; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 18; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 58; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 20; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 54; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 18; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 50; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 20; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 46; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 26; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 24; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 28; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 37; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 26; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 30; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 32; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'[', 1); for (int i = 0; i < 29; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 33; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 27; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 31; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 36; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 22; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 34; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 16; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'[', 1); for (int i = 0; i < 37; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\\', 1); for (int i = 0; i < 10; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'/', 1); PostMessageW(hWnd, WM_CHAR, L'.', 1); for (int i = 0; i < 39; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 44; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L',', 1); for (int i = 0; i < 6; i++) { PostMessageW(hWnd, WM_CHAR, L'O', 1); } PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 42; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); for (int i = 0; i < 46; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'.', 1); PostMessageW(hWnd, WM_CHAR, L'\\', 1); PostMessageW(hWnd, WM_CHAR, L'O', 1); PostMessageW(hWnd, WM_CHAR, L'`', 1); for (int i = 0; i < 44; i++) { PostMessageW(hWnd, WM_CHAR, L' ', 1); } PostMessageW(hWnd, WM_CHAR, L'\n', 1); }
Let's talk about the injection program. It's done with MFC. It's completely confused with c + +. Come on a little bit. Find the introductory tutorial and show the window. Let's talk about a few points
#include <tlhelp32.h>;
#include <windows.h>;
This import must be put at the back. If there is no error, it says that windows.h has been imported once
At begin_ MESSAGE_ Register the following event on in map_ WM_ Copydata() before you can write the following code
Under the influence of c ා, I think the name of the control can be directly used in the code, but MFC wants to add variables. Right click the control to add variables, and then you can use the variable to use the control in the code
MFC is a little less convenient than c ා this kind of use. Just how to build a project with only windows, I have studied for a long time. In the project wizard of MFC, I remember to select a lot of things based on dialog box or not in the program type
You can write forms in C + +, but it's more troublesome than MFC, but I'll try it! , the code of the whole main window is as follows:
// MFC3Dlg.cpp : Implementation file // #include <iostream>; //using namespace std; //#include <tchar.h>; #include "stdafx.h" #include "MFC3.h" #include "MFC3Dlg.h" #include "afxdialogex.h" #include <tlhelp32.h>; #include <windows.h>; #ifdef _DEBUG #define new DEBUG_NEW #endif // CMFC3Dlg dialog box CMFC3Dlg::CMFC3Dlg(CWnd* pParent /*=NULL*/) : CDialogEx(IDD_MFC3_DIALOG, pParent) , frmA(0) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CMFC3Dlg::DoDataExchange(CDataExchange* pDX) { CDialogEx::DoDataExchange(pDX); DDX_Control(pDX, IDC_EDIT1, m_editMultiLine); } BEGIN_MESSAGE_MAP(CMFC3Dlg, CDialogEx) ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BUTTON1, &CMFC3Dlg::OnBnClickedButton1) ON_BN_CLICKED(IDC_BUTTON2, &CMFC3Dlg::OnBnClickedButton2) ON_WM_COPYDATA() ON_BN_CLICKED(IDC_BUTTON3, &CMFC3Dlg::OnBnClickedButton3) END_MESSAGE_MAP() // CMFC3Dlg Message handler BOOL CMFC3Dlg::OnInitDialog() { CDialogEx::OnInitDialog(); // Set the icon for this dialog box. When the application main window is not a dialog box, the framework will automatically // Do this SetIcon(m_hIcon, TRUE); // Set large icon SetIcon(m_hIcon, FALSE); // Set small icon // TODO: Add additional initialization code here return TRUE; // Returns unless the focus is set to the control TRUE } // If you add a minimize button to a dialog box, you need the following code // To draw the icon. For working with documents/View model's MFC Applications, // This will be done automatically by the framework. void CMFC3Dlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // Device context for drawing SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0); // Center icon in workspace rectangle int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // draw icon dc.DrawIcon(x, y, m_hIcon); } else { CDialogEx::OnPaint(); } } //When the user drags the minimized window, the system calls this function to get the cursor //Display. HCURSOR CMFC3Dlg::OnQueryDragIcon() { return static_cast<HCURSOR>(m_hIcon); } void CMFC3Dlg::OnBnClickedButton1() { // TODO: Add control notification handler code here CString Cedit = _T("hello world \r\n"); AfxGetMainWnd()->SetWindowText(L"Your title"); CString c2; m_editMultiLine.GetWindowTextW(c2); m_editMultiLine.SetWindowTextW ( c2+ Cedit); UpdateData(FALSE); m_editMultiLine.LineScroll(m_editMultiLine.GetLineCount() - 1, 0); } void CMFC3Dlg::OnBnClickedButton2() { // TODO: Add control notification handler code here CString str =_T( "MFC3"); CString m_msg=_T("hello world \r\n"); CWnd * pWnd = CWnd::FindWindow(NULL, str); UpdateData(TRUE); if (pWnd) { COPYDATASTRUCT cpd; cpd.dwData = 0; cpd.cbData = m_msg.GetLength(); cpd.lpData = (void*)str.GetBuffer(cpd.cbData); pWnd->SendMessage(WM_COPYDATA, 0, (LPARAM)&cpd); str.ReleaseBuffer(); } else MessageBox(_T("No such Things.")); } BOOL CMFC3Dlg::OnCopyData(CWnd* pWnd, COPYDATASTRUCT* pCopyDataStruct) { std::string str = (char*)pCopyDataStruct->lpData; CString c2; m_editMultiLine.GetWindowTextW(c2); c2 += "\r\n"; c2+= str.c_str() ; m_editMultiLine.SetWindowTextW(c2); return CDialog::OnCopyData(pWnd, pCopyDataStruct); } // Enhance process access bool enableDebugPriv() { HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken) ) { return false; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) { CloseHandle(hToken); return false; } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = sedebugnameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) { CloseHandle(hToken); return false; } return true; } // Get process by process name ID,If there are multiple running instances,Returns the ID DWORD processNameToId(LPCTSTR lpszProcessName) { HANDLE hSnapshot = CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0); PROCESSENTRY32 pe; pe.dwSize = sizeof(PROCESSENTRY32); if (!Process32First(hSnapshot, &pe)) { MessageBox(NULL, L"The frist entry of the process list has not been copyied to the buffer", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } while (Process32Next(hSnapshot, &pe)) { if (!wcscmp(lpszProcessName, pe.szExeFile )) { return pe.th32ProcessID; } } return 0; } LPCWSTR stringToLPCWSTR(std::string orig) { size_t origsize = orig.length() + 1; const size_t newsize = 100; size_t convertedChars = 0; wchar_t *wcstring = (wchar_t *)malloc(sizeof(wchar_t) *(orig.length() - 1)); mbstowcs_s(&convertedChars, wcstring, origsize, orig.c_str(), _TRUNCATE); return wcstring; } int dll_inject() { // Define the size of the thread body const DWORD dwThreadSize = 5 * 1024; DWORD dwWriteBytes; // Promote process access //enableDebugPriv(); // Waiting for process name,Pay attention to case matching //std::cout << "Please input the name of target process !" << std::endl; //LPCTSTR szExeName = "notepad.exe"; LPCTSTR szExeName = L"notepad.exe"; DWORD dwProcessId = processNameToId(szExeName); if (dwProcessId == 0) { MessageBox(NULL, L"The target process have not been found !", L"Notice", MB_ICONINFORMATION | MB_OK ); return -1; } // According to the process ID Get process handle HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); if (!hTargetProcess) { MessageBox(NULL, L"Open target process failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } // Open up a storage area for thread body in host process // You need to pay attention here MEM_COMMIT Memory mismatch type and PAGE_EXECUTE_READWRITE Memory protection type // Please refer to MSDN About VirtualAllocEx Description of the function. void* pRemoteThread = VirtualAllocEx(hTargetProcess, 0, dwThreadSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (!pRemoteThread) { MessageBox(NULL, L"Alloc memory in target process failed !", L"notice", MB_ICONINFORMATION | MB_OK ); return 0; } // Set what needs to be injected DLL name char szDll[256]; memset(szDll, 0, 256); strcpy_s(szDll, "F:\\work\\code\\C++Pro\\x64\\Debug\\injectionDll.dll"); // Copy injection DLL Content to host space if (!WriteProcessMemory(hTargetProcess, pRemoteThread, (LPVOID)szDll, dwThreadSize, 0)) { MessageBox(NULL, L"Write data to target process failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); //::VirtualFreeEx(hTargetProcess, ptszRemoteBuf, dwSize, MEM_DECOMMIT); //::CloseHandle(hTargetProcess); return 0; } LPVOID pFunc = LoadLibraryA; //Create thread in host process HANDLE hRemoteThread = CreateRemoteThread(hTargetProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pFunc, pRemoteThread, 0, &dwWriteBytes); if (!hRemoteThread) { MessageBox(NULL, L"Create remote thread failed !", L"Notice", MB_ICONINFORMATION | MB_OK ); return 0; } // wait for LoadLibraryA Loading completed WaitForSingleObject(hRemoteThread, INFINITE); VirtualFreeEx(hTargetProcess, pRemoteThread, dwThreadSize, MEM_COMMIT); CloseHandle(hRemoteThread); CloseHandle(hTargetProcess); return 0; } void CMFC3Dlg::OnBnClickedButton3() { // TODO: Add control notification handler code here dll_inject(); }