这种事情取决于很多因素,而且很难上手。你能提供更多细节吗?
在一般级别上,对于 1:如果您ICLRRuntimeHost::ExecuteInDefaultAppDomain(pwzAssemblyPath, pwzTypeName, pwzMethodName, pwzArgument)用于执行托管代码,则托管执行将在由 表示的方法pwzMethodName完成后立即停止。如果您有其他想要持久执行的任务,并且不想让这个调用同时挂起,那么最好的办法是pwzMethodName在另一个线程上启动一些程序循环函数。
至于2,如果您将代码注入目标进程并与控件交互,线程安全可能是一个大问题。我个人没有使用过 SetWindowLong api,但它可能与从非调度程序线程修改控件有关。
这是我的 C#
public class Class1
{
[DllImport("kernel32", SetLastError = true)]
public static extern IntPtr LoadLibrary(string lpFileName);
[DllImport("user32.dll", SetLastError = true)]
public static extern IntPtr CallWindowProc(IntPtr lpPrevWndFunc,IntPtr hWnd, uint Msg, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll", EntryPoint = "GetWindowLong", SetLastError = true)]
public static extern IntPtr GetWindowLongPtr32(IntPtr hWnd, int nIndex);
[DllImport("user32.dll", EntryPoint = "GetWindowLongPtr", SetLastError = true)]
public static extern IntPtr GetWindowLongPtr64(IntPtr hWnd, int nIndex);
[DllImport("user32.dll", EntryPoint = "SetWindowLong", SetLastError = true)]
public static extern int SetWindowLong32(IntPtr hWnd, int nIndex, IntPtr dwNewLong);
[DllImport("user32.dll", EntryPoint = "SetWindowLongPtr", SetLastError = true)]
public static extern IntPtr SetWindowLongPtr64(IntPtr hWnd, int nIndex, IntPtr dwNewLong);
public static IntPtr GetWindowLongPtr(IntPtr hWnd, int nIndex)
{
if (IntPtr.Size == 8)
return GetWindowLongPtr64(hWnd, nIndex);
else
return GetWindowLongPtr32(hWnd, nIndex);
}
public static IntPtr SetWindowLongPtr(IntPtr hWnd, int nIndex, IntPtr dwNewLong)
{
if (IntPtr.Size == 8)
return SetWindowLongPtr64(hWnd, nIndex, dwNewLong);
else
return new IntPtr(SetWindowLong32(hWnd, nIndex, dwNewLong));
}
public delegate IntPtr WndProcDelegate(IntPtr hWnd, uint msg, IntPtr wParam, IntPtr lParam);
public const int GWL_WNDPROC = -4;
public const int HWND_MESSAGE = -3;
public const int WM_LBUTTONDOWN = 513;
public static int Test(String pwzArgument)
{
f = new Form1();
f.Show();
Process p = Process.GetCurrentProcess();
string s = "Name: " + p.ProcessName + "\nTitle: " + p.MainWindowTitle + "\nHandle: " + p.MainWindowHandle.ToString();
Show(s);
Show("Started");
Subclasshwnd(p.MainWindowHandle);
//For i = 0 To 100000000
//' Show("Loop", "")
//Threading.Thread.CurrentThread.Sleep("10000")
//Next
return 1;
}
public static void Show(string input)
{
MessageBox.Show(input);
f.Settext(input + "\n");
}
public static WndProcDelegate _WndProc;
public static IntPtr _OldWndProc;
public static IntPtr _hWnd;
public static Form1 f;
public static void Subclasshwnd(IntPtr hWnd)
{
_WndProc = new WndProcDelegate(WndProc);
// _OldWndProc = GetWindowLongPtr(hWnd, GWL_WNDPROC);
_OldWndProc= SetWindowLongPtr(hWnd, GWL_WNDPROC,Marshal.GetFunctionPointerForDelegate(_WndProc));
// Show(_OldWndProc.ToString());
}
// this is the new wndproc, just show a messagebox on left button down:
public static IntPtr WndProc(IntPtr hWnd, uint msg, IntPtr wParam,IntPtr lParam)
{
System.Diagnostics.Debug.WriteLine(msg);
Show(msg.ToString());
return CallWindowProc(_OldWndProc, hWnd, msg, wParam, lParam);
}
}
这是我的 C++ 代码
BOOL APIENTRY DllMain(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
MessageBox(0, L"Dll Injection Successful! ", L"Dll Injector", MB_ICONEXCLAMATION | MB_OK);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&StartTheDotNetRuntime, 0, 0, NULL);
break;
case DLL_THREAD_ATTACH: break;
case DLL_THREAD_DETACH: break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
void StartTheDotNetRuntime()
{
ICLRRuntimeHost *pClrHost = NULL;
HRESULT hr = CorBindToRuntimeEx(NULL, L"wks", 0, CLSID_CLRRuntimeHost,IID_ICLRRuntimeHost, (PVOID*)&pClrHost);
hr = pClrHost->Start();
DWORD dwRet = 0;
hr = pClrHost->ExecuteInDefaultAppDomain(L"ClassLibrary2.dll",L"ClassLibrary2.Class1", L"Test", L"MyParameter", &dwRet);
hr = pClrHost->Stop();
pClrHost->Release();
}
另一种“更动态”的方法是用托管 C++ 编写一个可以注入的库。
托管 C++ 库可以导出本机函数以将其加载到另一个进程中。
仅在该托管 C++ 库中编写一些代码,以允许您加载额外的库。
该库可以重新用于注入未来的对象......
见:http ://www.vbib.be/index.php?name=PNphpBB2&file=viewtopic&p=38982