实现方法
采用将动态连接库注入到其他进程中的方法来实现。
为了便于选择窗口,我借用了另一个程序"2000下显示带*号"来选择窗口。如果要在98下实现你可用钩子同样实现。程序运行界面如下图:
将动态连接库注入其他进程的代码如下:
BOOL WINAPI RT_CTRL_BTN(LPCSTR lpszLibFile, HWND hWnd, DWORD dwID, LPRECT pRtBtn, LPCTSTR szCaptionBtn) { try { DWORD dwProcessID; GetWindowThreadProcessId(hWnd, &dwProcessID); HANDLE hProcess = OpenProcess( PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwProcessID ); if (!hProcess){ return FALSE; } INJECT_DLL InjectInfo; InjectDLL_Info(&InjectInfo, lpszLibFile, hWnd, dwID, pRtBtn, szCaptionBtn); LPBYTE lpThreadAddr=(LPBYTE)::VirtualAllocEx(hProcess, NULL, MAXINJECTSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE); LPINJECT_DLL param = (LPINJECT_DLL) VirtualAllocEx( hProcess, 0, sizeof(INJECT_DLL), MEM_COMMIT, PAGE_READWRITE ); WriteProcessMemory(hProcess, lpThreadAddr,&RemoteControlThread, MAXINJECTSIZE, 0); WriteProcessMemory( hProcess, param, &InjectInfo, sizeof(InjectInfo), 0 ); DWORD dwThreadId; HANDLE hThread = ::CreateRemoteThread(hProcess,NULL,0, (unsigned long (__stdcall *)(void *))lpThreadAddr, param, 0, &dwThreadId); if (!hThread){ CloseHandle(hProcess); VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE ); VirtualFreeEx( hProcess, param, 0, MEM_RELEASE ); return FALSE; } else { CloseHandle(hThread); CloseHandle(hProcess); VirtualFreeEx( hProcess, lpThreadAddr, 0, MEM_RELEASE ); VirtualFreeEx( hProcess, param, 0, MEM_RELEASE ); } } catch (...){ return FALSE; } return TRUE; }环境:win2000 professional + VC6.0+SP5 + PlatformSDK 2001.8