aardio中用如下代码启动electron并注入DLL钩子
By
admin
at 2017-12-30 • 0人收藏 • 2289人看过
以下摘选自 aardio官方公众号
import process.apiHook;
var prcs = process.apiHook( "\electron\electron.exe" );
//先给electron安装钩子
var hookInfo = prcs.install("User32.dll","CreateWindowExW","CreateWindowExHook.dll","_CreateWindowExHook@48");
//调用外部进程中的API函数
SetCreateWindowExPtr = prcs.process.remoteApi("void(addr addrTrampoline,addr hwndParent)","CreateWindowExHook.dll","SetCreateWindowExPtr","cdecl")
SetCreateWindowExPtr(
hookInfo.addrTrampoline,//这是真正的CreateWindowEx函数指针地址
winform.hwnd
);
//然后让electron进程继续运行
prcs.resume();这样我们就通过API钩子轻松的拿到了 electron创建的窗口句柄,在electron创建主窗口的时候,就强行改掉他的样式,并将他捉进aardio窗口内。
1 个回复 | 最后更新于 2017-12-30
登录后方可回帖
code = /** #include <windows.h> typedef HWND WINAPI (*CreateWindowExPtr)( DWORD dwExStyle, LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam ); static CreateWindowExPtr pCreateWindowEx; static HWND hwndParent; static UINT wm_aardio_electron; __declspec(dllexport) void SetCreateWindowExPtr( CreateWindowExPtr p,HWND hwnd,UINT msg ){ hwndParent = hwnd; pCreateWindowEx = p; wm_aardio_electron = msg; } __declspec(dllexport) HWND WINAPI CreateWindowExHook( DWORD dwExStyle, LPCWSTR lpClassName, LPCWSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam ){ HWND hwnd = pCreateWindowEx(dwExStyle,lpClassName,lpWindowName,dwStyle,x,y,nWidth,nHeight,hWndParent,hMenu,hInstance,lpParam); SendMessage(hwndParent,wm_aardio_electron, 0,hwnd); return hwnd; } **/ import tcc; vm = tcc( );//创建TCC编译器 /* 加载需要用到的动态库,或静态库 在"~\lib\tcc\.res\lib" 目录下查找 "动态库名.def" "静态库名.a" 也可以使用 vm.addLibPath() 函数添加搜索库的目录 */ vm.addLib( "user32", "kernel32", "gdi32" ) vm.addFile("/CreateWindowExHook.def") vm.output( "~\lib\electron\.build\CreateWindowExHook.dll", code ) //编译C源码,生成DLL vm.close(); //收工 import win; win.msgbox("CreateWindowExHook编译成功")