www.gusucode.com > VC编写的千年封包捕获工具源码程序 > VC编写的千年封包捕获工具源码程序/code/Y1000HookPacket/Y1000HookPacketDlg.cpp
// Y1000HookPacketDlg.cpp : 实现文件 // Download by http://www.NewXing.com #include "stdafx.h" #include "Y1000HookPacket.h" #include "Y1000HookPacketDlg.h" #ifdef _DEBUG #define new DEBUG_NEW #endif // 用于应用程序“关于”菜单项的 CAboutDlg 对话框 class CAboutDlg : public CDialog { public: CAboutDlg(); // 对话框数据 enum { IDD = IDD_ABOUTBOX }; protected: virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 // 实现 protected: DECLARE_MESSAGE_MAP() }; CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD) { } void CAboutDlg::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); } BEGIN_MESSAGE_MAP(CAboutDlg, CDialog) END_MESSAGE_MAP() // CY1000HookPacketDlg 对话框 CY1000HookPacketDlg::CY1000HookPacketDlg(CWnd* pParent /*=NULL*/) : CDialog(CY1000HookPacketDlg::IDD, pParent) { m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CY1000HookPacketDlg::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); } BEGIN_MESSAGE_MAP(CY1000HookPacketDlg, CDialog) ON_WM_SYSCOMMAND() ON_WM_PAINT() ON_WM_QUERYDRAGICON() //}}AFX_MSG_MAP ON_BN_CLICKED(IDC_BUTTON_START, &CY1000HookPacketDlg::OnBnClickedButtonStart) ON_BN_CLICKED(IDC_BUTTON_EXIT, &CY1000HookPacketDlg::OnBnClickedButtonExit) END_MESSAGE_MAP() // CY1000HookPacketDlg 消息处理程序 BOOL CY1000HookPacketDlg::OnInitDialog() { CDialog::OnInitDialog(); // 将“关于...”菜单项添加到系统菜单中。 // IDM_ABOUTBOX 必须在系统命令范围内。 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); ASSERT(IDM_ABOUTBOX < 0xF000); CMenu* pSysMenu = GetSystemMenu(FALSE); if (pSysMenu != NULL) { BOOL bNameValid; CString strAboutMenu; bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX); ASSERT(bNameValid); if (!strAboutMenu.IsEmpty()) { pSysMenu->AppendMenu(MF_SEPARATOR); pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); } } // 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动 // 执行此操作 SetIcon(m_hIcon, TRUE); // 设置大图标 SetIcon(m_hIcon, FALSE); // 设置小图标 // TODO: 在此添加额外的初始化代码 SetWindowText("千年3封包捕获工具");//设置装口 return TRUE; // 除非将焦点设置到控件,否则返回 TRUE } void CY1000HookPacketDlg::OnSysCommand(UINT nID, LPARAM lParam) { if ((nID & 0xFFF0) == IDM_ABOUTBOX) { CAboutDlg dlgAbout; dlgAbout.DoModal(); } else { CDialog::OnSysCommand(nID, lParam); } } // 如果向对话框添加最小化按钮,则需要下面的代码 // 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序, // 这将由框架自动完成。 void CY1000HookPacketDlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // 用于绘制的设备上下文 SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0); // 使图标在工作区矩形中居中 int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // 绘制图标 dc.DrawIcon(x, y, m_hIcon); } else { CDialog::OnPaint(); } } //当用户拖动最小化窗口时系统调用此函数取得光标 //显示。 HCURSOR CY1000HookPacketDlg::OnQueryDragIcon() { return static_cast<HCURSOR>(m_hIcon); } void CY1000HookPacketDlg::OnBnClickedButtonStart() { // TODO: 在此添加控件通知处理程序代码 STARTUPINFO si={0}; PROCESS_INFORMATION pi={0}; si.cb = sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = SW_SHOW; TCHAR *szCmdLine="Client.exe 125.64.2.47 3334 26 1"; if(CreateProcess(NULL,szCmdLine, 0, 0, 0, CREATE_NEW_CONSOLE | NORMAL_PRIORITY_CLASS, 0, 0, &si, &pi)) { CString strDllFile = pathfileFun::GetAppPath() + "Y1000Packet.dll"; //ResumeThread(pi.hThread); Sleep(200); HookProcess(pi.dwProcessId,strDllFile); } } void CY1000HookPacketDlg::OnBnClickedButtonExit() { exit(0); } //调整进程权限 bool CY1000HookPacketDlg::EnablePrivilege(TCHAR* PrivilegeName,BOOL IsEnable) { HANDLE hToken; TOKEN_PRIVILEGES tp; LUID luid; if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY | TOKEN_READ,&hToken)) { return false; } if(!LookupPrivilegeValue(NULL, PrivilegeName, &luid)) { return false; } tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = (IsEnable) ? SE_PRIVILEGE_ENABLED : 0; BOOL bSucc = AdjustTokenPrivileges(hToken,FALSE,&tp,NULL,NULL,NULL); CloseHandle(hToken); return (GetLastError() == ERROR_SUCCESS); } //将指定dll注入指定进程 bool CY1000HookPacketDlg::HookProcess(DWORD dwProcessId,CStringA szDllPath) { HANDLE hRemoteProcess = NULL; HANDLE hRemoteThread = NULL; HANDLE hRemoteFunc = NULL; PVOID pRemoteParam = NULL; DWORD dwWriten = 0; BOOL bRet = FALSE; char szDllPathCopy[256] = {0}; lstrcpyA(szDllPathCopy,szDllPath); EnablePrivilege(SE_DEBUG_NAME,true); hRemoteProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,dwProcessId); if(hRemoteProcess == NULL) { EnablePrivilege(SE_DEBUG_NAME,false); return false; } int iSize = (int)strlen(szDllPath); pRemoteParam = VirtualAllocEx(hRemoteProcess,NULL,iSize,MEM_COMMIT,PAGE_READWRITE); if(pRemoteParam == NULL) { EnablePrivilege(SE_DEBUG_NAME,false); return false; } bRet = WriteProcessMemory(hRemoteProcess,pRemoteParam,(LPVOID)szDllPathCopy,iSize,&dwWriten); if(!bRet) { if (pRemoteParam) VirtualFreeEx(hRemoteProcess,pRemoteParam,0,MEM_RELEASE); EnablePrivilege(SE_DEBUG_NAME,false); return false; } hRemoteFunc = GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "LoadLibraryA"); hRemoteThread = CreateRemoteThread(hRemoteProcess,0,0,(LPTHREAD_START_ROUTINE)hRemoteFunc,pRemoteParam,0,&dwWriten); EnablePrivilege(SE_DEBUG_NAME,false); // 等待线程结束 if (hRemoteThread) { WaitForSingleObject(hRemoteThread,INFINITE); HMODULE g_hRemoteHandle; GetExitCodeThread(hRemoteThread,(DWORD*)&g_hRemoteHandle); } // 清理工作 if(pRemoteParam) VirtualFreeEx(hRemoteProcess, pRemoteParam,0,MEM_RELEASE); CloseHandle(hRemoteProcess); return true; }