Windows进程通信-共享内存空间

三个模块

1,game.exe,三个方法,控制台输入指令('A','B','R')分别控制三个方法的调用;

2,WGDll.dll,要注入到game进程中的dll文件;

3,myconsole.exe,用来注入dll文件的程序;

先开启game进程,然后用myconsole把dll注入到game,dll模块和myconsole模块利用共享内存实现进程通信,在myconsole的控制台输入指令,dllmokuai接受指令,调用game模块的方法,达到控制game的目的

 

game模块

#include<stdio.h>

void attack()
{
    printf("**********attack**********");
    return;
}
void rest()
{
    printf("**********rest**********\n");
    return;
}
void blood()
{
    printf("**********blood**********\n");
    return;
}

int main()
{
    char orderChar;
    printf("**********GAME BEGIN**********\n");
    while (1)
    {
        orderChar = getchar();
        switch (orderChar)
        {
        case 'A':
            attack();
            break;
        case 'R':
            rest();
            break;
        case 'B':
            blood();
            break;
        case 'Q':
            printf("**********GAME OVER**********\n");
            return 0;
        }
    }

    return 0;
}

 

dll模块

// dllmain.cpp : 定义 DLL 应用程序的入口点。
#include<Windows.h>
#include<iostream>
#include<stdio.h>
using namespace std;

#define _MAP_ TEXT("gameDll")

#define ATTACK 0x0641740
#define REST 0x0641800
#define BLOOD 0x06417a0

HANDLE hMapFile;
LPTSTR lpBuffer;
TCHAR dwType;

DWORD WINAPI ThreadProc(LPVOID lpParameter)
{
    HANDLE hMapFile = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, _MAP_);
    if (!hMapFile)
    {
        printf("OpenMappingFile Error : %d", GetLastError());
        return 0;
    }
    lpBuffer = (LPTSTR)MapViewOfFile(hMapFile, FILE_MAP_ALL_ACCESS, 0, 0, BUFSIZ);
    for (;;)
    {
        Sleep(2000);
        if (lpBuffer != NULL)
        {
           // CopyMemory(&dwType, lpBuffer, 4);
            wmemcpy_s(&dwType, 4, lpBuffer, 1);
            wcout << lpBuffer << endl;
        }
        if (dwType == L'A')
        {
            //MessageBox(NULL, TEXT("AAAAA"), TEXT("AAAAA"), MB_OK);
            __asm
            {
                mov eax, ATTACK
                call eax
            }
            //dwType = 0;
            //CopyMemory(lpBuffer, &dwType, 4);
        }
        if (dwType == L'B')
        {
            //MessageBox(NULL, TEXT("BBBBBB"), TEXT("BBBBBBB"), MB_OK);
            __asm
            {
                mov eax, BLOOD
                call eax
            }
            //dwType = 0;
            //CopyMemory(lpBuffer, &dwType, 4);
        }
        if (dwType == L'R')
        {
            //MessageBox(NULL, TEXT("RRRRRRR"), TEXT("RRRRRRR"), MB_OK);
            __asm
            {
                mov eax, REST
                call eax
            }
            //dwType = 0;
            //CopyMemory(lpBuffer, &dwType, 4);
        }
        if (dwType == L'Q')
        {
            //MessageBox(NULL, TEXT("QQQQQQQ"), TEXT("QQQQQQ"), MB_OK);
            UnmapViewOfFile(lpBuffer);
        }
    }
    return 0;
}

BOOL APIENTRY DllMain(HMODULE hModule,
    DWORD  ul_reason_for_call,
    LPVOID lpReserved
)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        MessageBox(NULL, TEXT("hehe"), TEXT("HAHA"), MB_OKCANCEL);
        CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)ThreadProc, NULL, 0, NULL);
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

 

myconsole模块

#include<Windows.h>
#include<stdio.h>
#include<Tlhelp32.h>
#include <iostream>
#include<stdlib.h>
using namespace std;

#define _MAP_ TEXT("gameDll")

HANDLE hFileMapping;
LPTSTR lpBuffer;
BOOL init()
{
    
    hFileMapping = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, 0x1000, _MAP_);
    if (hFileMapping==NULL)
    {
        printf("create filemapping failed error : %d", GetLastError());
        return FALSE;
    }
    lpBuffer = (LPTSTR)MapViewOfFile(hFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, BUFSIZ);
    if (lpBuffer==NULL)
    {
        printf("create filemappingview failed error : %d", GetLastError());
        return FALSE;
    }
    return TRUE;
}

DWORD GetPid(const TCHAR* pDest)
{
    HANDLE hProcessHandle;
    PROCESSENTRY32 pe32 = {0};

    hProcessHandle = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
    if (hProcessHandle == INVALID_HANDLE_VALUE)
    {
        return FALSE;
    }
    pe32.dwSize = sizeof(PROCESSENTRY32);
    //const TCHAR* pDest = TEXT("game.exe");
    while (Process32Next(hProcessHandle,&pe32))
    {
        //printf("%s\n", pe32.szExeFile);
        if (wcscmp(pe32.szExeFile,pDest)==0)
        {    
            CloseHandle(hProcessHandle);
            return pe32.th32ProcessID;
            wcout << pe32.szExeFile << ":" << pe32.th32ProcessID << endl;
        }
        
    }
    return 0;

}

BOOL LoadDll(DWORD pID,const TCHAR* pName)
{
    HANDLE hDestProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);

    DWORD pLEN = sizeof(WCHAR)*wcslen(pName)+1;
    LPVOID lpStart =  VirtualAllocEx(hDestProcess, NULL, pLEN, MEM_COMMIT, PAGE_READWRITE);
    BOOL bRET = WriteProcessMemory(hDestProcess, lpStart, pName, pLEN, NULL);
    if (!bRET)
    {
        cout << "writeprocessmemory failed error : %d" << GetLastError() << endl;
        CloseHandle(hDestProcess);
        return FALSE;
    }
    HMODULE hModule = GetModuleHandle(TEXT("Kernel32.dll"));
    if (!hModule)
    {
        cout << "get kernel32 failed error :" << GetLastError() << endl;
        CloseHandle(hDestProcess);
        return FALSE;
    }
    DWORD f = (DWORD)GetProcAddress(hModule, "LoadLibraryW");
    if (!f)
    {
        cout << "get loadLibraryA failed error :" << GetLastError() << endl;
        CloseHandle(hDestProcess);
        CloseHandle(hModule);
        return FALSE;
    }
    CreateRemoteThread(hDestProcess,NULL,0, (LPTHREAD_START_ROUTINE)f,lpStart,NULL,NULL);
    CloseHandle(hDestProcess);
    CloseHandle(hModule);
    return TRUE;
}

int main()
{
    init();

    const TCHAR* pName = TEXT("game.exe");
    DWORD pid = GetPid(pName);
    wcout << pid << endl;
    TCHAR DLLNAME[] = TEXT("D:\\vs-workspace\\WGDll\\Debug\\WGDll.dll");
    TCHAR* DNAME = DLLNAME;
    BOOL fl = LoadDll(pid, DNAME);
    if (fl)
    {
        cout << "haha" << endl;
    }

    TCHAR gameCmd[] = { L'A',L'B',L'R' };
    TCHAR tempp;
    int randnum = 0;
    for (;;)
    {
        randnum = rand()%3;
        tempp = gameCmd[randnum];
        wcout << tempp << endl;
        CopyMemory(lpBuffer, &tempp,4);
        wmemcpy_s(lpBuffer, 4, &tempp, 1);
        Sleep(2000);
    }
    getchar();
    return 0;
}

 

posted @ 2020-02-12 09:24  AGB  阅读(348)  评论(0编辑  收藏  举报