|
|
效果:
我在学习利用EasyHook的时候,遇到一些坑,也慢慢解决了。
我将采用MarshalByRefObject按引用传递和Serializable按值传递这两种方式实现计算器显示文字的效果
这也是对EasyHook学习的一个过程
第一种方式:利用RemoteHooking.IpcConnectClient和RemoteHooking.IpcCreateServer进行传递
[C#] 纯文本检察 复制代码RemoteHooking.IpcConnectClient(InChannelName);RemoteHooking.IpcCreateServer(ref channelName,WellKnownObjectMode.SingleCall);
第二种方式:利用类的Serializable,并在函数构造时要参加类
[C#] 纯文本检察 复制代码[Serializable]public class FileMonInterface { } public Main(RemoteHooking.IContext context, string InChnnelName, FileMonInterface fmi){ }
两种方式创建的时候Run函数与构造函数的参数都要对应
[C#] 纯文本检察 复制代码public void Run(RemoteHooking.IContext context, string InChannelName)public void Run(RemoteHooking.IContext context, string InChannelName, FileMonInterface fmi)
利用方法:
1、打开软件
2、打开系统计算器
3、点击软件上的注入
4、在计算器任意点击
附上软件界面,很Low
源码: 分为两个类
[C#] 纯文本检察 复制代码using System;using System.Collections.Generic;using System.Linq;using System.Runtime.InteropServices;using System.Text;using System.Threading;using EasyHook;namespace EasyHookDemo{ [Serializable] public class FileMonInterface { } public class Main : EasyHook.IEntryPoint { private LocalHook Hook; [DllImport("user32.dll")] public static extern bool SetWindowText(IntPtr hWnd, string text); [UnmanagedFunctionPointer(CallingConvention.StdCall, SetLastError = true)] public delegate bool DSetWindowText(IntPtr hWnd, string text); public bool SetWindowTextHook(IntPtr hWnd, string text) { return SetWindowText(hWnd, "吾爱破解-wtujoxk"); } #region 第一种方式,按引用传递,MarshalByRefObject public Main(RemoteHooking.IContext context, string InChannelName) { RemoteHooking.IpcConnectClient(InChannelName); } public void Run(RemoteHooking.IContext context, string InChannelName) { Hook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "SetWindowTextW"), new DSetWindowText(SetWindowTextHook), this ); Hook.ThreadACL.SetExclusiveACL(new[] { 0 }); try { while (true) { Thread.Sleep(500); } } catch { } } #endregion #region 第二种方式,按值传递,Serializable public Main(RemoteHooking.IContext context, string InChnnelName, FileMonInterface fmi) { } public void Run(RemoteHooking.IContext context, string InChannelName, FileMonInterface fmi) { Hook = LocalHook.Create( LocalHook.GetProcAddress("user32.dll", "SetWindowTextW"), new DSetWindowText(SetWindowTextHook), this ); Hook.ThreadACL.SetExclusiveACL(new[] { 0 }); try { while (true) { Thread.Sleep(500); } } catch { } } #endregion }}
[C#] 纯文本检察 复制代码using System;using System.Collections.Generic;using System.ComponentModel;using System.Data;using System.Diagnostics;using System.Drawing;using System.Linq;using System.Runtime.Remoting;using System.Text;using System.Windows.Forms;using EasyHook;namespace EasyHookDemo{ public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { int targetPID = 0; string channelName = null; targetPID = Process.GetProcessesByName("calc")[0].Id; #region 第一种方式,按引用传递,MarshalByRefObject //RemoteHooking.IpcCreateServer(ref channelName,WellKnownObjectMode.SingleCall); //RemoteHooking.Inject( // targetPID, // typeof(Main).Assembly.Location, // typeof(Main).Assembly.Location, // channelName //); #endregion #region 第二种方式,按值传递,Serializable,这种方式Dll要在根目录,不知道为什么 FileMonInterface fmi = new FileMonInterface(); RemoteHooking.Inject( targetPID, typeof(Main).Assembly.Location, typeof(Main).Assembly.Location, "这个参数必须要有", fmi ); #endregion } }}
编译好的可执行文件: EasyHookDemo.rar
最后附上工程,为VS2015 .net4.0 环境编写
EasyHookDemo.rar
来源:http://www.12558.net
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
|
|Archiver|手机版|小黑屋|12558网页游戏私服论坛
|网站地图
发表于 2020-9-17 18:10:40