C# EasyHook MessageBox 示例(極簡而全)
阿新 • • 發佈:2017-11-05
null ase form spa minor textbox type hwnd 重新編譯
完整代碼,原創無藏私,絕對實用。Windows10 X64 下調試通過,對 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 註入後,長時間運行穩定,未見異常。
要註入的全局dll(需強命名):
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Runtime.InteropServices; using EasyHook; using System.Threading; using System.Diagnostics;using System.Windows.Forms; namespace ClassLibrary1 { [Serializable] public class HookParameter { public string Msg { get; set; } public int HostProcessId { get; set; } } public class Main : EasyHook.IEntryPoint { public LocalHook MessageBoxWHook = null; public LocalHook MessageBoxAHook = null; public Main( RemoteHooking.IContext context, String channelName , HookParameter parameter ) { MessageBox.Show(parameter.Msg, "Hooked"); } public void Run( RemoteHooking.IContext context, String channelName , HookParameter parameter ) {try { MessageBoxWHook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "MessageBoxW"), new DMessageBoxW(MessageBoxW_Hooked), this); MessageBoxWHook.ThreadACL.SetExclusiveACL(new Int32[1]); MessageBoxAHook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "MessageBoxA"), new DMessageBoxW(MessageBoxA_Hooked), this); MessageBoxAHook.ThreadACL.SetExclusiveACL(new Int32[1]); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } try { while (true) { Thread.Sleep(10); } } catch { } } #region MessageBoxW [DllImport("user32.dll", EntryPoint = "MessageBoxW", CharSet = CharSet.Unicode)] public static extern IntPtr MessageBoxW(int hWnd, string text, string caption, uint type); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode)] delegate IntPtr DMessageBoxW(int hWnd, string text, string caption, uint type); static IntPtr MessageBoxW_Hooked(int hWnd, string text, string caption, uint type) { return MessageBoxW(hWnd, "Hooked - " + text, "Hooked - " + caption, type); } #endregion #region MessageBoxA [DllImport("user32.dll", EntryPoint = "MessageBoxA", CharSet = CharSet.Ansi)] public static extern IntPtr MessageBoxA(int hWnd, string text, string caption, uint type); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)] delegate IntPtr DMessageBoxA(int hWnd, string text, string caption, uint type); static IntPtr MessageBoxA_Hooked(int hWnd, string text, string caption, uint type) { return MessageBoxA(hWnd, "Hooked - " + text, "Hooked - " + caption, type); } #endregion } }
註入主程序:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using System.IO; using System.Threading; using System.Reflection; using ClassLibrary1; using EasyHook; using System.Diagnostics; using System.Runtime.InteropServices; namespace WindowsFormsApplication8 { public partial class Form1 : Form { [DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)] [return: MarshalAs(UnmanagedType.Bool)] internal static extern bool IsWow64Process([In] IntPtr process, [Out] out bool wow64Process); public Form1() { InitializeComponent(); } private bool RegGACAssembly() { var dllName = "EasyHook.dll"; var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName); if (!System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath))) { new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath); Thread.Sleep(100); } dllName = "ClassLibrary1.dll"; dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName); new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath); if (!System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath))) { new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath); Thread.Sleep(100); } return true; } private static bool InstallHookInternal(int processId) { try { var parameter = new HookParameter { Msg = "已經成功註入目標進程", HostProcessId = RemoteHooking.GetCurrentProcessId() }; RemoteHooking.Inject( processId, InjectionOptions.Default, typeof(HookParameter).Assembly.Location, typeof(HookParameter).Assembly.Location, string.Empty, parameter ); } catch (Exception ex) { Debug.Print(ex.ToString()); return false; } return true; } private static bool IsWin64Emulator(int processId) { var process = Process.GetProcessById(processId); if (process == null) return false; if ((Environment.OSVersion.Version.Major > 5) || ((Environment.OSVersion.Version.Major == 5) && (Environment.OSVersion.Version.Minor >= 1))) { bool retVal; return !(IsWow64Process(process.Handle, out retVal) && retVal); } return false; // not on 64-bit Windows Emulator } private void button1_Click(object sender, EventArgs e) { var p = Process.GetProcessById(int.Parse(textBox1.Text)); if (p == null) { MessageBox.Show("指定的進程不存在!"); return; } if(IsWin64Emulator(p.Id) != IsWin64Emulator(Process.GetCurrentProcess().Id)) { var currentPlat = IsWin64Emulator(Process.GetCurrentProcess().Id) ? 64 : 32; var targetPlat = IsWin64Emulator(p.Id) ? 64 : 32; MessageBox.Show(string.Format("當前程序是{0}位程序,目標進程是{1}位程序,請調整編譯選項重新編譯後重試!", currentPlat, targetPlat)); return; } RegGACAssembly(); InstallHookInternal(p.Id); } private void Form1_Load(object sender, EventArgs e) { } } }
完整代碼下載地址:http://download.csdn.net/download/nanfei01055/9999598
C# EasyHook MessageBox 示例(極簡而全)