mirror of
https://github.com/Cc28256/CcRemote.git
synced 2025-06-10 06:19:50 +00:00
119 lines
2.8 KiB
C++
119 lines
2.8 KiB
C++
// dllmain.cpp : 定义 DLL 应用程序的入口点。
|
||
#include "pch.h"
|
||
|
||
#define STR_CRY_LENGTH 0 //加密字符串的长度
|
||
char* uncode(char* str)
|
||
{
|
||
int len = str[0];
|
||
char * uncodeStr = (char *)operator new(len + 1);
|
||
for (size_t i = 1; i <= len; i++)
|
||
{
|
||
uncodeStr[i - 1] = str[i] ^ (0xCC - i);
|
||
}
|
||
uncodeStr[len] = 0x00;
|
||
return uncodeStr;
|
||
}
|
||
|
||
|
||
|
||
BOOL APIENTRY DllMain( HMODULE hModule,
|
||
DWORD ul_reason_for_call,
|
||
LPVOID lpReserved
|
||
)
|
||
{
|
||
switch (ul_reason_for_call)
|
||
{
|
||
case DLL_PROCESS_ATTACH:
|
||
MessageBoxA(NULL, "dllmain", "test", NULL);
|
||
case DLL_THREAD_ATTACH:
|
||
case DLL_THREAD_DETACH:
|
||
case DLL_PROCESS_DETACH:
|
||
break;
|
||
}
|
||
return TRUE;
|
||
}
|
||
|
||
|
||
extern "C" __declspec(dllexport) void wiohrwiaq ()
|
||
{
|
||
|
||
}
|
||
|
||
|
||
extern "C" __declspec(dllexport) void ioqerbwqiaweplkqpoewq ()
|
||
{
|
||
|
||
}
|
||
|
||
extern "C" __declspec(dllexport) void eiwqiothhahndna()
|
||
{
|
||
|
||
}
|
||
|
||
|
||
/*
|
||
为什么C++生成的Dll函数名带有@?如“_Abcd2@4”后面是数字2加@还有个4
|
||
_stdcall调用约定的函数会有@,后面的数字表示参数总共所占字节数,这是因为_stdcall函数需要被调用者清空堆栈,所以需要知道参数所占大小
|
||
_cedcl调用约定的函数没有@及后面的数字,因为_cedcl调用约定的函数由调用者清空堆栈
|
||
*/
|
||
extern "C" __declspec(dllexport) int __stdcall run(HMODULE hLibModule)
|
||
{
|
||
MessageBoxA(NULL, "hello", "test", NULL);
|
||
char Str_Kernel32[] = { 0x08,0xa0,0xaf,0xbb,0xa6,0xa2,0xaa,0xf6,0xf6 };
|
||
char Str_GetMoudleFileNameA[] = { 0x12,0x8c,0xaf,0xbd,0x85,0xa8,0xa2,0xb0,0xa8,0xa6,0x84,0xa8,0xac,0xda,0xf0,0xdc,0xd1,0xde,0xfb };
|
||
char Str_MainDat[] = { 0x0c,0x97,0x89,0xaa,0xfa,0xff,0xf4,0xf0,0xf2,0xed,0xa6,0xa0,0xb4 };
|
||
|
||
char SelfPath[MAX_PATH] = { 0 };
|
||
|
||
char* lpKernel32 = uncode(Str_Kernel32);
|
||
HMODULE MoudleHandle = GetModuleHandleA(lpKernel32); // 解密调用
|
||
memset(lpKernel32, 0, Str_Kernel32[STR_CRY_LENGTH]);
|
||
delete lpKernel32;
|
||
|
||
|
||
//声明导出函数类型--导出的TestRun函数
|
||
typedef DWORD(__stdcall *TestRunT)(
|
||
_In_opt_ HMODULE hModule,
|
||
_Out_writes_to_(nSize, ((return < nSize) ? (return +1) : nSize)) LPSTR lpFilename,
|
||
_In_ DWORD nSize
|
||
);
|
||
|
||
|
||
char* lpGetMoudleFileName = uncode(Str_GetMoudleFileNameA);
|
||
TestRunT pGetMoudleFileNameA = (TestRunT)GetProcAddress(MoudleHandle, lpGetMoudleFileName); // 解密调用
|
||
memset(lpGetMoudleFileName, 0, Str_Kernel32[STR_CRY_LENGTH]);
|
||
delete lpGetMoudleFileName;
|
||
|
||
|
||
pGetMoudleFileNameA(NULL, SelfPath, MAX_PATH);
|
||
|
||
char* FilePath = strrchr(SelfPath, '\\');
|
||
|
||
if (FilePath)
|
||
{
|
||
*FilePath = 0x00;
|
||
}
|
||
else
|
||
{
|
||
return 0;
|
||
}
|
||
|
||
char* pMainDat = uncode(Str_MainDat);
|
||
lstrcatA(SelfPath, pMainDat);
|
||
memset(pMainDat, 0, Str_Kernel32[STR_CRY_LENGTH]);
|
||
delete pMainDat;
|
||
|
||
|
||
MessageBoxA(NULL, SelfPath, "test", NULL);
|
||
|
||
|
||
return FreeLibrary(hLibModule);
|
||
}
|
||
|
||
|
||
|
||
extern "C" __declspec(dllexport) void qioewiqj()
|
||
{
|
||
|
||
}
|