完整代码,原创无藏私,绝对实用。Windows10 X64 下调试通过,对 w3wp.exe, sqlserver.exe,notepad.exe,iexporer.exe 注入后,长时间运行稳定,未见异常。
要注入的全局dll(需强命名):
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using EasyHook;
using System.Threading;
using System.Diagnostics;
using System.Windows.Forms; namespace ClassLibrary1
{
[Serializable]
public class HookParameter
{
public string Msg { get; set; }
public int HostProcessId { get; set; }
} public class Main : EasyHook.IEntryPoint
{
public LocalHook MessageBoxWHook = null;
public LocalHook MessageBoxAHook = null; public Main(
RemoteHooking.IContext context,
String channelName
, HookParameter parameter
)
{
MessageBox.Show(parameter.Msg, "Hooked");
} public void Run(
RemoteHooking.IContext context,
String channelName
, HookParameter parameter
)
{
try
{
MessageBoxWHook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "MessageBoxW"),
new DMessageBoxW(MessageBoxW_Hooked),
this);
MessageBoxWHook.ThreadACL.SetExclusiveACL(new Int32[]); MessageBoxAHook = LocalHook.Create(
LocalHook.GetProcAddress("user32.dll", "MessageBoxA"),
new DMessageBoxW(MessageBoxA_Hooked),
this);
MessageBoxAHook.ThreadACL.SetExclusiveACL(new Int32[]);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
} try
{
while (true)
{
Thread.Sleep();
}
}
catch
{ }
} #region MessageBoxW [DllImport("user32.dll", EntryPoint = "MessageBoxW", CharSet = CharSet.Unicode)]
public static extern IntPtr MessageBoxW(int hWnd, string text, string caption, uint type); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Unicode)]
delegate IntPtr DMessageBoxW(int hWnd, string text, string caption, uint type); static IntPtr MessageBoxW_Hooked(int hWnd, string text, string caption, uint type)
{
return MessageBoxW(hWnd, "Hooked - " + text, "Hooked - " + caption, type);
} #endregion #region MessageBoxA [DllImport("user32.dll", EntryPoint = "MessageBoxA", CharSet = CharSet.Ansi)]
public static extern IntPtr MessageBoxA(int hWnd, string text, string caption, uint type); [UnmanagedFunctionPointer(CallingConvention.StdCall, CharSet = CharSet.Ansi)]
delegate IntPtr DMessageBoxA(int hWnd, string text, string caption, uint type); static IntPtr MessageBoxA_Hooked(int hWnd, string text, string caption, uint type)
{
return MessageBoxA(hWnd, "Hooked - " + text, "Hooked - " + caption, type);
} #endregion
}
}
注入主程序:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.IO;
using System.Threading;
using System.Reflection;
using ClassLibrary1;
using EasyHook;
using System.Diagnostics;
using System.Runtime.InteropServices; namespace WindowsFormsApplication8
{
public partial class Form1 : Form
{
[DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)]
[return: MarshalAs(UnmanagedType.Bool)]
internal static extern bool IsWow64Process([In] IntPtr process, [Out] out bool wow64Process); public Form1()
{
InitializeComponent();
} private bool RegGACAssembly()
{
var dllName = "EasyHook.dll";
var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
if (!System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
{
new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
Thread.Sleep();
} dllName = "ClassLibrary1.dll";
dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, dllName);
new System.EnterpriseServices.Internal.Publish().GacRemove(dllPath);
if (!System.Runtime.InteropServices.RuntimeEnvironment.FromGlobalAccessCache(Assembly.LoadFrom(dllPath)))
{
new System.EnterpriseServices.Internal.Publish().GacInstall(dllPath);
Thread.Sleep();
} return true;
} private static bool InstallHookInternal(int processId)
{
try
{
var parameter = new HookParameter
{
Msg = "已经成功注入目标进程",
HostProcessId = RemoteHooking.GetCurrentProcessId()
}; RemoteHooking.Inject(
processId,
InjectionOptions.Default,
typeof(HookParameter).Assembly.Location,
typeof(HookParameter).Assembly.Location,
string.Empty,
parameter
);
}
catch (Exception ex)
{
Debug.Print(ex.ToString());
return false;
} return true;
} private static bool IsWin64Emulator(int processId)
{
var process = Process.GetProcessById(processId);
if (process == null)
return false; if ((Environment.OSVersion.Version.Major > )
|| ((Environment.OSVersion.Version.Major == ) && (Environment.OSVersion.Version.Minor >= )))
{
bool retVal; return !(IsWow64Process(process.Handle, out retVal) && retVal);
} return false; // not on 64-bit Windows Emulator
} private void button1_Click(object sender, EventArgs e)
{
var p = Process.GetProcessById(int.Parse(textBox1.Text));
if (p == null)
{
MessageBox.Show("指定的进程不存在!");
return;
} if(IsWin64Emulator(p.Id) != IsWin64Emulator(Process.GetCurrentProcess().Id))
{
var currentPlat = IsWin64Emulator(Process.GetCurrentProcess().Id) ? : ;
var targetPlat = IsWin64Emulator(p.Id) ? : ;
MessageBox.Show(string.Format("当前程序是{0}位程序,目标进程是{1}位程序,请调整编译选项重新编译后重试!", currentPlat, targetPlat));
return;
} RegGACAssembly();
InstallHookInternal(p.Id);
} private void Form1_Load(object sender, EventArgs e)
{ }
}
}
完整代码下载地址:http://download.csdn.net/download/nanfei01055/9999598