- #include <windows.h>
- DWORD dwMyProcessId;
- DWORD dwImageBase;
- DWORD dwImageSize;
- DWORD dwMsgThread;
- wchar_t dbgBuffer[8192];
- #define DBG_MSG(format,...) {\\
- wsprintfW(dbgBuffer,format,__VA_ARGS__);\\
- OutputDebugString(dbgBuffer);\\
- }
- typedef struct
- {
- LPARAM lparam;
- WNDPROC orgiProc;
- }WndData;
- BOOL EnableSpecificPrivilege(BOOL bEnable,LPCTSTR Name)
- {
- BOOL bResult = FALSE;
- HANDLE hToken;
- TOKEN_PRIVILEGES TokenPrivileges;
- if(OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES,&hToken) == 0)
- {
- return FALSE;
- }
- TokenPrivileges.PrivilegeCount = 1;
- TokenPrivileges.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : 0;
- bResult = LookupPrivilegeValue(NULL,Name,&TokenPrivileges.Privileges[0].Luid);
- if(!bResult)
- {
- CloseHandle(hToken);
- return FALSE;
- }
- bResult = AdjustTokenPrivileges(hToken,FALSE,&TokenPrivileges,sizeof(TOKEN_PRIVILEGES),NULL,NULL);
- if(GetLastError() != ERROR_SUCCESS || !bResult)
- {
- CloseHandle(hToken);
- return FALSE;
- }
- CloseHandle(hToken);
- return TRUE;
- }
- DWORD EnableAllPrivilege(BOOL bEnable)
- {
- DWORD count=0;
- ///
- count+=EnableSpecificPrivilege(bEnable,SE_ASSIGNPRIMARYTOKEN_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_AUDIT_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_BACKUP_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_CHANGE_NOTIFY_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_CREATE_PAGEFILE_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_CREATE_PERMANENT_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_CREATE_TOKEN_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_DEBUG_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_INC_BASE_PRIORITY_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_INCREASE_QUOTA_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_LOAD_DRIVER_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_LOCK_MEMORY_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_PROF_SINGLE_PROCESS_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_REMOTE_SHUTDOWN_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_RESTORE_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_SECURITY_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_SHUTDOWN_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_SYSTEM_ENVIRONMENT_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_SYSTEM_PROFILE_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_SYSTEMTIME_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_TAKE_OWNERSHIP_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_TCB_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_UNSOLICITED_INPUT_NAME);
- count+=EnableSpecificPrivilege(bEnable,SE_MACHINE_ACCOUNT_NAME);
- return count;
- }
- BOOL GetMouduleRanage(wchar_t* pModName,DWORD *pdwBase,DWORD *size)
- {
- PIMAGE_DOS_HEADER pDosHeader;
- PIMAGE_NT_HEADERS pNtHeaders;
- *pdwBase = (DWORD)GetModuleHandleW(pModName);
- if(!*pdwBase)
- return FALSE;
- pDosHeader = (PIMAGE_DOS_HEADER) *pdwBase;
- pNtHeaders = (PIMAGE_NT_HEADERS) (PIMAGE_NT_HEADERS)(((DWORD) *pdwBase) + pDosHeader->e_lfanew);
- *size = pNtHeaders->OptionalHeader.SizeOfImage;
- return TRUE;
- }
- LRESULT CALLBACK MyProcessMsgA(HWND hWnd, UINT nId, WPARAM wparam, LPARAM lparam)
- {
- }
- LRESULT CALLBACK MyProcessMsgW(HWND hWnd, UINT nId, WPARAM wparam, LPARAM lparam)
- {
- WndData *pWndData;
- DBG_MSG(L"MSG id:0x%08x\\n",nId);
- switch(nId)
- {
- case WM_KEYDOWN:
- {
- DBG_MSG(L"Key down !\\n");
- }
- case WM_CHAR:
- {
- }
- break;
- case WM_COMMAND:
- {
- }
- break;
- default:
- break;
- }
- pWndData = (WndData *)GetWindowLongPtrW(hWnd,GWL_USERDATA);
- if(pWndData == NULL)
- {
- DBG_MSG(L"ERROR : hwnd: %d last error:%u\\n",hWnd,GetLastError());
- return DefWindowProc(hWnd,nId,wparam,lparam);
- }
- SetWindowLongPtrW(hWnd,GWL_USERDATA,(LONG)pWndData->lparam);
- pWndData->orgiProc(hWnd,nId,wparam,lparam);
- SetWindowLongPtrW(hWnd,GWL_USERDATA,(LONG)pWndData);
- return DefWindowProc(hWnd,nId,wparam,lparam);
- }
- BOOL CALLBACK EnumWindowsProc(HWND hwnd,LPARAM lParam )
- {
- DWORD dwProcessId;
- DWORD dwThreadId;
- WndData *pWndData;
- dwThreadId = GetWindowThreadProcessId(hwnd,&dwProcessId);
- if(dwProcessId == dwMyProcessId)//窗口是本进程创建的
- {
- DBG_MSG(L"is unicode :%d ,hwnd :%d\\n",IsWindowUnicode(hwnd),hwnd);
- pWndData = (WndData *)malloc(sizeof(WndData));
- if(pWndData == NULL)
- {
- DBG_MSG(L"ERROR !!! malloc failed..\\n");
- return TRUE;
- }
- SetLastError(0);
- pWndData->lparam = (LPARAM)SetWindowLongPtrW(hwnd,GWL_USERDATA,(LONG)pWndData);
- if(pWndData->lparam == NULL && GetLastError())
- {
- DBG_MSG(L"SetWindowLongPtrW failed...\\n");
- free(pWndData);
- return TRUE;
- }
- pWndData->orgiProc = (WNDPROC)SetWindowLongPtrW(hwnd,GWLP_WNDPROC,(LONG)MyProcessMsgW);
- if(pWndData->orgiProc == NULL)
- {
- DBG_MSG(L"Hook Failed!!\\n");
- }
- }
- return TRUE;
- }
- void HookWindowProc()
- {
- EnumWindows(EnumWindowsProc,NULL);
- }
- BOOL WINAPI DllMain(
- HANDLE hinstDLL,
- DWORD dwReason,
- LPVOID lpvReserved
- )
- {
- switch(dwReason)
- {
- case DLL_PROCESS_ATTACH:
- {
- DisableThreadLibraryCalls(hinstDLL);
- EnableAllPrivilege(TRUE);
- dwMyProcessId = GetProcessId(OpenProcess(PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId()));
- DBG_MSG(L"My process id :%u \\n",dwMyProcessId);
- if(dwMyProcessId)
- HookWindowProc();
- }
- break;
- default:
- break;
- }
- return TRUE;
- }
- //该片段来自于http://www.codesnippet.cn/detail/290920136204.html
来源: http://www.codesnippet.cn/detail/290920136204.html