www.gusucode.com > VC编写的千年封包捕获工具源码程序 > VC编写的千年封包捕获工具源码程序/code/Y1000HookPacket/Y1000HookPacketDlg.cpp
// Y1000HookPacketDlg.cpp : 实现文件
// Download by http://www.NewXing.com
#include "stdafx.h"
#include "Y1000HookPacket.h"
#include "Y1000HookPacketDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
// 用于应用程序“关于”菜单项的 CAboutDlg 对话框
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// 对话框数据
enum { IDD = IDD_ABOUTBOX };
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
// 实现
protected:
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
END_MESSAGE_MAP()
// CY1000HookPacketDlg 对话框
CY1000HookPacketDlg::CY1000HookPacketDlg(CWnd* pParent /*=NULL*/)
: CDialog(CY1000HookPacketDlg::IDD, pParent)
{
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CY1000HookPacketDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
}
BEGIN_MESSAGE_MAP(CY1000HookPacketDlg, CDialog)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
//}}AFX_MSG_MAP
ON_BN_CLICKED(IDC_BUTTON_START, &CY1000HookPacketDlg::OnBnClickedButtonStart)
ON_BN_CLICKED(IDC_BUTTON_EXIT, &CY1000HookPacketDlg::OnBnClickedButtonExit)
END_MESSAGE_MAP()
// CY1000HookPacketDlg 消息处理程序
BOOL CY1000HookPacketDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// 将“关于...”菜单项添加到系统菜单中。
// IDM_ABOUTBOX 必须在系统命令范围内。
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
BOOL bNameValid;
CString strAboutMenu;
bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
ASSERT(bNameValid);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动
// 执行此操作
SetIcon(m_hIcon, TRUE); // 设置大图标
SetIcon(m_hIcon, FALSE); // 设置小图标
// TODO: 在此添加额外的初始化代码
SetWindowText("千年3封包捕获工具");//设置装口
return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
}
void CY1000HookPacketDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// 如果向对话框添加最小化按钮,则需要下面的代码
// 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序,
// 这将由框架自动完成。
void CY1000HookPacketDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // 用于绘制的设备上下文
SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
// 使图标在工作区矩形中居中
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// 绘制图标
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
//当用户拖动最小化窗口时系统调用此函数取得光标
//显示。
HCURSOR CY1000HookPacketDlg::OnQueryDragIcon()
{
return static_cast<HCURSOR>(m_hIcon);
}
void CY1000HookPacketDlg::OnBnClickedButtonStart()
{
// TODO: 在此添加控件通知处理程序代码
STARTUPINFO si={0};
PROCESS_INFORMATION pi={0};
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
TCHAR *szCmdLine="Client.exe 125.64.2.47 3334 26 1";
if(CreateProcess(NULL,szCmdLine, 0, 0, 0, CREATE_NEW_CONSOLE | NORMAL_PRIORITY_CLASS, 0, 0, &si, &pi))
{
CString strDllFile = pathfileFun::GetAppPath() + "Y1000Packet.dll";
//ResumeThread(pi.hThread);
Sleep(200);
HookProcess(pi.dwProcessId,strDllFile);
}
}
void CY1000HookPacketDlg::OnBnClickedButtonExit()
{
exit(0);
}
//调整进程权限
bool CY1000HookPacketDlg::EnablePrivilege(TCHAR* PrivilegeName,BOOL IsEnable)
{
HANDLE hToken;
TOKEN_PRIVILEGES tp;
LUID luid;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_READ,&hToken))
{
return false;
}
if(!LookupPrivilegeValue(NULL, PrivilegeName, &luid))
{
return false;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = (IsEnable) ? SE_PRIVILEGE_ENABLED : 0;
BOOL bSucc = AdjustTokenPrivileges(hToken,FALSE,&tp,NULL,NULL,NULL);
CloseHandle(hToken);
return (GetLastError() == ERROR_SUCCESS);
}
//将指定dll注入指定进程
bool CY1000HookPacketDlg::HookProcess(DWORD dwProcessId,CStringA szDllPath)
{
HANDLE hRemoteProcess = NULL;
HANDLE hRemoteThread = NULL;
HANDLE hRemoteFunc = NULL;
PVOID pRemoteParam = NULL;
DWORD dwWriten = 0;
BOOL bRet = FALSE;
char szDllPathCopy[256] = {0};
lstrcpyA(szDllPathCopy,szDllPath);
EnablePrivilege(SE_DEBUG_NAME,true);
hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId);
if(hRemoteProcess == NULL)
{
EnablePrivilege(SE_DEBUG_NAME,false);
return false;
}
int iSize = (int)strlen(szDllPath);
pRemoteParam = VirtualAllocEx(hRemoteProcess,NULL,iSize,MEM_COMMIT,PAGE_READWRITE);
if(pRemoteParam == NULL)
{
EnablePrivilege(SE_DEBUG_NAME,false);
return false;
}
bRet = WriteProcessMemory(hRemoteProcess,pRemoteParam,(LPVOID)szDllPathCopy,iSize,&dwWriten);
if(!bRet)
{
if (pRemoteParam)
VirtualFreeEx(hRemoteProcess,pRemoteParam,0,MEM_RELEASE);
EnablePrivilege(SE_DEBUG_NAME,false);
return false;
}
hRemoteFunc = GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibraryA");
hRemoteThread = CreateRemoteThread(hRemoteProcess,0,0,(LPTHREAD_START_ROUTINE)hRemoteFunc,pRemoteParam,0,&dwWriten);
EnablePrivilege(SE_DEBUG_NAME,false);
// 等待线程结束
if (hRemoteThread)
{
WaitForSingleObject(hRemoteThread,INFINITE);
HMODULE g_hRemoteHandle;
GetExitCodeThread(hRemoteThread,(DWORD*)&g_hRemoteHandle);
}
// 清理工作
if(pRemoteParam)
VirtualFreeEx(hRemoteProcess, pRemoteParam,0,MEM_RELEASE);
CloseHandle(hRemoteProcess);
return true;
}