Theqiqi_blog

Created2024-08-13|c+windows+hacking|C•Windows•Hacking

Hook注入dll文件到所有带窗口的32位程序中1.在Dll中编写Hook代码,编译为32位 dllmain.c 1234567891011121314151617181920212223// dllmain.c : Defines the entry point for the DLL application.#include <windows.h>#include "Hook.H"BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved){ switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: MessageBoxA(0, "success load", "title", 1); break; case DLL_THREAD_ATTACH: brea ...

24.通过Hook捕获程序键盘消息与鼠标消息

Created2024-08-13|c+windows+hacking|C•Windows•Hacking

[toc] 设置全局Hook用C语言写一个程序捕获键盘消息来判断A是否被按下1234567891011121314151617181920212223242526272829303132333435363738#include <windows.h>#include <stdio.h>HHOOK hKeyboardHook;// 钩子过程LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam) { if (nCode == HC_ACTION) { KBDLLHOOKSTRUCT* pKeyboard = (KBDLLHOOKSTRUCT*)lParam; if (wParam == WM_KEYDOWN) { if (pKeyboard->vkCode == 'A') { // 检查是否按下 "A" 键 ...

23.C语言实现InlineHook

Created2024-08-11|c+windows+hacking|C•Windows•Hacking

[toc] 前置准备为了方便测试需要将随机基址关闭 1. 写一个被调试程序12345678910111213141516171819202122//Message.c#include <stdio.h>#include <windows.h>#include <conio.h>void Message(char *var){ printf("var vulue is 0x%s\n", var);}int main(int argc, char** argv){ char* var = "AAA"; printf("var vulue is 0x%s\n", var); printf("var address is 0x%p\n", var); printf("ProcessID is %d\n", GetCurrentProcessId()); printf(&q ...

22.使用C语言获取系统架构

Created2024-08-11|c+windows+hacking|C•Windows•Hacking

[toc] 使用C语言获取系统架构1. 使用GetNativeSystemInfo获取系统架构1234567891011121314151617181920212223#include <windows.h>#include <stdio.h>BOOL Is64BitOS(){ SYSTEM_INFO stInfo = { 0 }; GetNativeSystemInfo(&stInfo); if (stInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64 || stInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64) { return TRUE; } return FALSE;}int main(){ if (Is64BitOS()) printf(&q ...

21.使用C语言与汇编语言调用syscall重写进程相关函数

Created2024-08-11|c+windows+hacking|C•Windows•Hacking

[toc] 调用win32相关函数读取进程内存数据与shellcode注入1. 用C语言写一个程序Message.exe12345678910111213141516171819202122//Message.c#include <stdio.h>#include <windows.h>void Message(){ MessageBoxA(0, 0, 0, 0);}int main(int argc, char** argv){ size_t var = 0x8070605040302010; printf("var vulue is 0x%llX\n", var); printf("var address is 0x%p\n", &var); size_t* p = &var; printf("var vulue is 0x%llX\n", *p); printf("var ...

20.将Dll文件转为二进制代码运行时解压出来

Created2024-08-10|c+windows+hacking|C•Windows•Hacking

[toc] 使用C语言读取与写入文件1. c语言读取文件新建一个文本文件，命名为first.txt。在first.txt中编辑文本。编写C语言代码在程序中读取文本内容。 123456789101112131415161718#define _CRT_SECURE_NO_WARNINGS#include<stdio.h>int main(){ FILE* fp = NULL; char buff[255]; fp = fopen("D:\\Users\\3\\Desktop\\first.txt", "r"); fgets(buff, 255, (FILE*)fp); printf("1: %s\n", buff); fgets(buff, 255, (FILE*)fp); printf("2: %s\n", buff); fgets(buff, 255, (FILE*)fp); printf("3: %s\n", buff); fclose(fp); ...

19.使用C语言获取进程模块句柄

Created2024-08-10|c+windows+hacking|C•Windows•Hacking

[toc] 遍历进程与模块1.设置Debug权限用来打开system进程句柄设置Debug权限需要用管理员的什么打开 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748#include <stdio.h>#include <windows.h>BOOL SeDebug(BOOL bEnablePrivilege);int main(int argc, char** argv){ SeDebug(TRUE); DWORD dwPid=1180; HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid); printf("hProcess:0x%llX\n", hProcess); CloseHandle(hProcess); getchar(); return 0;}BOOL SeDebug(BOOL bEnablePr ...

18.使用C语言在windows程序中遍历进程并打印

Created2024-08-10|c+windows+hacking|C•Windows•Hacking

[toc] C语言遍历1.使用while循环123456789101112#include <stdio.h>int main(int argv, char* argc[]){ int a = 10; while (a < 20) { printf("a 的值： %d\n", a); a++; } return 0;} 2.使用do{}while()循环do{}while()为先执行后判断 123456789101112#include <stdio.h>int main(int argv, char* argc[]){ int a = 10; do { printf("a 的值： %d\n", a); a++; } while (a < 20); return 0;} 3.使用while循环给数组赋值123 ...

17.C语言获得窗口句柄与进程句柄

Created2024-08-09|c+windows+hacking|C•Windows•Hacking

[toc] C语言获取窗口句柄1.C语言获取控制台程序的句柄完整代码功能为获取控制台程序的窗口句柄并在窗口用TextOutW写句话 12345678910111213141516171819202122232425262728#include <windows.h>#include <conio.h>#include <tchar.h>int main(int argc, char** argv) { TCHAR title[256];//控制台程序标题 //获取控制台标题 GetConsoleTitleW(title, 256); HWND hwnd1 = FindWindowW(0, title); HWND hwnd2 = FindWindowW(L"ConsoleWindowClass", 0); HWND hwnd3 = GetConsoleWindow(); HWND hwnd4 = GetForegroundWindow(); HWND hwnd = ...

16.寻找植物大战丧尸call并使用C语言调用

Created2024-08-09|c+windows+hacking|C•Windows•Hacking

[toc] 使用CE寻找种植Call并编写自动汇编脚本1. 通过CE找到汇编Call（掠过）2. 编写自动汇编脚本1234567891011121314151617181920212223242526[ENABLE]//code from here to '[DISABLE]' will be used to enable the cheatalloc(newmem,1024)createthread(newmem)newmem://根据基地址和偏移量计算第一个参数的变量地址mov ebx,00729670mov ebx,[ebx]mov ebx,[ebx+868]//call functionpush FFFFFFFF //常量-1push 2 //种植ID 此刻为樱桃炸弹mov eax,4 //Y轴座标push 0 //x轴坐标push ebx//地址[PlantsVsZombies.exe+329670]+868call 0040FA10//函数地址ret[DISABLE]//co ...