有关DLL的远程注入之后如和拦截被注入程序的按键消息

用Detours吧。这个比较简单。给你写个例子。Hook了删除文件API DeleteFile。

#include "stdafx.h"

#include <io.h>

#include <stdio.h>

#include "detours.h"#pragma data_seg("MySec")

HWND g_hMain=NULL //主窗体句柄

#pragma data_seg()#pragma comment(linker,"/section:MySec,RWS")

#pragma comment(lib,"detours.lib")HHOOK g_MessageHook=NULL //消息HOOK

HINSTANCE hInst=NULL //dll实例

HWND g_hWnd=NULL //目标句柄void Intercept()

void UnIntercept()DETOUR_TRAMPOLINE(BOOL WINAPI Real_DeleteFileW(

LPCWSTR lpFileName),DeleteFileW)LRESULT CALLBACK MessageProc(

int code, // hook code

WPARAM wParam, // not used

LPARAM lParam // message data

)

{

Intercept()

return CallNextHookEx(g_MessageHook,code,wParam,lParam)

}

BOOL SetAPIHook()

{ g_MessageHook=SetWindowsHookEx(WH_GETMESSAGE,(HOOKPROC)MessageProc,hInst,0)

if(g_MessageHook!=NULL)

{

return true

}

else

{

return false

}

}void UnAPIHook()

{

if(g_MessageHook!=NULL)

{

UnhookWindowsHookEx(g_MessageHook)

g_MessageHook=NULL

}

}

BOOL WINAPI DllMain(

HINSTANCE hinstDLL, // handle to the DLL module

DWORD fdwReason, // reason for calling function

LPVOID lpvReserved // reserved

)

{

switch(fdwReason)

{

case DLL_PROCESS_ATTACH:

hInst=hinstDLL

g_hMain =FindWindowEx(NULL,NULL, NULL,"myexe")

if(g_hMain!=NULL)

{

SetAPIHook()

} break

case DLL_PROCESS_DETACH:

UnIntercept()

break

}

return true

}

BOOL WINAPI Replace_DeleteFileW(LPCWSTR lpFileName)

{

BOOL bRet

//加入你的代码

bRet= Real_DeleteFileW(lpFileName)

return bRet

}void Intercept()

{

DetourFunctionWithTrampoline((PBYTE)Real_DeleteFileW, (PBYTE)Replace_DeleteFileW)

}

void UnIntercept()

{

DetourRemove( (PBYTE)Real_DeleteFileW,(PBYTE)Replace_DeleteFileW)

}

In the life long journey with many detours, path, dangerous road, dark road, only the strong-willed and never stop the people, will have hopes of reaching the victory away.

---