Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

常用API函数 #5

Open
xinqinew opened this issue Jul 7, 2021 · 4 comments
Open

常用API函数 #5

xinqinew opened this issue Jul 7, 2021 · 4 comments

Comments

@xinqinew
Copy link
Owner

xinqinew commented Jul 7, 2021

模拟鼠标
DLL注入
DLL劫持
GDI绘图

@xinqinew
Copy link
Owner Author

xinqinew commented Jul 7, 2021

模拟鼠标

LRESULT SendMessage(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM IParam);

其中Msg为WM_LBUTTONDOWN,WM_LBUTTONUP,表示对鼠标的软件模拟操作(虽然兼容性和安全性不如硬件模拟的mouse_event,但不改变移动鼠标指针)

故一般写作SendMessage(hwnd, WM_LBUTTONUP/WM_LBUTTONDOWN, 0, Y坐标<<16+X);

@xinqinew
Copy link
Owner Author

xinqinew commented Jul 7, 2021

DLL注入

HANDLE CreateThread(LPSECURITY_ATTRIBUTES, SIZE_T, LPTHREAD_START_ROUTINE, LPVOID, DWORD ,LPDWORD);

CreateThread将在主线程的基础上创建一个新线程

LPVOID VirtualAllocEx(HANDLE, LPVOID, SIZE_T, DWORD, DWORD);

向指定进程申请内存,其中flAllocationType取值MEM_COMMIT表示写入物理存储而非磁盘交换内存

FARPROC GetProcAddress(HMODULE hModule, LPCSTR);

检索指定的动态链接库(DLL)中的输出库函数地址

HANDLE CreateRemoteThread(HANDLE, LPSECURITY_ATTRIBUTES, SIZE_T, LPTHREAD_START_ROUTINE, LPVOID, DWORD, LPDWORD);

创建一个在其它进程地址空间中运行的线程

@xinqinew
Copy link
Owner Author

xinqinew commented Jul 7, 2021

DLL劫持

__asm{ }
执行括号内的汇编代码
JMP EAX
将EIP跳转到EAX执行,劫持DLL后要获取真正的原函数地址,使用时要进行跳转

@xinqinew
Copy link
Owner Author

xinqinew commented Jul 7, 2021

GDI绘图

HDC GetDC(HWND hWnd);

检索显示设备上下文环境的句柄

CDC
CDC类定义的是设备上下文对象的类

CPoint CDC::MoveTo(int x,int y);
CPoint CDC::LineTo(int x,int y);

绘制直线

BOOL CDC::Ellipse(int x1,int y1int x2,int y2);

绘制圆形

BOOL CRgn::CreateRectRgn(int x1,int y1,int x2,int y2);

建立方形区域

BOOL CRgn::CreateEllipticRgn(int x1,int y1,int x2,int y2)

建立圆形区域

int CombineRgn(CRgn pRgn1,CRgn pRgn2,int nCombineMode );

合并区域(圆点准心为使得中间透明采取大圆-小圆的区域)

BOOL FillRgn(CRgn pRgn,CBrush pBrush );

填充形状

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant