|
 | 作者: tabris17 [tabris17]
 论坛用户 |
登录 |
| #pragma comment(linker,"/subsystem:windows") #pragma comment(linker,"/align:4096") #define MSN_APP "\\MSN Messenger\\msnmsgr.exe" #define TF_BIT 0x100 #include <windows.h> #include <map> using namespace std; map <DWORD,HANDLE> ThreadList; HANDLE hTargetProcess; DWORD dwMainThreadId; DWORD GetRetAddress(LPVOID lpBsp) { DWORD dwBytesRead,dwRetAddress; if (ReadProcessMemory(hTargetProcess,lpBsp,&dwRetAddress,sizeof(DWORD),&dwBytesRead)) { return dwRetAddress; } return NULL; } LPVOID g_lpGetLastErrorRet; int SetHook(bool bSet) { static bool bInitial; static LPVOID lpGetLastErrorRet; BYTE bytOriginalOpCode=0xC3; if (!bInitial) { BYTE lpCode[32]; LPVOID lpGetLastError; lpGetLastError=GetProcAddress(GetModuleHandle("kernel32.dll"),"GetLastError"); DWORD dwBytesRead; //ReadProcessMemory(hTargetProcess,lpGetLastError,&bytOriginalOpCode,sizeof(BYTE),&dwBytesRead); ReadProcessMemory(hTargetProcess,lpGetLastError,&lpCode,sizeof(lpCode),&dwBytesRead); for (int i=0; i<32; i++) { if (0xC3==lpCode[i]) { g_lpGetLastErrorRet=lpGetLastErrorRet=(LPVOID)(((DWORD)lpGetLastError)+i); break; } } bInitial=true; } BYTE bytBreakOpCode=0xCC; DWORD dwBytesReadWrite; MEMORY_BASIC_INFORMATION mbi; VirtualQueryEx(hTargetProcess,lpGetLastErrorRet,&mbi,sizeof(mbi)); VirtualProtectEx(hTargetProcess,mbi.BaseAddress,mbi.RegionSize,PAGE_EXECUTE_READWRITE,&mbi.Protect); if (bSet) { WriteProcessMemory(hTargetProcess,lpGetLastErrorRet,&bytBreakOpCode,sizeof(BYTE),&dwBytesReadWrite); }else { WriteProcessMemory(hTargetProcess,lpGetLastErrorRet,&bytOriginalOpCode,sizeof(BYTE),&dwBytesReadWrite); } FlushInstructionCache(hTargetProcess,lpGetLastErrorRet,sizeof(BYTE)); return TRUE; } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) //int main() { char lpApplication[MAX_PATH]; STARTUPINFO si; PROCESS_INFORMATION pi; ZeroMemory(&si, sizeof(si)); ZeroMemory(&pi, sizeof(pi)); si.cb=sizeof(si); GetEnvironmentVariable("ProgramFiles",lpApplication,MAX_PATH); strcat(lpApplication,MSN_APP); if (!CreateProcess(lpApplication,NULL,NULL,NULL,FALSE,DEBUG_ONLY_THIS_PROCESS,NULL,NULL,&si,&pi)) { MessageBox(GetDesktopWindow(),"Fail to launch \"msnmsgr.exe\"!","Error",MB_OK|MB_ICONSTOP); return FALSE; } DEBUG_EVENT de; BOOL bContinue=TRUE,bInitial=FALSE; DWORD dwContinueStatus; CONTEXT context; ZeroMemory(&context,sizeof(context)); UINT uHookCount=0; while (bContinue) { bContinue=WaitForDebugEvent(&de,INFINITE); dwContinueStatus=DBG_CONTINUE; switch (de.dwDebugEventCode) { case CREATE_THREAD_DEBUG_EVENT: ThreadList[de.dwThreadId]=de.u.CreateThread.hThread; break; case CREATE_PROCESS_DEBUG_EVENT: hTargetProcess=de.u.CreateProcessInfo.hProcess; ThreadList[de.dwThreadId]=de.u.CreateProcessInfo.hThread; dwMainThreadId=de.dwThreadId; break; case EXIT_PROCESS_DEBUG_EVENT: bContinue=FALSE; break; case EXCEPTION_DEBUG_EVENT: switch (de.u.Exception.ExceptionRecord.ExceptionCode) { case EXCEPTION_SINGLE_STEP: if (uHookCount<3) { context.ContextFlags=CONTEXT_FULL; if (GetThreadContext(ThreadList[de.dwThreadId],&context)) { SetHook(TRUE); } } break; case EXCEPTION_BREAKPOINT: dwContinueStatus=de.u.Exception.dwFirstChance?DBG_CONTINUE:DBG_EXCEPTION_NOT_HANDLED; if (!bInitial) { SetHook(TRUE); bInitial=TRUE; } context.ContextFlags=CONTEXT_FULL; if (GetThreadContext(ThreadList[de.dwThreadId],&context)) { if ((context.Eip-1)==(DWORD)g_lpGetLastErrorRet) { //printf("Return Address: 0x%08X\n",GetRetAddress((LPVOID)context.Esp)); if (0x00700000>GetRetAddress((LPVOID)context.Esp)&&de.dwThreadId==dwMainThreadId) { if (ERROR_ALREADY_EXISTS==context.Eax) { context.Eax=0; uHookCount++; } } SetHook(FALSE); context.Eip--; context.EFlags|=TF_BIT; SetThreadContext(ThreadList[de.dwThreadId],&context); dwContinueStatus=DBG_CONTINUE; } } break; default:dwContinueStatus=DBG_EXCEPTION_NOT_HANDLED; } break; //default: } ContinueDebugEvent(de.dwProcessId,de.dwThreadId,dwContinueStatus); } CloseHandle(pi.hProcess); CloseHandle(pi.hThread); return TRUE; } |
| 地主 发表时间: 06-02-04 17:35 |
| 回复: tabris17 [tabris17] 论坛用户 |
登录 |
|
http://20cn.net/~tabris17/download/msn4.rar |
| B1层 发表时间: 06-02-04 17:38 |
 | 回复: flynet [flynet]  论坛用户 |
登录 |
|
谢谢了。好东西啊 |
| B2层 发表时间: 06-02-06 17:22 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 编程破解
标题: 能在一个系统中运行多个MSN实例的程序源代码[附程序]